open redirect bypass

               Simple Open Redirect Bypass.

Was checking the login page for XSS and other stuff. noticed that the login page had one hidden parameter. "returnToUrl"

Here, Application had some server-side protection which was checking user input URL's. 

Payload : : forbidden

Payload : // : forbidden

Payload:  : forbidden


Bypass Payload: https:///



Popular posts from this blog

Stealing local storage data through XSS