Using different URL as we don't know who evil.com is controlled by
Krzysztof Zając
parent
00404d58f2
commit
7cc2da843f
|
|
@ -16,7 +16,7 @@ http:
|
||||||
|
|
||||||
payloads:
|
payloads:
|
||||||
redirect:
|
redirect:
|
||||||
- "evil.com"
|
- "example.com"
|
||||||
|
|
||||||
fuzzing:
|
fuzzing:
|
||||||
- part: query
|
- part: query
|
||||||
|
|
@ -174,11 +174,11 @@ http:
|
||||||
- type: regex
|
- type: regex
|
||||||
part: header
|
part: header
|
||||||
regex:
|
regex:
|
||||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 301
|
- 301
|
||||||
- 302
|
- 302
|
||||||
- 307
|
- 307
|
||||||
# digest: 490a004630440220798dab0882b46e287f296c1f1ba1f9b47422c2b080486183184727f3de119087022044b26046d5aba5529bb7583ccebd65748198fff98a625c16b07432abf5a4fe8c:922c64590222798bb761d5b6d8e72950
|
# digest: 490a004630440220798dab0882b46e287f296c1f1ba1f9b47422c2b080486183184727f3de119087022044b26046d5aba5529bb7583ccebd65748198fff98a625c16b07432abf5a4fe8c:922c64590222798bb761d5b6d8e72950
|
||||||
|
|
|
||||||
|
|
@ -20,99 +20,99 @@ http:
|
||||||
|
|
||||||
payloads:
|
payloads:
|
||||||
redirect:
|
redirect:
|
||||||
- '%0a/evil.com/'
|
- '%0a/example.com/'
|
||||||
- '%0d/evil.com/'
|
- '%0d/example.com/'
|
||||||
- '%00/evil.com/'
|
- '%00/example.com/'
|
||||||
- '%09/evil.com/'
|
- '%09/example.com/'
|
||||||
- '%5C%5Cevil.com/%252e%252e%252f'
|
- '%5C%5Cexample.com/%252e%252e%252f'
|
||||||
- '%5Cevil.com'
|
- '%5Cexample.com'
|
||||||
- '%5cevil.com/%2f%2e%2e'
|
- '%5cexample.com/%2f%2e%2e'
|
||||||
- '%5c{{RootURL}}evil.com/%2f%2e%2e'
|
- '%5c{{RootURL}}example.com/%2f%2e%2e'
|
||||||
- '../evil.com'
|
- '../example.com'
|
||||||
- '.evil.com'
|
- '.example.com'
|
||||||
- '/%5cevil.com'
|
- '/%5cexample.com'
|
||||||
- '////\;@evil.com'
|
- '////\;@example.com'
|
||||||
- '////evil.com'
|
- '////example.com'
|
||||||
- '///evil.com'
|
- '///example.com'
|
||||||
- '///evil.com/%2f%2e%2e'
|
- '///example.com/%2f%2e%2e'
|
||||||
- '///evil.com@//'
|
- '///example.com@//'
|
||||||
- '///{{RootURL}}evil.com/%2f%2e%2e'
|
- '///{{RootURL}}example.com/%2f%2e%2e'
|
||||||
- '//;@evil.com'
|
- '//;@example.com'
|
||||||
- '//\/evil.com/'
|
- '//\/example.com/'
|
||||||
- '//\@evil.com'
|
- '//\@example.com'
|
||||||
- '//\evil.com'
|
- '//\example.com'
|
||||||
- '//\tevil.com/'
|
- '//\texample.com/'
|
||||||
- '//evil.com/%2F..'
|
- '//example.com/%2F..'
|
||||||
- '//evil.com//'
|
- '//example.com//'
|
||||||
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
|
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
|
||||||
- '//evil.com@//'
|
- '//example.com@//'
|
||||||
- '//evil.com\tevil.com/'
|
- '//example.com\texample.com/'
|
||||||
- '//https://evil.com//'
|
- '//https://example.com//'
|
||||||
- '/<>//evil.com'
|
- '/<>//example.com'
|
||||||
- '/\/\/evil.com/'
|
- '/\/\/example.com/'
|
||||||
- '/\/evil.com'
|
- '/\/example.com'
|
||||||
- '/\evil.com'
|
- '/\example.com'
|
||||||
- '/evil.com'
|
- '/example.com'
|
||||||
- '/evil.com/%2F..'
|
- '/example.com/%2F..'
|
||||||
- '/evil.com/'
|
- '/example.com/'
|
||||||
- '/evil.com/..;/css'
|
- '/example.com/..;/css'
|
||||||
- '/https:evil.com'
|
- '/https:example.com'
|
||||||
- '/{{RootURL}}evil.com/'
|
- '/{{RootURL}}example.com/'
|
||||||
- '/〱evil.com'
|
- '/〱example.com'
|
||||||
- '/〵evil.com'
|
- '/〵example.com'
|
||||||
- '/ゝevil.com'
|
- '/ゝexample.com'
|
||||||
- '/ーevil.com'
|
- '/ーexample.com'
|
||||||
- '/ーevil.com'
|
- '/ーexample.com'
|
||||||
- '<>//evil.com'
|
- '<>//example.com'
|
||||||
- '@evil.com'
|
- '@example.com'
|
||||||
- '@https://evil.com'
|
- '@https://example.com'
|
||||||
- '\/\/evil.com/'
|
- '\/\/example.com/'
|
||||||
- 'evil%E3%80%82com'
|
- 'example%E3%80%82com'
|
||||||
- 'evil.com'
|
- 'example.com'
|
||||||
- 'evil.com/'
|
- 'example.com/'
|
||||||
- 'evil.com//'
|
- 'example.com//'
|
||||||
- 'evil.com;@'
|
- 'example.com;@'
|
||||||
- 'https%3a%2f%2fevil.com%2f'
|
- 'https%3a%2f%2fexample.com%2f'
|
||||||
- 'https:%0a%0devil.com'
|
- 'https:%0a%0dexample.com'
|
||||||
- 'https://%0a%0devil.com'
|
- 'https://%0a%0dexample.com'
|
||||||
- 'https://%09/evil.com'
|
- 'https://%09/example.com'
|
||||||
- 'https://%2f%2f.evil.com/'
|
- 'https://%2f%2f.example.com/'
|
||||||
- 'https://%3F.evil.com/'
|
- 'https://%3F.example.com/'
|
||||||
- 'https://%5c%5c.evil.com/'
|
- 'https://%5c%5c.example.com/'
|
||||||
- 'https://%5cevil.com@'
|
- 'https://%5cexample.com@'
|
||||||
- 'https://%23.evil.com/'
|
- 'https://%23.example.com/'
|
||||||
- 'https://.evil.com'
|
- 'https://.example.com'
|
||||||
- 'https://////evil.com'
|
- 'https://////example.com'
|
||||||
- 'https:///evil.com'
|
- 'https:///example.com'
|
||||||
- 'https:///evil.com/%2e%2e'
|
- 'https:///example.com/%2e%2e'
|
||||||
- 'https:///evil.com/%2f%2e%2e'
|
- 'https:///example.com/%2f%2e%2e'
|
||||||
- 'https:///evil.com@evil.com/%2e%2e'
|
- 'https:///example.com@example.com/%2e%2e'
|
||||||
- 'https:///evil.com@evil.com/%2f%2e%2e'
|
- 'https:///example.com@example.com/%2f%2e%2e'
|
||||||
- 'https://:80#@evil.com/'
|
- 'https://:80#@example.com/'
|
||||||
- 'https://:80?@evil.com/'
|
- 'https://:80?@example.com/'
|
||||||
- 'https://:@\@evil.com'
|
- 'https://:@\@example.com'
|
||||||
- 'https://:@evil.com\@evil.com'
|
- 'https://:@example.com\@example.com'
|
||||||
- 'https://;@evil.com'
|
- 'https://;@example.com'
|
||||||
- 'https://\tevil.com/'
|
- 'https://\texample.com/'
|
||||||
- 'https://evil.com/evil.com'
|
- 'https://example.com/example.com'
|
||||||
- 'https://evil.com/https://evil.com/'
|
- 'https://example.com/https://example.com/'
|
||||||
- 'https://www.\.evil.com'
|
- 'https://www.\.example.com'
|
||||||
- 'https:/\/\evil.com'
|
- 'https:/\/\example.com'
|
||||||
- 'https:/\evil.com'
|
- 'https:/\example.com'
|
||||||
- 'https:/evil.com'
|
- 'https:/example.com'
|
||||||
- 'https:evil.com'
|
- 'https:example.com'
|
||||||
- '{{RootURL}}evil.com'
|
- '{{RootURL}}example.com'
|
||||||
- '〱evil.com'
|
- '〱example.com'
|
||||||
- '〵evil.com'
|
- '〵example.com'
|
||||||
- 'ゝevil.com'
|
- 'ゝexample.com'
|
||||||
- 'ーevil.com'
|
- 'ーexample.com'
|
||||||
- 'ーevil.com'
|
- 'ーexample.com'
|
||||||
- 'redirect/evil.com'
|
- 'redirect/example.com'
|
||||||
- 'cgi-bin/redirect.cgi?evil.com'
|
- 'cgi-bin/redirect.cgi?example.com'
|
||||||
- 'out?evil.com'
|
- 'out?example.com'
|
||||||
- 'login?to=http://evil.com'
|
- 'login?to=http://example.com'
|
||||||
- '1/_https@evil.com'
|
- '1/_https@example.com'
|
||||||
- 'redirect?targeturl=https://evil.com'
|
- 'redirect?targeturl=https://example.com'
|
||||||
|
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
|
|
||||||
|
|
@ -121,7 +121,7 @@ http:
|
||||||
- type: regex
|
- type: regex
|
||||||
part: header
|
part: header
|
||||||
regex:
|
regex:
|
||||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
@ -130,4 +130,4 @@ http:
|
||||||
- 307
|
- 307
|
||||||
- 308
|
- 308
|
||||||
condition: or
|
condition: or
|
||||||
# digest: 4b0a00483046022100f4fe9201a11ea90485c2a26c406a0dbecb9ea8e674bf3ccbcaf01ed4c57421c3022100a9c075d4a231b4acd4adfce87b2f858c65cb9dc3b896d7b07759c4395e0be18f:922c64590222798bb761d5b6d8e72950
|
# digest: 4b0a00483046022100f4fe9201a11ea90485c2a26c406a0dbecb9ea8e674bf3ccbcaf01ed4c57421c3022100a9c075d4a231b4acd4adfce87b2f858c65cb9dc3b896d7b07759c4395e0be18f:922c64590222798bb761d5b6d8e72950
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue