Open Redirection Bypass
This bypass I found in a application while I doing pentesting. I hope it will helps you too!
- 1.While you I trying to redirect https://targetweb.com?url=http://attackersite.com it did not redirected!
- 2.I Created a new subdomain with with www.targetweb.com.attackersite.com
- 3.
- 4.It will successfully redirected to the www.targetweb.com.attackersite.com website!
- 5.Due to the bad regex it has been successfully bypass their protection!