Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
Test whether we can disable the URL hostname prefix using a @ character (which makes everything after the scheme but before the @ character as the authorization), or disabling the URL suffix using ? (indicates beginning of the query string) or # (indicates beginning of URL fragment) characters. This may require adding additional keyword arguments to OpenRedirect#initialize to control whether @, ?, # are added to the test URL.
Test whether we can disable the URL hostname prefix using a
@character (which makes everything after the scheme but before the@character as the authorization), or disabling the URL suffix using?(indicates beginning of the query string) or#(indicates beginning of URL fragment) characters. This may require adding additional keyword arguments toOpenRedirect#initializeto control whether@,?,#are added to the test URL.http://subdomain@evil.com/evil/pathhttp://evil.com/?/valid/pathhttp://evil.com/#/valid/path