open redirect bypass
Simple Open Redirect Bypass.
Was checking the login page for XSS and other stuff. noticed that the login page had one hidden parameter. "returnToUrl"
Here, Application had some server-side protection which was checking user input URL's.
Payload : https://google.com : forbidden
Payload : //google.com : forbidden
Payload: https://18.104.22.168 : forbidden
Bypass Payload: https:///google.com