Three Cases, Three Open Redirect Bypasses


today i will write about three cases i faced and i manged to bypass the redirect in all

Introduction into bypass redirect :

in all redirect cases i look into different areas

1- before the http protocol so we can use

2- in www area and before the redirect domain (i will take about )

3- is after the .com so we can use @

4- after the port for example

in this three areas we can bypass the redirection (not in all)

#Case 1:

in this case the there was a redirect parameter called ?redirect= redirect to , i found that i can play only with www

so i tried to but not worked , so i tried to look into what characters allowed that i could use to make break between mytarget and , i found that backslash is allowed here so i made\\ , not worked also i was getting Forbidden response , after some time i realized that i have to put .mytarget

so the final URL was\\ and i get redirect to domain

#Case 2:

in this case there was a parameter called ?ref= that redirect users to the main domain , i found that i can play with www so it looks the same as case 1 for me , However it’s different way

the parameter not accept any character that we can use to make break as we do in case 1 , after sometime i got an idea that we can deceive our target and it was @ , if i put it accept it so as we do in case 1\\ , oh i forget that i will get redirect to in the final destination , what can i do here?

what about\\ ? yes it worked and the final URL was\\ and we getting redirect to

#Case 3:

in this case i used

the redirect endpoint was ?redirect= , you think we can use anything like case 1 or 2 ? no all i used in the previous cases not accepted here, so after i look into the above link , i can use only “%E3%80%82” to bypass “.” blacklisted character , the %E3%80%82 it makes new line /space

the final URL was

and we get redirect to

I hope you enjoyed this reading,

Happy Hunting!