Many applications use inconsistent or custom parameter names to handle post-logout redirection, and this is where open redirect, forced navigation, and privilege-related issues often hide.
Whenever you encounter a /logout, /signout, /endSession, or similar endpoint — fuzz it with this list.
Burp Intruder / Turbo Intruder
/logout?§PARAM§=https://attacker.com
post_logout_redirect_uri
logout_redirect_uri
returnTo
return_to
returnURL
returnUrl
return_url
redirect_uri
redirectUrl
redirectURL
redirect_url
redirect
redirectTo
redirect_to
redirectAfterLogout
redirect_after_logout
redirectPostLogout
redirect_post_logout
redirectOnLogout
redirect_on_logout
logoutReturnUrl
logout_return_url
logoutReturnURL
logout_returnURL
logout_returnUrl
postLogoutUrl
post_logout_url
postLogoutURL
post_logout_URL
logoutCallback
logout_callback
logoutCallbackUrl
logout_callback_url
callback
callbackUrl
callbackURL
callback_url
cb
cb_url
next
nextUrl
nextURL
next_url
n
nxt
continue
continueUrl
continueURL
continue_url
cont
contUrl
contURL
cont_url
continuation
continuationUrl
continuationURL
continuation_url
continueTo
continue_to
c
c_url
target
targetUrl
targetURL
target_url
tgt
tgtUrl
tgtURL
tgt_url
dest
destUrl
destURL
dest_url
destination
destinationUrl
destinationURL
destination_url
go
goUrl
goURL
go_url
goto
gotoUrl
gotoURL
goto_url
back
backUrl
backURL
back_url
home
homeUrl
homeURL
home_url
afterLogout
after_logout
afterLogoutUrl
after_logout_url
afterLogoutURL
after_logout_URL
logoutSuccessUrl
logout_success_url
logoutSuccessURL
logout_success_URL
successUrl
successURL
success_url
done
doneUrl
doneURL
done_url
finish
finishUrl
finishURL
finish_url
finalize
finalizeUrl
finalizeURL
finalize_url
forward
forwardUrl
forwardURL
forward_url
fwd
fwdUrl
fwdURL
fwd_url
resume
resumeUrl
resumeURL
resume_url
r
ru
rurl
r_url
backTo
back_to
sendBack
send_back
sendBackUrl
send_back_url
hop
hopUrl
hopURL
hop_url
jump
jumpUrl
jumpURL
jump_url
url
u
uri
u2
u3
landing
landingUrl
landingURL
landing_url
landingPage
landing_page
page
pageUrl
pageURL
page_url
after
afterUrl
afterURL
after_url
onLogout
on_logout
onLogoutUrl
on_logout_url
onLogoutReturn
on_logout_return
ref
refUrl
refURL
ref_url
referenceUrl
referenceURL
reference_url
relay
relayUrl
relayURL
relay_url
relayState
relay_state
rs
rsUrl
rsURL
rs_url
stateReturn
state_return
postLogoutReturn
post_logout_return
postLogoutReturnUrl
post_logout_return_url
plru
plr
pog
pogUrl
pogURL
pog_url
sessEndUrl
sess_end_url
sessionEndUrl
session_end_url
sessionRedirect
session_redirect
sredir
sredir_url
exit
exitUrl
exitURL
exit_url
quit
quitUrl
quitURL
quit_url
done_redirect
doneRedirect
terminationRedirect
termination_redirect
finalRedirect
final_redirect
last
lastUrl
lastURL
last_url
end
endUrl
endURL
end_url
finish_redirect
finished
finishedUrl
finishedURL
finished_url
complete
completeUrl
completeURL
complete_url
completion
completionUrl
completionURL
completion_url
urlAfterLogout
url_after_logout
path
pathUrl
pathURL
path_url
p
pUrl
pURL
p_url
loadUrl
loadURL
load_url
jumpTo
jump_to
link
linkUrl
linkURL
link_url
open
openUrl
openURL
open_url
forwardTo
forward_to
to
toUrl
toURL
to_url
endsession_redirect
endsessionRedirect
esr
esrUrl
esrURL
esr_url
logouturl
logout_url
final
finalUrl
finalURL
final_url
redirectpath
redirect_path
redirectPath
landing_redirect
landingRedirect
user_redirect
userRedirect
x
xurl
x_url
callback_after_logout
callbackAfterLogout
logout_continue
logoutContinue
logoutNext
logout_next
post_redirect
postRedirect
releaseUrl
releaseURL
release_url
leave
leaveUrl
leaveURL
leave_url
departure
departureUrl
departureURL
departure_url
outputUrl
outputURL
output_url
bounceUrl
bounceURL
bounce_url
bounce
bounce_to
reroute
rerouteUrl
rerouteURL
reroute_url
re
reUrl
reURL
re_url
rt
rtUrl
rtURL
rt_url
r2
r2url
r2_url
r3
r3url
r3_url
resumeTo
resume_to
restore
restoreUrl
restoreURL
restore_url
logoutLanding
logout_landing
logoutLandingUrl
logout_landing_url
sl
slUrl
slURL
sl_url.
Happy hacking.
If you find new weird logout param names in the wild - contribute back!