open redirect bypass

               Simple Open Redirect Bypass.


Was checking the login page for XSS and other stuff. noticed that the login page had one hidden parameter. "returnToUrl"

Here, Application had some server-side protection which was checking user input URL's. 

Payload : https://google.com : forbidden





Payload : //google.com : forbidden





Payload: https://142.250.188.4  : forbidden

 




Bypass Payload: https:///google.com

https://example.com/something/do/login?returnToUrl=https:///google.com





💜

Comments

Popular posts from this blog

Stealing local storage data through XSS

Do not trust client side data chall 1