← All Challenges
Challenge 35 of 66

Redirect Rogue

🟠 Hard Web App +100 XP

A login page redirects users after auth via ?redirect= parameter. Abuse it to redirect to an attacker-controlled site.

Redirect Rogue // sandbox
Try setting redirect= to an external URL. Some filters can be bypassed with //evil.com or @evil.com.

🏆 Challenge Complete!

+100 XP earned
Next Challenge →
← Prev Next →