id: netsweeper-open-redirect info: name: Netsweeper 4.0.9 - Open Redirection author: daffainfo severity: medium description: Netsweeper version 4.0.9 was vulnerable to an Unauthenticated and Authenticated Open Redirect vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz tags: netsweeper,redirect requests: - method: GET path: - "{{BaseURL}}/webadmin/authportal/bounce.php?url=https://interact.sh/" matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'