daffainfo
/
AllAboutBugBounty
mirror of https://github.com/daffainfo/AllAboutBugBounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding a lot open redirect tips

pull/3/head
MD15 2021-04-29 04:41:34 +07:00
parent 5428e25125
commit db67aa4646
1 changed files with 48 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
Open Redirect.md
View File

@ -1,66 +1,90 @@
## Filter Bypass ## Open Redirect
1. Using a whitelisted domain or keyword 1. Try change the domain
``` ```
target.com.evil.com /?redir=evil.com
``` ```
2. Using "//" to bypass "http" blacklisted keyword 2. Using a whitelisted domain or keyword
``` ```
//evil.com /?redir=target.com.evil.com
``` ```
3. Using "https:" to bypass "//" blacklisted keyword 3. Using `//` to bypass `http` blacklisted keyword
``` ```
https:evil.com /?redir=//evil.com
``` ```
4. Using "\/\/" to bypass "//" blacklisted keyword (Browsers see \/\/ as //) 4. Using `https:` to bypass `//` blacklisted keyword
``` ```
\/\/evil.com/ /?redir=https:evil.com
/\/evil.com/
``` ```
5. Using "%E3%80%82" to bypass "." blacklisted character 5. Using `\\` to bypass `//` blacklisted keyword
```
/?redir=\\evil.com
```
6. Using `\/\/` to bypass `//` blacklisted keyword
```
/?redir=\/\/evil.com/
/?redir=/\/evil.com/
```
7. Using `%E3%80%82` to bypass `.` blacklisted character
``` ```
/?redir=evil。com /?redir=evil。com
/?redir=evil%E3%80%82com /?redir=evil%E3%80%82com
``` ```
6. Using null byte "%00" to bypass blacklist filter 8. Using null byte `%00` to bypass blacklist filter
``` ```
//evil%00.com /?redir=//evil%00.com
``` ```
7. Using parameter pollution 9. Using parameter pollution
``` ```
?next=target.com&next=evil.com /?next=target.com&next=evil.com
``` ```
8. Using "@" character, browser will redirect to anything after the "@" 10. Using `@` or `%40` character, browser will redirect to anything after the `@`
``` ```
target.com@evil.com /?redir=target.com@evil.com
target.com%40evil.com /?redir=target.com%40evil.com
``` ```
9. Creating folder as their domain 11. Creating folder as their domain
``` ```
http://www.yoursite.com/http://www.theirsite.com/ http://www.yoursite.com/http://www.theirsite.com/
http://www.yoursite.com/folder/www.folder.com http://www.yoursite.com/folder/www.folder.com
``` ```
10. Using "?" characted, browser will translate it to "/?" 12. Using `?` characted, browser will translate it to `/?`
``` ```
http://www.yoursite.com?http://www.theirsite.com/ /?redir=target.com?evil.com
http://www.yoursite.com?folder/www.folder.com
``` ```
11. Host/Split Unicode Normalization 13. Bypass the filter if it only checks for domain name using `%23`
```
/?redir=target.com%23evil.com
```
14. Host/Split Unicode Normalization
``` ```
https://evil.c℀.example.com https://evil.c℀.example.com
``` ```
12. Using parsing 15. Using parsing
``` ```
http://ⓔⓥⓘⓛ.ⓒⓞⓜ http://ⓔⓥⓘⓛ.ⓒⓞⓜ
``` ```
16. Using `°` symbol to bypass
```
/?redir=target.com/°evil.com
```
17. Bypass the filter if it only allows yoou to control the path using a nullbyte `%0d` or `%0a`
```
/?redir=/%0d/evil.com
```