Added external-service-interaction Template

2023-09-01 08:45:40 -03:00 · 2023-09-01 08:45:40 -03:00 · 091d5233a5
parent 0e0902e24c
commit 091d5233a5
1 changed files with 31 additions and 0 deletions
--- a/http/miscellaneous/external-service-interaction.yaml
+++ b/http/miscellaneous/external-service-interaction.yaml
@ -0,0 +1,31 @@
+id: external-service-interaction
+
+info:
+  name: External Service Interaction
+  author: andreluna
+  severity: medium
+  description: External Service interaction via Host Header Injection.
+  reference:
+    - https://portswigger.net/kb/issues/00300210_external-service-interaction-http
+    - https://success.qualys.com/support/s/article/000006843
+    - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection
+  classification:
+    cwe-id: CWE-918,CWE-406
+  tags: http,miscs
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+    redirects: true
+    max-redirects: 1
+    headers:
+      Host: "{{interactsh-url}}"
+
+    matchers-condition: or
+    matchers:
+        - type: word
+          part: interactsh_protocol
+          words:
+            - "http"
+            - "dns"