nuclei-templates/http/vulnerabilities/generic/request-based-interaction.yaml

63 lines
1.5 KiB
YAML
Raw Normal View History

id: request-based-interaction
2021-09-28 09:48:26 +00:00
info:
name: OOB Request Based Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed DNS Name from the request.
reference:
- https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
metadata:
max-request: 5
2023-10-14 11:27:55 +00:00
tags: oast,ssrf,generic
2021-09-28 09:48:26 +00:00
http:
2021-09-28 09:48:26 +00:00
- raw:
- |+
GET / HTTP/1.1
Host: {{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET / HTTP/1.1
Host: @{{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET http://{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET @{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET {{interactsh-url}}:80/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
2023-10-14 11:27:55 +00:00
2021-09-29 21:56:16 +00:00
matchers-condition: or
2021-09-28 09:48:26 +00:00
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
2021-09-29 21:56:16 +00:00
- type: word
part: interactsh_protocol
2021-09-29 22:01:03 +00:00
name: dns
2021-09-29 21:56:16 +00:00
words:
2021-09-29 22:01:03 +00:00
- "dns"
# digest: 4a0a0047304502210096725136657e1731cba6a6fe3dbc2be6799a66384358dc5b7df06aedf48ba439022022cdb4f4ee3905a4bd7f7326b079f96f64501fafb16859d1def4410fc636a180:922c64590222798bb761d5b6d8e72950