URL isn't validated at all: ?redirect_uri=https://attacker.com
Subdomains allowed (Subdomain Takeover or Open redirect on those subdomains): ?redirect_uri=https://sub.twitterdeck.com
The host is validated, but the path isn't Chain open redirect): ?redirect_uri=https://twitterdeck.com/callback?redirectUrl=https://evil.com
The host is validated, but the path isn't (Referer leakages): Include external content on the HTML page and leak code via Referer
Weak Regexes
Bruteforcing the URL encoded chars after host: redirect_uri=https://twitterdeck.com§FUZZ§
Bruteforcing the keywords whitelist after host (or on any whitelist open redirect filter): ?redirect_uri=https://§FUZZ§.com
URI validation in place: use typical open redirect payloads
Last updated 2 years ago
