Skip to main content
Ejecuta cualquier Skill en Manus
con un clic

open-redirect

Estrellas2
Forks1
Actualizado9 de julio de 2026 a las 12:42

SAST detection methodology for open redirect (CWE-601), including filter bypasses (//evil.com, backslash tricks, @ userinfo, substring/suffix whitelist flaws, CRLF), redirect_uri / RelayState / next / returnUrl parameter abuse in OAuth/SSO flows, and header/meta-refresh/JS location sinks. Emphasizes its role as a chaining primitive for token theft, phishing, and SSRF filter bypass. Use when reviewing code that redirects a browser to a URL derived from input. Writes confirmed findings to findings/16-open-redirect.md.

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

SKILL.md
readonly