Top 25 Open Redirect Bug Bounty Reports

What is Open Redirect?

https://medium.com/r/?url=https://phising-malicious.com
https://medium.com/r/?url=javascript:alert(document.cookie)

Types of Open Redirect

  1. Reflected: the redirection is being made based on a parameter value set through the URL. It is the most common form of Open Redirection. Some URL parameters that are used to handle redirections:
url
rurl
u
next
link
lnk
go
target
dest
destination
redir
redirect_uri
redirect_url
redirect
r
view
loginto
image_url
return
returnTo
return_to
continue
return_path
path
location
location.host
location.hostname
location.href
location.pathname
location.search
location.protocol
location.assign()
location.replace()
open()
domElem.srcdoc
jQuery.ajax()
$.ajax()
XMLHttpRequest.open()
XMLHttpRequest.send()

How to test for Open Redirects

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect

Top 25 Open Redirect Bug Bounty Reports

Bonus: 10 Zero Dollars Open Redirect Reports

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cristian Cornea

Cristian Cornea

1.7K Followers

🇷🇴 Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer | OSEP | OSWE | OSCP | CEH | CPTC | PenTest+ | eWPT | ECIH