2024-03-19 15:34:31 +00:00
id : open-redirect-generic
2021-02-14 11:41:51 +00:00
info :
2022-10-19 21:11:27 +00:00
name : Open Redirect - Detection
2021-06-09 12:20:56 +00:00
author : afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik
2023-01-23 22:14:23 +00:00
severity : medium
2022-10-19 21:11:27 +00:00
description : An open redirect vulnerability was detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cwe-id : CWE-601
2023-04-28 08:11:21 +00:00
metadata :
2023-06-21 21:03:53 +00:00
max-request : 93
2023-06-08 04:10:40 +00:00
tags : redirect,generic
2021-02-14 11:41:51 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-12-10 14:42:59 +00:00
- method : GET
path :
- "{{RootURL}}/{{redirect}}"
2021-02-14 11:41:51 +00:00
2021-12-26 15:23:11 +00:00
payloads :
redirect :
2022-12-10 14:42:59 +00:00
- '%0a/evil.com/'
- '%0d/evil.com/'
- '%00/evil.com/'
- '%09/evil.com/'
- '%5C%5Cevil.com/%252e%252e%252f'
- '%5Cevil.com'
- '%5cevil.com/%2f%2e%2e'
- '%5c{{RootURL}}evil.com/%2f%2e%2e'
- '../evil.com'
- '.evil.com'
- '/%5cevil.com'
- '////\;@evil.com'
- '////evil.com'
- '///evil.com'
- '///evil.com/%2f%2e%2e'
- '///evil.com@//'
- '///{{RootURL}}evil.com/%2f%2e%2e'
- '//;@evil.com'
- '//\/evil.com/'
- '//\@evil.com'
- '//\evil.com'
- '//\tevil.com/'
- '//evil.com/%2F..'
- '//evil.com//'
2022-06-25 07:08:56 +00:00
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
2022-12-10 14:42:59 +00:00
- '//evil.com@//'
- '//evil.com\tevil.com/'
2024-05-31 17:06:15 +00:00
- '//https://evil.com//'
2022-12-10 14:42:59 +00:00
- '/<>//evil.com'
- '/\/\/evil.com/'
- '/\/evil.com'
- '/\evil.com'
- '/evil.com'
- '/evil.com/%2F..'
- '/evil.com/'
- '/evil.com/..;/css'
- '/https:evil.com'
- '/{{RootURL}}evil.com/'
- '/〱evil.com'
- '/〵evil.com'
- '/ゝevil.com'
- '/ーevil.com'
- '/ーevil.com'
- '<>//evil.com'
- '@evil.com'
- '@https://evil.com'
- '\/\/evil.com/'
- 'evil%E3%80%82com'
- 'evil.com'
- 'evil.com/'
- 'evil.com//'
- 'evil.com;@'
- 'https%3a%2f%2fevil.com%2f'
- 'https:%0a%0devil.com'
- 'https://%0a%0devil.com'
- 'https://%09/evil.com'
- 'https://%2f%2f.evil.com/'
- 'https://%3F.evil.com/'
- 'https://%5c%5c.evil.com/'
- 'https://%5cevil.com@'
- 'https://%23.evil.com/'
- 'https://.evil.com'
- 'https://////evil.com'
- 'https:///evil.com'
- 'https:///evil.com/%2e%2e'
- 'https:///evil.com/%2f%2e%2e'
- 'https:///evil.com@evil.com/%2e%2e'
- 'https:///evil.com@evil.com/%2f%2e%2e'
- 'https://:80#@evil.com/'
- 'https://:80?@evil.com/'
- 'https://:@\@evil.com'
- 'https://:@evil.com\@evil.com'
- 'https://;@evil.com'
- 'https://\tevil.com/'
- 'https://evil.com/evil.com'
- 'https://evil.com/https://evil.com/'
- 'https://www.\.evil.com'
- 'https:/\/\evil.com'
- 'https:/\evil.com'
- 'https:/evil.com'
- 'https:evil.com'
- '{{RootURL}}evil.com'
- '〱evil.com'
- '〵evil.com'
- 'ゝevil.com'
- 'ーevil.com'
- 'ーevil.com'
- 'redirect/evil.com'
- 'cgi-bin/redirect.cgi?evil.com'
- 'out?evil.com'
- 'login?to=http://evil.com'
2023-02-07 04:49:11 +00:00
- '1/_https@evil.com'
2023-06-08 00:03:21 +00:00
- 'redirect?targeturl=https://evil.com'
2024-05-31 17:06:15 +00:00
2021-09-02 11:59:10 +00:00
stop-at-first-match : true
2023-10-14 11:27:55 +00:00
2021-06-29 11:56:42 +00:00
matchers-condition : and
2021-02-14 11:41:51 +00:00
matchers :
- type : regex
2023-01-07 19:00:41 +00:00
part : header
2021-12-13 15:08:21 +00:00
regex :
2023-03-01 08:39:14 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
2021-06-29 11:56:42 +00:00
- type : status
status :
- 301
2021-12-13 15:08:21 +00:00
- 302
- 307
2021-12-26 15:23:11 +00:00
- 308
2022-06-25 07:08:56 +00:00
condition : or
2024-05-31 17:40:57 +00:00
# digest: 4b0a00483046022100f4fe9201a11ea90485c2a26c406a0dbecb9ea8e674bf3ccbcaf01ed4c57421c3022100a9c075d4a231b4acd4adfce87b2f858c65cb9dc3b896d7b07759c4395e0be18f:922c64590222798bb761d5b6d8e72950