Open redirect: Meta --> YouTube Redirection Chain

calendar Jan 12, 2026  ยท
Share on: linkedin copy

Message contains use of a redirect chain which involves Meta and YouTube. This has been exploited in the wild.

Sublime rule (View on GitHub)

 1name: "Open redirect: Meta --> YouTube Redirection Chain"
 2description: |
 3    Message contains use of a redirect chain which involves Meta and YouTube. This has been exploited in the wild.
 4type: "rule"
 5severity: "medium"
 6source: |
 7  type.inbound
 8  and any(body.links,
 9          .href_url.domain.domain == "l.work.meta.com"
10          // the redirect field
11          and strings.icontains(.href_url.query_params, "u=")
12          and regex.icontains(.href_url.query_params,
13                              'u=(?:https?)?(?:(?:%3a|\:)?(?:\/|%2f){2})?youtube\.com[^\&]*\/+logout.*continue='
14          )
15  )  
16attack_types:
17  - "Credential Phishing"
18tactics_and_techniques:
19  - "Open redirect"
20detection_methods:
21  - "Sender analysis"
22  - "URL analysis"
23id: "f217fd10-48fe-553a-8e63-4da9fb3fbc64"
to-top