0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] one page and one asset modified

Browse source
This commit is contained in:
CPol 2021-05-27 11:01:09 +00:00 committed by gitbook-bot
parent 9e80c3be33
commit 6d5010301b
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gitbook/assets/image (495).png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 447 KiB

25
pentesting-web/open-redirect.md
View file

@ -81,6 +81,31 @@ XSS from data:// wrapper
http://www.example.com/redirect.php?url=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+Cg==
```
Username
```php
https://www.victim.com@attacker.com
https://www.victim.com(\u2044)some(\u2044)path(\u2044)(\u0294)some=param(\uff03)hash@attacker.com
```
IP formats
```php
216.58.215.78 -- Regular
3627734862 -- Decimal
0330.0072.0327.0116 -- Octal
00000330.00000072.00000327.00000116 -- Octal with junk zeros
0xd83ad74e -- Hex
0xd8.0x3a.0xd7.0x4e -- Hex (dot sepparated)
0x000000d8.0x0000003a.0x000000d7.0x0000004e -- Hex (dot sepparated) with junk zeros
```
You can also mix the different IP formats:
![](../.gitbook/assets/image%20%28495%29.png)
You can play with the different IP formats in [https://www.silisoftware.com/tools/ipconverter.php](https://www.silisoftware.com/tools/ipconverter.php)
Parsing
```text