Add Another Redirect Payload and Extend the Regex to Recognize it (#3299)

* Fix Open Redirect Header Regex

The regex was missing the correct escaping for special char `/`

* Add New General Open Redirect

There's another option for open redirects. I tested it in FF and Chrome.

* Update Location Redirect Regex

* update: mix changes

Co-authored-by: sandeep <sandeep@projectdiscovery.io>

vulnerabilities/generic/open-redirect.yaml

@@ -28,6 +28,7 @@ requests:
       - '{{BaseURL}}/%0d/example.com/'
       - '{{BaseURL}}////example.com/%2f%2e%2e'
       - '{{BaseURL}}/%5cexample.com/%2f%2e%2e'
+      - '{{BaseURL}}/%5C%5Cexample.com/%252e%252e%252f'
       - '{{BaseURL}}/{{BaseURL}}example.com'
       - '{{BaseURL}}//{{BaseURL}}example.com/'
       - '{{BaseURL}}////{{BaseURL}}example.com/%2f%2e%2e'
@@ -39,11 +40,13 @@ requests:
     matchers-condition: and
     matchers:
       - type: regex
-        regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
         part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'
 
       - type: status
         status:
-          - 302
           - 301
+          - 302
+          - 307
+          - 308