nuclei-templates/vulnerabilities/generic/open-redirect.yaml

49 lines
2.8 KiB
YAML
Raw Normal View History

2021-02-14 11:41:51 +00:00
id: open-redirect
info:
name: Open URL redirect detection
2021-06-09 12:20:56 +00:00
author: afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik
2021-02-14 11:41:51 +00:00
severity: low
description: A user-controlled input redirect users to an external website.
tags: redirect
requests:
- method: GET
path:
- '{{BaseURL}}/example.com/'
- '{{BaseURL}}/example.com//'
- '{{BaseURL}}///;@example.com'
- '{{BaseURL}}///example.com/%2F..'
- '{{BaseURL}}/////example.com'
- '{{BaseURL}}//example.com/%2F..'
- '{{BaseURL}}//example.com/..;/css'
- '{{BaseURL}}/example%E3%80%82com'
- '{{BaseURL}}/%5Cexample.com'
- '{{BaseURL}}/example.com'
- '{{BaseURL}}//example.com/'
- '{{BaseURL}}/%00/example.com/'
- '{{BaseURL}}/%09/example.com/'
- '{{BaseURL}}/%0a/example.com/'
- '{{BaseURL}}/%0d/example.com/'
- '{{BaseURL}}////example.com/%2f%2e%2e'
- '{{BaseURL}}/%5cexample.com/%2f%2e%2e'
- '{{BaseURL}}/{{BaseURL}}example.com'
- '{{BaseURL}}//{{BaseURL}}example.com/'
- '{{BaseURL}}////{{BaseURL}}example.com/%2f%2e%2e'
- '{{BaseURL}}/%5c{{BaseURL}}example.com/%2f%2e%2e'
2021-05-06 22:38:09 +00:00
- '{{BaseURL}}/?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&diexample.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com&ret=example.com&r2=example.com&img=example.com&u=example.com&r=example.com&URL=example.com&AuthState=example.com'
- '{{BaseURL}}/1/_https@example.com'
2021-06-29 11:56:42 +00:00
matchers-condition: and
2021-02-14 11:41:51 +00:00
matchers:
- type: regex
regex:
2021-04-27 14:42:41 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
2021-02-14 11:41:51 +00:00
part: header
2021-06-29 11:56:42 +00:00
- type: status
status:
- 302
- 301