Open Redirect

Last modified: 2023-06-13


It accepts a user-controlled input that specifies a link to an external site and uses that link in a redirect.

<!-- "%E3%80%82" is "." -->
<!-- "%0d" is newline  -->

Unrestricted QR Code Scanning


If website (or mobile application) has the function for scanning QR code but not restricts URL, we can let it to read malicious QR code.

1. Generate QR Code

First, we need to create a malicious QR code. There are many online tools for generating it.

2. Read Malicious QR Code in the Application

After generating the QR code, read the QR code in the target application.
If the application does not validate the URL, we can access to the malicious URL.