-
Notifications
You must be signed in to change notification settings - Fork 0
/
openredirects.html
92 lines (88 loc) · 5.1 KB
/
openredirects.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Open Redirects</title>
<link rel="stylesheet" href="styles/sommaire.css">
</head>
<body>
<br>
<h2><a href="https://cutt.ly/Xz0Lu4C" target="_blank" class="bg1">Open redirects</a></h2>
<div class="blue">
<ul>
<li>
<a href="https://www.acunetix.com/blog/web-security-zone/unvalidated-redirects-and-forwards/" target="_blank">Unvalidated Redirects and Forwards</a> |
<a href="https://portswigger.net/web-security/dom-based/open-redirection" target="_blank">DOM-based open redirection</a> |
<a href="https://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601</a> |
<a href="https://www.w3.org/QA/Tips/reback" target="_blank">HTTP (Redirect|</a><a href="https://tools.ietf.org/html/rfc6797">Refresh</a>) |
<a href="https://tools.ietf.org/html/rfc6797">HSTS</a> |
<a href="https://www.w3.org/TR/upgrade-insecure-requests/">Upgrade Insecure Requests</a> |
<a href="https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#3xx_redirection" target="_blank">3xx redirection</a> |
<a href="https://www.youtube.com/playlist?list=PLxeJU39M7tLGomyEyp-HQ-_T0yYhrDfHk" target="_blank">Playlist</a>
</li>
</ul>
</div>
<h2><a href="https://www.youtube.com/watch?v=ZpLHJTJLlrU&t=604s" target="_blank">Exploit</a></h2>
<div class="green">
<ul>
<li>
<a href="https://www.youtube.com/watch?v=_i17MaZaJHM&t=1405s" target="_blank">Click-fraud monetization</a> |
<a href="https://blog.rapid7.com/2012/02/21/metasploit-javascript-keylogger/" target="_blank">Pay-per-click advertising (PPC)</a> |
<a href="https://www.youtube.com/watch?v=eYh7A6s9u14&t=80s" target="_blank">Domain generation algorithm</a> |
<a href="https://blog.rapid7.com/2012/02/21/metasploit-javascript-keylogger/" target="_blank">Domain-flux</a> |
<a href="https://blog.rapid7.com/2012/02/21/metasploit-javascript-keylogger/" target="_blank">Web advertising</a> |
<a href="https://blog.rapid7.com/2012/02/21/metasploit-javascript-keylogger/" target="_blank">Web tracking</a>
</li>
</ul>
</div>
<h2><a href="https://youtu.be/GY7MWbdkdas?t=650">GitHub</a></h2>
<div class="red">
<ul>
<li><a href="https://bounty.github.com/researchers/tomvangoethem.html#open-redirect-20140130" target="_blank">
Open redirect (01.'14)</a> |
<a href="https://bounty.github.com/researchers/nealpoole.html" target="_blank">Path-based open redirect (02.'14)</a> |
<a href="https://bounty.github.com/researchers/niro982.html#unvalidated-redirect-in-github-com-20140205" target="_blank">Unvalidated redirect in GitHub.com (02.'14)</a> |
<a href="https://bounty.github.com/researchers/adob.html#open-redirect-20140206" target="_blank">Open redirect (02.'14)</a> |
<li><a href="https://bounty.github.com/researchers/avlidienbrunn.html#insufficient-oauth-redirect-url-validation-20141031" target="_blank">Insufficient OAuth redirect URL validation (10.'14)</a> |
<a href="https://bounty.github.com/researchers/avlidienbrunn.html#insufficient-oauth-redirect-url-validation-20160323" target="_blank">Insufficient OAuth redirect URL validation (03.'16)</a> |
<a href="https://bounty.github.com/researchers/kamilhism.html#gist-archive-download-content-spoofing-20160720" target="_blank">Gist archive download content spoofing (07.'16)</a></li>
</ul>
</div>
<h2><a href="https://github.com/arkadiyt/bounty-targets-data/blob/master/data/domains.txt">IDOR</a></h2>
<div class="orange">
<ul>
<li>
<a href="https://en.wikipedia.org/wiki/Insecure_direct_object_reference" target="_blank">Insecure Direct Object Reference</a> |
<a href="https://www.acunetix.com/websitesecurity/directory-traversal/" target="_blank">Directory Transversal</a>
</li>
</ul>
</div>
<!--
<h2>Languages</h2>
<div class="violet">
<ul>
<li><a href="languages/javascript.html">JavaScript</a> | <a href="languages/python.html" target="_blank">Python</a> | Go</li>
</ul>
</div>
<h2>Entrepreneurship</h2>
<div class="orange">
<ul>
<li><a href="entrepreneurship/projects.html">Projects</a></li>
</ul>
</div>
<h2>Literature</h2>
<div class="cyan">
<ul>
<li><a href="methodology/frameworks.html" target="_blank">Essays</a> |
<a href="https://www.youtube.com/watch?v=ek-BHosM5us" target="_blank">Novel</a></li>
</ul>
</div>
<h2>History</h2>
<div class="magenta">
<ul>
<li><a href="https://kontrekulture.com/produit/un-millenaire-de-trois-siecles-livre-numerique/" target="_blank">Recentism</a> | Archeology</li>
</ul>
</div> -->
</body>
</html>