Skip to main content
在 Manus 中运行任何 Skill
一键导入

open-redirect

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for open redirect (CWE-601), including filter bypasses (//evil.com, backslash tricks, @ userinfo, substring/suffix whitelist flaws, CRLF), redirect_uri / RelayState / next / returnUrl parameter abuse in OAuth/SSO flows, and header/meta-refresh/JS location sinks. Emphasizes its role as a chaining primitive for token theft, phishing, and SSRF filter bypass. Use when reviewing code that redirects a browser to a URL derived from input. Writes confirmed findings to findings/16-open-redirect.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly