Merge pull request #10256 from kazet/evil.com-example.com

Using different URL as we don't know who evil.com is controlled by
2024-07-14 13:44:18 +05:30 · 2024-07-14 13:44:18 +05:30 · e8d81a29a2
parent 95d81675a3 31d5e16128
commit e8d81a29a2
2 changed files with 98 additions and 98 deletions
--- a/dast/vulnerabilities/redirect/open-redirect.yaml
+++ b/dast/vulnerabilities/redirect/open-redirect.yaml
@ -16,7 +16,7 @@ http:

    payloads:
      redirect:
-        - "evil.com"
+        - "oast.me"

    fuzzing:
      - part: query
@ -174,11 +174,11 @@ http:
      - type: regex
        part: header
        regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1

      - type: status
        status:
          - 301
          - 302
          - 307
-# digest: 490a004630440220798dab0882b46e287f296c1f1ba1f9b47422c2b080486183184727f3de119087022044b26046d5aba5529bb7583ccebd65748198fff98a625c16b07432abf5a4fe8c:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220798dab0882b46e287f296c1f1ba1f9b47422c2b080486183184727f3de119087022044b26046d5aba5529bb7583ccebd65748198fff98a625c16b07432abf5a4fe8c:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/generic/open-redirect-generic.yaml
+++ b/http/vulnerabilities/generic/open-redirect-generic.yaml
@ -20,99 +20,99 @@ http:

    payloads:
      redirect:
-        - '%0a/evil.com/'
-        - '%0d/evil.com/'
-        - '%00/evil.com/'
-        - '%09/evil.com/'
-        - '%5C%5Cevil.com/%252e%252e%252f'
-        - '%5Cevil.com'
-        - '%5cevil.com/%2f%2e%2e'
-        - '%5c{{RootURL}}evil.com/%2f%2e%2e'
-        - '../evil.com'
-        - '.evil.com'
-        - '/%5cevil.com'
-        - '////\;@evil.com'
-        - '////evil.com'
-        - '///evil.com'
-        - '///evil.com/%2f%2e%2e'
-        - '///evil.com@//'
-        - '///{{RootURL}}evil.com/%2f%2e%2e'
-        - '//;@evil.com'
-        - '//\/evil.com/'
-        - '//\@evil.com'
-        - '//\evil.com'
-        - '//\tevil.com/'
-        - '//evil.com/%2F..'
-        - '//evil.com//'
-        - '//%69%6e%74%65%72%61%63%74%2e%73%68'
-        - '//evil.com@//'
-        - '//evil.com\tevil.com/'
-        - '//https://evil.com//'
-        - '/<>//evil.com'
-        - '/\/\/evil.com/'
-        - '/\/evil.com'
-        - '/\evil.com'
-        - '/evil.com'
-        - '/evil.com/%2F..'
-        - '/evil.com/'
-        - '/evil.com/..;/css'
-        - '/https:evil.com'
-        - '/{{RootURL}}evil.com/'
-        - '/〱evil.com'
-        - '/〵evil.com'
-        - '/ゝevil.com'
-        - '/ーevil.com'
-        - '/ｰevil.com'
-        - '<>//evil.com'
-        - '@evil.com'
-        - '@https://evil.com'
-        - '\/\/evil.com/'
-        - 'evil%E3%80%82com'
-        - 'evil.com'
-        - 'evil.com/'
-        - 'evil.com//'
-        - 'evil.com;@'
-        - 'https%3a%2f%2fevil.com%2f'
-        - 'https:%0a%0devil.com'
-        - 'https://%0a%0devil.com'
-        - 'https://%09/evil.com'
-        - 'https://%2f%2f.evil.com/'
-        - 'https://%3F.evil.com/'
-        - 'https://%5c%5c.evil.com/'
-        - 'https://%5cevil.com@'
-        - 'https://%23.evil.com/'
-        - 'https://.evil.com'
-        - 'https://////evil.com'
-        - 'https:///evil.com'
-        - 'https:///evil.com/%2e%2e'
-        - 'https:///evil.com/%2f%2e%2e'
-        - 'https:///evil.com@evil.com/%2e%2e'
-        - 'https:///evil.com@evil.com/%2f%2e%2e'
-        - 'https://:80#@evil.com/'
-        - 'https://:80?@evil.com/'
-        - 'https://:@\@evil.com'
-        - 'https://:@evil.com\@evil.com'
-        - 'https://;@evil.com'
-        - 'https://\tevil.com/'
-        - 'https://evil.com/evil.com'
-        - 'https://evil.com/https://evil.com/'
-        - 'https://www.\.evil.com'
-        - 'https:/\/\evil.com'
-        - 'https:/\evil.com'
-        - 'https:/evil.com'
-        - 'https:evil.com'
-        - '{{RootURL}}evil.com'
-        - '〱evil.com'
-        - '〵evil.com'
-        - 'ゝevil.com'
-        - 'ーevil.com'
-        - 'ｰevil.com'
-        - 'redirect/evil.com'
-        - 'cgi-bin/redirect.cgi?evil.com'
-        - 'out?evil.com'
-        - 'login?to=http://evil.com'
-        - '1/_https@evil.com'
-        - 'redirect?targeturl=https://evil.com'
+        - '%0a/oast.me/'
+        - '%0d/oast.me/'
+        - '%00/oast.me/'
+        - '%09/oast.me/'
+        - '%5C%5Coast.me/%252e%252e%252f'
+        - '%5Coast.me'
+        - '%5coast.me/%2f%2e%2e'
+        - '%5c{{RootURL}}oast.me/%2f%2e%2e'
+        - '../oast.me'
+        - '.oast.me'
+        - '/%5coast.me'
+        - '////\;@oast.me'
+        - '////oast.me'
+        - '///oast.me'
+        - '///oast.me/%2f%2e%2e'
+        - '///oast.me@//'
+        - '///{{RootURL}}oast.me/%2f%2e%2e'
+        - '//;@oast.me'
+        - '//\/oast.me/'
+        - '//\@oast.me'
+        - '//\oast.me'
+        - '//\toast.me/'
+        - '//oast.me/%2F..'
+        - '//oast.me//'
+        - '//%6f%61%73%74%2e%6d%65'
+        - '//oast.me@//'
+        - '//oast.me\toast.me/'
+        - '//https://oast.me//'
+        - '/<>//oast.me'
+        - '/\/\/oast.me/'
+        - '/\/oast.me'
+        - '/\oast.me'
+        - '/oast.me'
+        - '/oast.me/%2F..'
+        - '/oast.me/'
+        - '/oast.me/..;/css'
+        - '/https:oast.me'
+        - '/{{RootURL}}oast.me/'
+        - '/〱oast.me'
+        - '/〵oast.me'
+        - '/ゝoast.me'
+        - '/ーoast.me'
+        - '/ｰoast.me'
+        - '<>//oast.me'
+        - '@oast.me'
+        - '@https://oast.me'
+        - '\/\/oast.me/'
+        - 'oast%E3%80%82me'
+        - 'oast.me'
+        - 'oast.me/'
+        - 'oast.me//'
+        - 'oast.me;@'
+        - 'https%3a%2f%2foast.me%2f'
+        - 'https:%0a%0doast.me'
+        - 'https://%0a%0doast.me'
+        - 'https://%09/oast.me'
+        - 'https://%2f%2f.oast.me/'
+        - 'https://%3F.oast.me/'
+        - 'https://%5c%5c.oast.me/'
+        - 'https://%5coast.me@'
+        - 'https://%23.oast.me/'
+        - 'https://.oast.me'
+        - 'https://////oast.me'
+        - 'https:///oast.me'
+        - 'https:///oast.me/%2e%2e'
+        - 'https:///oast.me/%2f%2e%2e'
+        - 'https:///oast.me@oast.me/%2e%2e'
+        - 'https:///oast.me@oast.me/%2f%2e%2e'
+        - 'https://:80#@oast.me/'
+        - 'https://:80?@oast.me/'
+        - 'https://:@\@oast.me'
+        - 'https://:@oast.me\@oast.me'
+        - 'https://;@oast.me'
+        - 'https://\toast.me/'
+        - 'https://oast.me/oast.me'
+        - 'https://oast.me/https://oast.me/'
+        - 'https://www.\.oast.me'
+        - 'https:/\/\oast.me'
+        - 'https:/\oast.me'
+        - 'https:/oast.me'
+        - 'https:oast.me'
+        - '{{RootURL}}oast.me'
+        - '〱oast.me'
+        - '〵oast.me'
+        - 'ゝoast.me'
+        - 'ーoast.me'
+        - 'ｰoast.me'
+        - 'redirect/oast.me'
+        - 'cgi-bin/redirect.cgi?oast.me'
+        - 'out?oast.me'
+        - 'login?to=http://oast.me'
+        - '1/_https@oast.me'
+        - 'redirect?targeturl=https://oast.me'

    stop-at-first-match: true

@ -121,7 +121,7 @@ http:
      - type: regex
        part: header
        regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

      - type: status
        status:
@ -130,4 +130,4 @@ http:
          - 307
          - 308
        condition: or
-# digest: 4b0a00483046022100f4fe9201a11ea90485c2a26c406a0dbecb9ea8e674bf3ccbcaf01ed4c57421c3022100a9c075d4a231b4acd4adfce87b2f858c65cb9dc3b896d7b07759c4395e0be18f:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f4fe9201a11ea90485c2a26c406a0dbecb9ea8e674bf3ccbcaf01ed4c57421c3022100a9c075d4a231b4acd4adfce87b2f858c65cb9dc3b896d7b07759c4395e0be18f:922c64590222798bb761d5b6d8e72950