Merge pull request #76 from Nadino92/master

Basic CORS misconfiguration

security-misconfiguration/basic-cors-flash.yaml

@@ -0,0 +1,16 @@
+id: basic-cors-misconfig-flash
+
+info:
+  name: Basic CORS misconfiguration exploitable with Flash
+  author: nadino
+  severity: low
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/crossdomain.xml"
+    matchers:
+      - type: word
+        words:
+            - 'allow-access-from domain="*"'
+        part: body

security-misconfiguration/basic-cors.yaml

@@ -0,0 +1,18 @@
+id: basic-cors-misconfig
+
+info:
+  name: Basic CORS misconfiguration
+  author: nadino
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+    headers:
+      Origin: https://evil.com
+    matchers:
+      - type: word
+        words:
+            - 'Access-Control-Allow-Origin: https://evil.com'
+        part: header

vulnerabilities/crlf-injection.yaml

@@ -0,0 +1,16 @@
+id: crlf-injection
+
+info:
+  name: CRLF injection
+  author: nadino
+  severity: low
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%0D%0ASet-Cookie:crlfinjection=crlfinjection"
+      - "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=crlfinjection" #unicode bypass
+    matchers:
+      - type: dsl
+        dsl:
+        - 'contains(set_cookie,"crlfinjection")'