Merge pull request #88 from ricardojba/patch-1

Add Host/Split Unicode Normalization
2024-12-13 14:52:53 +00:00 · 2019-08-30 10:03:46 +02:00 · 2019-08-30 10:03:46 +02:00 · 2a4c4f46b2
commit 2a4c4f46b2
parent c6824e7aa9 0625e2aebf
1 changed files with 9 additions and 1 deletions
--- a/Redirect/README.md
+++ b/Redirect/README.md
@ -114,6 +114,12 @@ http://www.yoursite.com/http://www.theirsite.com/
 http://www.yoursite.com/folder/www.folder.com
 ```

+Host/Split Unicode Normalization
+```powershell
+https://evil.c℀.example.com . ---> https://evil.ca/c.example.com
+http://a.com／X.b.com
+```
+
 XSS from Open URL - If it's in a JS variable

 ```powershell
@ -170,3 +176,5 @@ http://www.example.com/redirect.php?url=javascript:prompt(1)
 * [Cujanovic - Open-Redirect-Payloads](https://github.com/cujanovic/Open-Redirect-Payloads)
 * [Pentester Land - Open Redirect Cheat Sheet](https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html)
 * [Open Redirect Vulnerability - AUGUST 15, 2018 - s0cket7](https://s0cket7.com/open-redirect-vulnerability/)
+* [Host/Split
+Exploitable Antipatterns in Unicode Normalization - BlackHat US 2019](https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf)