Open Redirection Bypass

This bypass I found in a application while I doing pentesting. I hope it will helps you too!
  1. 1.
    While you I trying to redirect it did not redirected!
  2. 2.
    I Created a new subdomain with with
  3. 4.
    It will successfully redirected to the website!
  4. 5.
    Due to the bad regex it has been successfully bypass their protection!


Reference Tweets: