Cheat Sheets | Notion

Obtain XSS → XSS can be achieved using javascript:alert(0) URI
Steal OAUTH tokens → Make redirect_uri the open redirect (pointing at your own website) to intercept oauth tokens.
Gain SSRF → SSRF can be achieved if the server is sending a request to verify the redirected URL exists.
Escalate to RCE → RCE can be gained in a similar fashion to above, at times you can even get LFD
Used in chain attacks
Use to bypass same-origin filters → Bypass same origin by using a redirect

<aside> 💡 Google Dork → ”allinurl:%3Dhttp*” to find redirects in any website.

</aside>