nuclei-templates/vulnerabilities/netsweeper/netsweeper-open-redirect.yaml

22 lines
646 B
YAML
Raw Normal View History

2021-12-06 16:38:54 +00:00
id: netsweeper-open-redirect
info:
name: Netsweeper 4.0.9 - Open Redirection
author: daffainfo
severity: medium
description: Netsweeper version 4.0.9 was vulnerable to an Unauthenticated and Authenticated Open Redirect vulnerability.
reference:
- https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
2021-12-06 16:38:54 +00:00
tags: netsweeper,redirect
requests:
- method: GET
path:
- "{{BaseURL}}/webadmin/authportal/bounce.php?url=https://example.com/"
matchers:
- type: regex
2021-12-07 08:13:29 +00:00
part: header
2021-12-06 16:38:54 +00:00
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'