Collaborate Disseminate
Let’s say I have the following url: https://secure.sub.domain.com/?continue=https://sub.domain.com
I found out that I can put anything I want before sub.domain.com in the continue parameter as long as sub.domain.com is present in that para… Continue reading How to exploit open redirect vulnerability which must contain the original url
Burp highlights DOM open redirection possible with code below. Could anyone explain if this is feasible? Many thanks!
var url = window.location.href;
url = url.replace(/(\?|\&)user_lang=[A-Za-z]{2}/, "");
window.location.href… Continue reading Simple DOM open Redirection quesiton
I am trying to understand various reasons where the browser would block redirects to another site. This lead me to have an understanding of why do sites have an interstitial redirect page which says redirecting you in 5 seconds, please cli… Continue reading When do browsers block automatic redirects?
There are URLs which its only purpose is to redirect the HTTP requestor to a correct website. Say, if I tried to access example.com/0wa/RaNd0m from my computer, it would redirect me to wikipedia.com. But if I tried it from my Virtual Machi… Continue reading Redirection – Different Website from Different Computer
Is there a tool, or a command for linux that can make possible to redirect HTTPS site to another HTTPS site on LAN? i’m using Kali Linux, and all the tools and commands that i found was to redirect HTTP to a local hosted website IP.
I want… Continue reading How do I redirect HTTPS site to another HTTPS site over LAN using a linux?
Let’s assume I have a website where I have to either redirect the user to another URL or include another URL in an iframe, that is given by a GET parameter.
I cannot use HMAC when the URL is created. The site is designed to work with relat… Continue reading Preventing open redirects / xss on a variable return url / iframe
I read about referrer header that some sites use to allow only requests made by the pages of the site. So if I make a page hacker.com, and let this page make a request to https://twitter.com/i/flow/add_phone , twitter will refuse this requ… Continue reading How some sites prevent cross-site requests through referrer although there are redirections allowed
If one is creating pseudo-random base 62 url paths, and one didn’t want those paths to be reasonably vulnerable to brute force attack. How short could they be?
Reasoning
Now one could have expiring short urls and urls expecting to be re… Continue reading How short can a shortened base 62 url path be and be reasonably protected from a brute force attack?
I’ve been looking into my college’s internal alumni network. In that we can send connections to users and when you send a connection request, you’re taken to a url which is: https://www.website.com/yourwall/sent-invite/username/?Sendcon=tr… Continue reading URL editing shows success message, but doesn’t carry out function
Recently I received a text message like this:
“xxx, we’re trying to get a hold of you about your Costco receipt
UUIB-LPZ. Please claim your overcharge reimbursement here
g4svc.info/6Jp1UwFdf.”
Apparently it’s a scam, but I just w… Continue reading Text message clickbait attack from g4svc.info [closed]