diff --git a/vulnerabilities/open-redirect.yaml b/vulnerabilities/open-redirect.yaml index e7f7e3c6ec..7faacffd7f 100644 --- a/vulnerabilities/open-redirect.yaml +++ b/vulnerabilities/open-redirect.yaml @@ -2,7 +2,7 @@ id: open-redirect info: name: Open Redirect Detection - author: Elmahdi & @pxmme1337 & @Regala_ & @andirrahmani1 + author: melbadry9 & Elmahdi & @pxmme1337 & @Regala_ & @andirrahmani1 severity: low requests: @@ -12,7 +12,12 @@ requests: - "{{BaseURL}}/evil.com/" - "{{BaseURL}}///;@evil.com" - "{{BaseURL}}/////evil.com" - - "{{BaseURL}}/?next=evil.com&content=evil.com&counturl=evil.com&dest_url=evil.com&document=evil.com&domain=evil.com&download=evil.com&file=evil.com&http=evil.com&https=evil.com&image=evil.com&image_src=evil.com&imageurl=evil.com&include=evil.com&media=evil.com&Page=evil.com&pageurl=evil.com&page_url=evil.com&picture=evil.com&referrer=evil.com&req=evil.com&request=evil.com&source=evil.com&src=evil.com&uri=evil.com&url=evil.com&_url=evil.com&target=evil.com&redirect=evil.com&redirectUrl=evil.com&redirectUri&rurl=evil.com&next=evil.com&redir=evil.com&to=evil.com&image_url=evil.com&return=evil.com&returnTo=evil.com&return_to=evil.com&return_path=evil.com&retUrl=evil.com&checkout_url=evil.com&continue=evil.com&continueTo=evil.com&url=evil.com&done=evil.com&uri=evil.com&proxy=evil.com" + - "{{BaseURL}}//evil.com/%2F.." # Node.js + - "{{BaseURL}}//evil.com/..;/css" # Tomcat + - "{{BaseURL}}/evil%E3%80%82com" # special char urlencoded + - "{{BaseURL}}/%5Cevil.com" + # common vulnerable parameters + - "{{BaseURL}}/?Page=evil.com&_url=evil.com&callback=evil.com&checkout_url=evil.com&content=evil.com&continue=evil.com&continueTo=evil.com&counturl=evil.com&data=evil.com&dest=evil.com&dest_url=evil.com&dir=evil.com&document=evil.com&domain=evil.com&done=evil.com&download=evil.com&feed=evil.com&file=evil.com&host=evil.com&html=evil.com&http=evil.com&https=evil.com&image=evil.com&image_src=evil.com&image_url=evil.com&imageurl=evil.com&include=evil.com&media=evil.com&navigation=evil.com&next=evil.com&open=evil.com&out=evil.com&page=evil.com&page_url=evil.com&pageurl=evil.com&path=evil.com&picture=evil.com&port=evil.com&proxy=evil.com&redir=evil.com&redirect=evil.com&redirectUri&redirectUrl=evil.com&reference=evil.com&referrer=evil.com&req=evil.com&request=evil.com&retUrl=evil.com&return=evil.com&returnTo=evil.com&return_path=evil.com&return_to=evil.com&rurl=evil.com&show=evil.com&site=evil.com&source=evil.com&src=evil.com&target=evil.com&to=evil.com&uri=evil.com&url=evil.com&val=evil.com&validate=evil.com&view=evil.com&window=evil.com" matchers: - type: regex regex: