From 38668c44e7dec8f7b11400468a057f4903d9ef30 Mon Sep 17 00:00:00 2001
From: Emad Youssef <48482029+Sy3Omda@users.noreply.github.com>
Date: Mon, 21 Jun 2021 10:21:44 +0200
Subject: [PATCH] Update open-redirect.yaml

this payload worked for me while i was hunting.
---
 vulnerabilities/generic/open-redirect.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vulnerabilities/generic/open-redirect.yaml b/vulnerabilities/generic/open-redirect.yaml
index 1565f477a3..938c0644ca 100644
--- a/vulnerabilities/generic/open-redirect.yaml
+++ b/vulnerabilities/generic/open-redirect.yaml
@@ -33,6 +33,7 @@ requests:
       - '{{BaseURL}}////{{BaseURL}}example.com/%2f%2e%2e'
       - '{{BaseURL}}/%5c{{BaseURL}}example.com/%2f%2e%2e'
       - '{{BaseURL}}/?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&diexample.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com&ret=example.com&r2=example.com&img=example.com&u=example.com&r=example.com&URL=example.com&AuthState=example.com'
+      - '{{BaseURL}}/1/_https@example.com'
     matchers:
       - type: regex
         regex: