nuclei-templates/http/vulnerabilities/httpbin/httpbin-open-redirect.yaml

id: httpbin-open-redirect

info:
  name: HTTPBin - Open Redirect
  author: Adam Crosser
  severity: medium
  description: HTTPBin contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://github.com/postmanlabs/httpbin
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cwe-id: CWE-601
  metadata:
    max-request: 1
    shodan-query:
      - html:"https://github.com/requests/httpbin"
      - title:"httpbin.org"
  tags: redirect,httpbin,oss

http:
  - method: GET
    path:
      - "{{BaseURL}}/redirect-to?url=https%3A%2F%2Finteract.sh"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'location == "https://interact.sh"'

      - type: status
        status:
          - 302

# digest: 490a00463044021f2a0871ef1ab5ffecbc7a8ed71d0ec24df43090c867118c30ab9b3786e4668a022100b8d85ca6119eaee90332bd430d35158462917b4cb28a3088b964739b12f534ca:922c64590222798bb761d5b6d8e72950
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`id: httpbin-open-redirect`

			`info:`
			`name: HTTPBin - Open Redirect`
			`author: Adam Crosser`
Dashboard Content Enhancements (#6598) Dashboard Content Enhancements 2023-01-23 22:14:23 +00:00			`severity: medium`
Dashboard Content Enhancements (#5704) Dashboard Content Enhancements 2022-10-19 21:11:27 +00:00			`description: HTTPBin contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://github.com/postmanlabs/httpbin`
Dashboard Content Enhancements (#5704) Dashboard Content Enhancements 2022-10-19 21:11:27 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
			`cwe-id: CWE-601`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 1`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`shodan-query:`
			`- html:"https://github.com/requests/httpbin"`
			`- title:"httpbin.org"`
			`tags: redirect,httpbin,oss`

Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`- method: GET`
			`path:`
Fixed possible FPs in open redirect templates (#4544) * Fixed possible FPs in open redirect templates We have replaced example.com with interact.sh since few domains redirect to example.com, which results in FP results. * updated example domain Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-06 10:40:15 +00:00			`- "{{BaseURL}}/redirect-to?url=https%3A%2F%2Finteract.sh"`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: dsl`
			`dsl:`
Fixed possible FPs in open redirect templates (#4544) * Fixed possible FPs in open redirect templates We have replaced example.com with interact.sh since few domains redirect to example.com, which results in FP results. * updated example domain Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-06 10:40:15 +00:00			`- 'location == "https://interact.sh"'`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00
			`- type: status`
			`status:`
Dashboard Content Enhancements (#5704) Dashboard Content Enhancements 2022-10-19 21:11:27 +00:00			`- 302`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 490a00463044021f2a0871ef1ab5ffecbc7a8ed71d0ec24df43090c867118c30ab9b3786e4668a022100b8d85ca6119eaee90332bd430d35158462917b4cb28a3088b964739b12f534ca:922c64590222798bb761d5b6d8e72950`