URL Redirect happens when we login, logout, change password or signup, etc.
There is a good chance you might find some so I’ve got some few techniques you can use.
Helped in my case a few time so I recommend giving it a try.
Good ol’ pal, Google. Use google dorking in this manner or find your own.
Also, look up ‘contents’ in the Burp Suite for redirect parameters, Target > Site map > Contents.
Still, none found? don’t worry and just use the App you’re testing and you’ll eventually find one.
Don’t Mess This Up Now
Ok, you must have found one Open redirect vulnerability at least, so you want to report it as fast as possible and hope to not get a duplicate, yeah?
Well sorry to break it up to you but Open redirect vulnerability is mostly considered to be not impactful and probably is as “Out Of Scope” for the company you are testing for.
Let’s make Open URL Redirect you found, Impactful. Shall we?
Making Open Redirect Vulnerability Impactful
The way to make it impactful is to chain it with different types of vulnerabilities.
Try out these:
4. Steal OAuth Token
Most of the time the app doesn’t redirects you to your desired evil site so try just encoding:
Doesn’t work? Literally, try doubling the redirect parameter:
Try out payloads like:
& many, many more
Want a Open Redirect Cheat Sheet?
Pentesterland got it all in one place for us,
I’m very professional with my tweets, follow me and you’ll know, I’m not forcing you 🔪
Thank you for reading.
See you, byeeeeeeee!