Open redirect vulnerability

SnowOverride ❄️
Sep 14 · 2 min read

Waybackurls

Google dork

inurl:url=https

inurl:url=http

inurl:u=https

inurl:u=http

inurl:redirect?https

inurl:redirect?http

inurl:redirect=https

inurl:redirect=http

inurl:link=http

inurl:link=https

Burppppp!!

Don’t Mess This Up Now

Making Open Redirect Vulnerability Impactful

Some Bypasses

https://example.com/login?redirect=https%3A%2F%2Fevil.com%2F
https://example.com/login?redirect=https%3A%2F%2Fevil.com%2F %3Fredirect=https%3A%2F%2Fevil.com%2F
https://example.com/login?redirect=\/google.com 
https://example.com/login?redirect=\/\/google.com
https://example.com/login?redirect=\\google.com
https://example.com/login?redirect=@google.com
https://yoursite?u=example.com
https://example.com/https://google.com
https://example.com/login?redirect=//google。com

Want a Open Redirect Cheat Sheet?

Finishing Up

SnowOverride ❄️

Written by

Senior security researcher & Sysadmin at @[redacted] ../../../Bug Bounty Hunter

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade