Add Host/Split Unicode Normalization

Add Host/Split Exploitable Antipatterns in Unicode Normalization BH 2019 for filter bypass
This commit is contained in:
Ricardo 2019-08-30 08:57:22 +01:00 committed by GitHub
parent c6824e7aa9
commit 0625e2aebf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -114,6 +114,12 @@ http://www.yoursite.com/http://www.theirsite.com/
http://www.yoursite.com/folder/www.folder.com
```
Host/Split Unicode Normalization
```powershell
https://evil.c℀.example.com . ---> https://evil.ca/c.example.com
http://a.comX.b.com
```
XSS from Open URL - If it's in a JS variable
```powershell
@ -169,4 +175,6 @@ http://www.example.com/redirect.php?url=javascript:prompt(1)
* [OWASP - Unvalidated Redirects and Forwards Cheat Sheet](https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet)
* [Cujanovic - Open-Redirect-Payloads](https://github.com/cujanovic/Open-Redirect-Payloads)
* [Pentester Land - Open Redirect Cheat Sheet](https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html)
* [Open Redirect Vulnerability - AUGUST 15, 2018 - s0cket7](https://s0cket7.com/open-redirect-vulnerability/)
* [Open Redirect Vulnerability - AUGUST 15, 2018 - s0cket7](https://s0cket7.com/open-redirect-vulnerability/)
* [Host/Split
Exploitable Antipatterns in Unicode Normalization - BlackHat US 2019](https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf)