0xblackbird

Open redirect bypasses

• Simply try to change the domain

  Example: ?redirect=https://example.com --> ?redirect=https://evil.com

• Bypass the filter when protocol is blacklisted using //

  Example: ?redirect=https://example.com --> ?redirect=//evil.com