From 01535dd36ab0bba9f03729de84ce1175a1e911db Mon Sep 17 00:00:00 2001
From: Afaq <45089292+afaq1337@users.noreply.github.com>
Date: Sun, 14 Feb 2021 13:29:18 +0500
Subject: [PATCH] added new signatures for URL Redirect

Update double quotes with single quotes against escaping, and added new signatures
---
 vulnerabilities/generic/url-redirect.yaml | 46 +++++++++++++++++------
 1 file changed, 35 insertions(+), 11 deletions(-)

diff --git a/vulnerabilities/generic/url-redirect.yaml b/vulnerabilities/generic/url-redirect.yaml
index 0017e286b2..7339b63d87 100644
--- a/vulnerabilities/generic/url-redirect.yaml
+++ b/vulnerabilities/generic/url-redirect.yaml
@@ -2,7 +2,7 @@ id: open-redirect
 
 info:
   name: Open redirect Detection
-  author: melbadry9 & Elmahdi & @pxmme1337 & @Regala_ & @andirrahmani1 & geeknik
+  author:afaq melbadry9 & Elmahdi & @pxmme1337 & @Regala_ & @andirrahmani1 & geeknik
   severity: low
   description: A user-controlled input redirect users to an external website.
   tags: redirect
@@ -11,16 +11,40 @@ requests:
   - method: GET
 
     path:
-      - "{{BaseURL}}/evil.com/"
-      - "{{BaseURL}}/evil.com//"
-      - "{{BaseURL}}///;@evil.com"
-      - "{{BaseURL}}///evil.com/%2F.."
-      - "{{BaseURL}}/////evil.com"
-      - "{{BaseURL}}//evil.com/%2F.."
-      - "{{BaseURL}}//evil.com/..;/css"
-      - "{{BaseURL}}/evil%E3%80%82com"
-      - "{{BaseURL}}/%5Cevil.com"
-      - "{{BaseURL}}/?Page=evil.com&_url=evil.com&callback=evil.com&checkout_url=evil.com&content=evil.com&continue=evil.com&continueTo=evil.com&counturl=evil.com&data=evil.com&dest=evil.com&dest_url=evil.com&dir=evil.com&document=evil.com&domain=evil.com&done=evil.com&download=evil.com&feed=evil.com&file=evil.com&host=evil.com&html=evil.com&http=evil.com&https=evil.com&image=evil.com&image_src=evil.com&image_url=evil.com&imageurl=evil.com&include=evil.com&langTo=evil.com&media=evil.com&navigation=evil.com&next=evil.com&open=evil.com&out=evil.com&page=evil.com&page_url=evil.com&pageurl=evil.com&path=evil.com&picture=evil.com&port=evil.com&proxy=evil.com&redir=evil.com&redirect=evil.com&redirectUri=evil.com&redirectUrl=evil.com&reference=evil.com&referrer=evil.com&req=evil.com&request=evil.com&retUrl=evil.com&return=evil.com&returnTo=evil.com&return_path=evil.com&return_to=evil.com&rurl=evil.com&show=evil.com&site=evil.com&source=evil.com&src=evil.com&target=evil.com&to=evil.com&uri=evil.com&url=evil.com&val=evil.com&validate=evil.com&view=evil.com&window=evil.com&redirect_to=evil.com"
+      - '{{BaseURL}}/evil.com/'
+      - '{{BaseURL}}/evil.com//'
+      - '{{BaseURL}}///;@evil.com'
+      - '{{BaseURL}}///evil.com/%2F..'
+      - '{{BaseURL}}/////evil.com'
+      - '{{BaseURL}}//evil.com/%2F..'
+      - '{{BaseURL}}//evil.com/..;/css'
+      - '{{BaseURL}}/evil%E3%80%82com'
+      - '{{BaseURL}}/%5Cevil.com'
+      - '{{BaseURL}}evil.com'
+      - '{{BaseURL}}/evil.com'
+      - '{{BaseURL}}\evil.com'
+      - '{{BaseURL}}//evil.com/'
+      - '{{BaseURL}}\/\/evil.com/'
+      - '{{BaseURL}}%00\/\/evil.com/'
+      - '{{BaseURL}}/%00/evil.com/'
+      - '{{BaseURL}}/%09/evil.com/'
+      - '{{BaseURL}}/%0a/evil.com/'
+      - '{{BaseURL}}/%0d/evil.com/'
+      - '{{BaseURL}}////evil.com/%2f%2e%2e'
+      - '{{BaseURL}}/%5cevil.com/%2f%2e%2e'
+      - '{{BaseURL}}/〱evil.com/%2f%2e%2e'
+      - '{{BaseURL}}@evil.com'
+      - '{{BaseURL}}evil.com'
+      - '{{BaseURL}}/{{BaseURL}}evil.com'
+      - '{{BaseURL}}\{{BaseURL}}evil.com'
+      - '{{BaseURL}}//{{BaseURL}}evil.com/'
+      - '{{BaseURL}}\/\/{{BaseURL}}evil.com/'
+      - '{{BaseURL}}%00\/\/{{BaseURL}}evil.com/'
+      - '{{BaseURL}}////{{BaseURL}}evil.com/%2f%2e%2e'
+      - '{{BaseURL}}/%5c{{BaseURL}}evil.com/%2f%2e%2e'
+      - '{{BaseURL}}/〱{{BaseURL}}evil.com/%2f%2e%2e'
+      - '{{BaseURL}}@{{BaseURL}}evil.com'
+      - '{{BaseURL}}/?Page=evil.com&_url=evil.com&callback=evil.com&checkout_url=evil.com&content=evil.com&continue=evil.com&continueTo=evil.com&counturl=evil.com&data=evil.com&dest=evil.com&dest_url=evil.com&dir=evil.com&document=evil.com&domain=evil.com&done=evil.com&download=evil.com&feed=evil.com&file=evil.com&host=evil.com&html=evil.com&http=evil.com&https=evil.com&image=evil.com&image_src=evil.com&image_url=evil.com&imageurl=evil.com&include=evil.com&langTo=evil.com&media=evil.com&navigation=evil.com&next=evil.com&open=evil.com&out=evil.com&page=evil.com&page_url=evil.com&pageurl=evil.com&path=evil.com&picture=evil.com&port=evil.com&proxy=evil.com&redir=evil.com&redirect=evil.com&redirectUri=evil.com&redirectUrl=evil.com&reference=evil.com&referrer=evil.com&req=evil.com&request=evil.com&retUrl=evil.com&return=evil.com&returnTo=evil.com&return_path=evil.com&return_to=evil.com&rurl=evil.com&show=evil.com&site=evil.com&source=evil.com&src=evil.com&target=evil.com&to=evil.com&uri=evil.com&url=evil.com&val=evil.com&validate=evil.com&view=evil.com&window=evil.com&redirect_to=evil.com'
     matchers:
       - type: regex
         regex: