bp 开放重定向

检查:https://www.bugbountyhunter.com/vulnerability/?type=open_redirect
检查:https://portswigger.net/web-security/ssrf#bypassing-ssrf-filters-via-open-redirection
检查:https://portswigger.net/web-security/dom-based/open-redirection/lab-dom-open-redirection

Lab: DOM-based open redirection
https://portswigger.net/web-security/dom-based/open-redirection/lab-dom-open-redirection

找到审查元素(注意DOM型不是找源代码)中的DOM接收器
image

控制台:debug

var returnUrl = /url=(https?:\/\/.+)/.exec(location);  
console.log("URL Match:", returnUrl);  // 查看匹配结果  
var returnUrl = urlMatch ? urlMatch[1] : "/";  
console.log("Return URL:", returnUrl);  // 查看最终重定向的 URL  
location.href = returnUrl;   //所以就开放重定向了

image

主要接收器:

location
location.host
location.hostname
location.href
location.pathname
location.search
location.protocol
location.assign()
location.replace()
open()
element.srcdoc
XMLHttpRequest.open()
XMLHttpRequest.send()
jQuery.ajax()
$.ajax()
posted @ 2024-10-08 23:04  sec875  阅读(11)  评论(0编辑  收藏  举报