top of page

Open Redirect and Its Bypasses - Bug Bounty

Hello folks, If your open redirect reports is resolved, then try these bypasses.

What is Open Redirect?

An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance. For more info

How to find it?

Basic Payloads:-

You can try these basic payloads to test for Open redirect vulnerability on any application;

Here is our website and if redirects you to this, then its vulnerable. If this is resolved then try this payloads:-

If these are resolved, then try these:-

Other Open Redirect Payloads:-\/

Try this Intigriti open redirect payload generator tool here

XSS Payloads for Open redirect:-

java%0d%0ascript%0d%0a:alert(0) j%0d%0aava%0d%0aas%0d%0acrip%0d%0at%0d%0a:confirm`0` java%07script:prompt`0` java%09scrip%07t:prompt`0` jjavascriptajavascriptvjavascriptajavascriptsjavascriptcjavascriptrjavascriptijavascript pjavascriptt:confirm`0`

I have tried these payloads on resolved report and found few targets vulnerable on HackerOne. You can also try

Good Luck!

2,198 views0 comments
bottom of page