In order to bypass a fix for a open redirect a second time, you may need to get creative with your payload list.
The original issue was exploitable with something like:
Referer: https://mybadsite.com#whitelistedsite.com
After the security patch, it no longer worked. Until I combined it with another payload:
Referer: https://whitelistedsite.com@mybadsite.com#whitelistedsite.com
(Note that whitelistedsite.com@mybadsite.com didn't work on it's own, so that's why it was important to combine the two)
No comments:
Post a Comment