daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename otobo-open-redirect.yaml to vulnerabilities/other/otobo-open-redirect.yaml

patch-1
Prince Chaddha 2022-02-23 17:07:41 +05:30 committed by GitHub
parent ae3020084d
commit b86641d6df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
otobo-open-redirect.yaml → vulnerabilities/other/otobo-open-redirect.yaml
View File

@ -6,18 +6,17 @@ info:
severity: medium severity: medium
description: There is a open redirect vulnerability in Otobo description: There is a open redirect vulnerability in Otobo
reference: reference:
- https://github.com/rotheross/otobo
- https://huntr.dev/bounties/de64ac71-9d06-47cb-b643-891db02f2a1f/ - https://huntr.dev/bounties/de64ac71-9d06-47cb-b643-891db02f2a1f/
- https://github.com/rotheross/otobo
tags: redirect,otobo tags: redirect,otobo
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/otobo/index.pl?Action=ExternalURLJump;URL=http://www.example.com' - '{{BaseURL}}/otobo/index.pl?Action=ExternalURLJump;URL=http://www.example.com'
matchers: matchers:
- type: regex - type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
part: header part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1