Let's imagine the scenario: /register?redirectUrl=//bounty,com - redirect to bounty,com Now try an XSS payload: /register?redirectUrl=javascript:alert (1) - usually blocked by WAF's Try this awesome ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results