daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update https-to-http-redirect.yaml 

added HTTP status code 303, 306, 308 that can be redirected as well.
patch-2
idealphase 2024-04-29 16:23:33 +07:00 committed by GitHub
parent 27b3f7ed92
commit dfbd3dd3da
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
http/misconfiguration/https-to-http-redirect.yaml
View File

@ -2,7 +2,7 @@ id: https-to-http-redirect
info:
name: HTTPS to HTTP redirect Misconfiguration
author: kazet
author: kazet, idealphase
severity: info
description: |
Detects whether there is a redirect from https:// to http://
@ -21,6 +21,6 @@ http:
dsl:
- 'startswith(tolower(location), "http://")'
- 'startswith(tostring(BaseURL), "https://")'
- '(status_code == 301 || status_code == 302 || status_code == 307)'
- '(status_code == 301 || status_code == 302 || status_code == 303 || status_code == 306 || status_code == 307 || status_code == 308)'
condition: and
# digest: 4a0a0047304502206212deffff885bc2abd110b7921124764815e61844a28cf278f271f6d9753151022100861fee57cff6e033d3b77a48aa8a88595f5d7ea267d502b1aadf739e417f6608:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100efb999299d91727307015418aa6194270d37d3aec81b3357ac608f26e25b304a0220034415e5f53862e08c79733a9b20cc2f86959c7344e8d9c97d533260b086aa95:32bd8904a85baa2268cd2e24368f3b1a