Bypassing Domain Name Whitelist Detection Using the URL Feature - Code World

Bypassing Domain Name Whitelist Detection Using the URL Feature

Others 2022-04-27 11:20:31 views: 0

Take URL jumping as an example: URL jumping vulnerabilities mainly use the browser's support for URL features to bypass some protections that are not rigorous in regular matching.

1.“@”
http://www.target.com/redirecturl=http://[email protected]

2.“\”
http://www.target.com/redirecturl=http://evil.com\a.whitelist.com

3.“?”
http://www.target.com/redirecturl=http://evil.com?a.whitelist.com

4.“#”
http://www.target.com/redirecturl=http://evil.com#a.whitelist.com

The above problems will not only affect the protection of URL redirection vulnerabilities, but also may exist wherever URL whitelist detection is involved, such as: WeChat, QQ, etc. detection of URLs in chat content; detection of articles/forum posts, etc. whether an external image is inserted in; [remote] file inclusion/reading; etc.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325545910&siteId=291194637

Bypassing Domain Name Whitelist Detection Using the URL Feature

get domain name from url using java

Whitelist configuration for nginx domain name access

Domain name, host name and URL

Domain name and URL of each part

WeChat domain name detection, WeChat domain name interception interface sharing

360 whitelist security domain authentication domain _360 _360 green magic mirror out of 100 points _ domain name white list domain

Domain name hijacking detection and response methods

Share a domain name Tencent interception detection api

cmd domain name to take effect detection

WeChat domain name interception detection protocol

Wechat Domain Name Detection New System

The process of accessing a URL (domain name) behind

C++ get host domain name in URL

Method of extracting domain name from URL with Python

URL, URL, domain name, IP address, DNS, domain name resolution, only for you to successfully access

CloudFlare Workers setup using a custom domain name

host - the host name using a domain name server query

Micro-letter domain name api interface detection principle Secret

Micro-letter domain name interception detection - decryption mechanisms and principles

The first time vue-router is added to the URL is the domain name /#/path, and the second click is the domain name /?#/path

OpenCV using the picture feature point detection and matching (C ++)

Python2 query domain name (URL) Expires

Android parses the http url domain name with _, and the problem of parsing error occurs

vb6 gets domain name case code from URL

Seems to be no use of a domain name query verification system source code, domain name query using genuine source

Chapter 13 Using Bind Providing Domain Name Service

Haproxy stop using the domain name block access to a subdirectory reported 403

Implement a super simple dynamic domain name using Dnspod's API

Technology | Using Deep Learning to Detect DGA (Domain Name Generation Algorithm)

Recommended

Ranking

Empire cms smart tag calls four first-level recommended articles, starting from the fourth article

Linux environment installation and configuration Elasticsearch7.17

Big Data processing architecture and Lambda Kappa architecture

Explore the top of the AI large model platform - Wenxin Qianfan

Beijing car PK10 lucky airship Guanya size and value of the odd and even tips

W3B x Sui Hacker House｜In-depth understanding of Sui and Move language

Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)

Comprehensively improve AD domain security authentication | Zhuyun IDaaS

Android Update Engine Analysis (24) What happened when making the downgrade package?

Spark Architecture and Operating Mechanism (1) - System Architecture

Daily

More

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)