Top 25 Open Redirect Bug Bounty Reports

What is Open Redirect?

https://medium.com/r/?url=https://phising-malicious.com
https://medium.com/r/?url=javascript:alert(document.cookie)

Types of Open Redirect

url
rurl
u
next
link
lnk
go
target
dest
destination
redir
redirect_uri
redirect_url
redirect
r
view
loginto
image_url
return
returnTo
return_to
continue
return_path
path
location
location.host
location.hostname
location.href
location.pathname
location.search
location.protocol
location.assign()
location.replace()
open()
domElem.srcdoc
jQuery.ajax()
$.ajax()
XMLHttpRequest.open()
XMLHttpRequest.send()

How to test for Open Redirects

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect

Top 25 Open Redirect Bug Bounty Reports

Bonus: 10 Zero Dollars Open Redirect Reports

--

--

--

Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Proposal for a Long-Term Post-Quantum Transitioning Strategy for the Broadband Industry via…

A Proposal for a Long-Term Post-Quantum Transitioning Strategy for the Broadband Industry via Composite Crypto and PQPs

DeCredit Weekly Report(Sep 13th-Sep 19th,2021)

Protect Your Accounts With Two-Factor Authentication (2FA)

Protect Your Accounts With Two-Factor Authentication (2FA)

Distinguish BIVE and VRA: 2 types of Tokens used on BIZVERSE

Ethereum Push Notification Service (EPNS)

DoDreamchain (DRM) Posting Event

ANNOUNCING THE GAME CHANGER #GAMEJET JET TOKEN PRESALE EVENT!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cristian Cornea

Cristian Cornea

Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer.

More from Medium

CrowSec EdTech Write-Up: Poisoning

Brooklyn 99 CTF - Process and Report

Public key infraestructure — PKI

Paper — HackTheBox — Writeup — Web App Penetration Testing (Web App Hack