nuclei-templates/http/vulnerabilities/generic/request-based-interaction.yaml

60 lines
1.3 KiB
YAML
Raw Normal View History

id: request-based-interaction
2021-09-28 09:48:26 +00:00
info:
name: OOB Request Based Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed DNS Name from the request.
reference:
- https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
2021-10-18 20:40:26 +00:00
tags: oast,ssrf,generic
metadata:
max-request: 5
2021-09-28 09:48:26 +00:00
http:
2021-09-28 09:48:26 +00:00
- raw:
- |+
GET / HTTP/1.1
Host: {{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET / HTTP/1.1
Host: @{{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET http://{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET @{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET {{interactsh-url}}:80/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
2021-09-29 21:56:16 +00:00
matchers-condition: or
2021-09-28 09:48:26 +00:00
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
2021-09-29 21:56:16 +00:00
- type: word
part: interactsh_protocol
2021-09-29 22:01:03 +00:00
name: dns
2021-09-29 21:56:16 +00:00
words:
2021-09-29 22:01:03 +00:00
- "dns"