mirror of
https://github.com/fuzzdb-project/fuzzdb.git
synced 2025-02-23 03:18:25 +00:00
doc page 1.0 for open redirect patterns
This commit is contained in:
parent
05c9d033fb
commit
e951c9f277
1 changed files with 16 additions and 0 deletions
16
attack/redirect/README.md
Normal file
16
attack/redirect/README.md
Normal file
|
@ -0,0 +1,16 @@
|
|||
* redirect-injection-template.txt
|
||||
* Patterns for injecting into a value for attempting to bypass many input validation filters that intended to only allow only relative links on the same origin.<br>
|
||||
* redirect-urls-template.txt
|
||||
* URL patterns that commonly lead to open redirect. <br>
|
||||
|
||||
<b>Payload file Usage:</b> <br>
|
||||
Replace {target} with ip or hostname and path, Examples: <br>
|
||||
* evil.com <br>
|
||||
* evil.com/badurl<br>
|
||||
* 1.2.3.4 <br>
|
||||
* 134744072<br>
|
||||
|
||||
<b>Filter bypass testing techniques:</b><br>
|
||||
* If periods are being stripped by the filter so that evil.com becomes evilcom, try converting the ip address to decimal notation form.
|
||||
http://www.geektools.com/geektools-cgi/ipconv.cgi
|
||||
* Try URL-encoding the replacement value for {target}
|
Loading…
Add table
Reference in a new issue