From 07eb454de61bb18cf3130b96d3bc8a6fcf296439 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Mon, 15 Feb 2021 17:42:57 +0000 Subject: [PATCH] Update open-redirect.yaml Seems a bit rude to add a production website like test.com to a template like this will generate a ton of unexpected traffic for a company who might not be expecting it or appreciating it. --- vulnerabilities/generic/open-redirect.yaml | 66 +++++++++++----------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/vulnerabilities/generic/open-redirect.yaml b/vulnerabilities/generic/open-redirect.yaml index 6a7c8cd5ab..662007159c 100644 --- a/vulnerabilities/generic/open-redirect.yaml +++ b/vulnerabilities/generic/open-redirect.yaml @@ -11,40 +11,40 @@ requests: - method: GET path: - - '{{BaseURL}}/test.com/' - - '{{BaseURL}}/test.com//' - - '{{BaseURL}}///;@test.com' - - '{{BaseURL}}///test.com/%2F..' - - '{{BaseURL}}/////test.com' - - '{{BaseURL}}//test.com/%2F..' - - '{{BaseURL}}//test.com/..;/css' - - '{{BaseURL}}/test%E3%80%82com' - - '{{BaseURL}}/%5Ctest.com' - - '{{BaseURL}}test.com' - - '{{BaseURL}}/test.com' - - '{{BaseURL}}\test.com' - - '{{BaseURL}}//test.com/' - - '{{BaseURL}}\/\/test.com/' - - '{{BaseURL}}%00\/\/test.com/' - - '{{BaseURL}}/%00/test.com/' - - '{{BaseURL}}/%09/test.com/' - - '{{BaseURL}}/%0a/test.com/' - - '{{BaseURL}}/%0d/test.com/' - - '{{BaseURL}}////test.com/%2f%2e%2e' - - '{{BaseURL}}/%5ctest.com/%2f%2e%2e' - - '{{BaseURL}}@test.com' - - '{{BaseURL}}/{{BaseURL}}test.com' - - '{{BaseURL}}\{{BaseURL}}test.com' - - '{{BaseURL}}//{{BaseURL}}test.com/' - - '{{BaseURL}}\/\/{{BaseURL}}test.com/' - - '{{BaseURL}}%00\/\/{{BaseURL}}test.com/' - - '{{BaseURL}}////{{BaseURL}}test.com/%2f%2e%2e' - - '{{BaseURL}}/%5c{{BaseURL}}test.com/%2f%2e%2e' - - '{{BaseURL}}/〱{{BaseURL}}test.com/%2f%2e%2e' - - '{{BaseURL}}@{{BaseURL}}test.com' - - '{{BaseURL}}/?page=test.com&_url=test.com&callback=test.com&checkout_url=test.com&content=test.com&continue=test.com&continueTo=test.com&counturl=test.com&data=test.com&dest=test.com&dest_url=test.com&dir=test.com&document=test.com&domain=test.com&done=test.com&download=test.com&feed=test.com&file=test.com&host=test.com&html=test.com&http=test.com&https=test.com&image=test.com&image_src=test.com&image_url=test.com&imageurl=test.com&include=test.com&langTo=test.com&media=test.com&navigation=test.com&next=test.com&open=test.com&out=test.com&page=test.com&page_url=test.com&pageurl=test.com&path=test.com&picture=test.com&port=test.com&proxy=test.com&redir=test.com&redirect=test.com&redirectUri=test.com&redirectUrl=test.com&reference=test.com&referrer=test.com&req=test.com&request=test.com&retUrl=test.com&return=test.com&returnTo=test.com&return_path=test.com&return_to=test.com&rurl=test.com&show=test.com&site=test.com&source=test.com&src=test.com&target=test.com&to=test.com&uri=test.com&url=test.com&val=test.com&validate=test.com&view=test.com&window=test.com&redirect_to=test.com' + - '{{BaseURL}}/example.com/' + - '{{BaseURL}}/example.com//' + - '{{BaseURL}}///;@example.com' + - '{{BaseURL}}///example.com/%2F..' + - '{{BaseURL}}/////example.com' + - '{{BaseURL}}//example.com/%2F..' + - '{{BaseURL}}//example.com/..;/css' + - '{{BaseURL}}/example%E3%80%82com' + - '{{BaseURL}}/%5Cexample.com' + - '{{BaseURL}}example.com' + - '{{BaseURL}}/example.com' + - '{{BaseURL}}\example.com' + - '{{BaseURL}}//example.com/' + - '{{BaseURL}}\/\/example.com/' + - '{{BaseURL}}%00\/\/example.com/' + - '{{BaseURL}}/%00/example.com/' + - '{{BaseURL}}/%09/example.com/' + - '{{BaseURL}}/%0a/example.com/' + - '{{BaseURL}}/%0d/example.com/' + - '{{BaseURL}}////example.com/%2f%2e%2e' + - '{{BaseURL}}/%5cexample.com/%2f%2e%2e' + - '{{BaseURL}}@example.com' + - '{{BaseURL}}/{{BaseURL}}example.com' + - '{{BaseURL}}\{{BaseURL}}example.com' + - '{{BaseURL}}//{{BaseURL}}example.com/' + - '{{BaseURL}}\/\/{{BaseURL}}example.com/' + - '{{BaseURL}}%00\/\/{{BaseURL}}example.com/' + - '{{BaseURL}}////{{BaseURL}}example.com/%2f%2e%2e' + - '{{BaseURL}}/%5c{{BaseURL}}example.com/%2f%2e%2e' + - '{{BaseURL}}/〱{{BaseURL}}example.com/%2f%2e%2e' + - '{{BaseURL}}@{{BaseURL}}example.com' + - '{{BaseURL}}/?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&dir=example.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com' matchers: - type: regex regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?test\.com(?:\s*?)$' + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$' part: header