id: open-redirect info: name: Open Redirect - Detection author: afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik severity: low description: An open redirect vulnerability was detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cwe-id: CWE-601 tags: redirect,generic requests: - raw: - | GET /{{redirect}} HTTP/1.1 Host: {{Hostname}} payloads: redirect: - '%0a/interact.sh/' - '%0d/interact.sh/' - '%00/interact.sh/' - '%09/interact.sh/' - '%5C%5Cinteract.sh/%252e%252e%252f' - '%5Cinteract.sh' - '%5cinteract.sh/%2f%2e%2e' - '%5c{{RootURL}}interact.sh/%2f%2e%2e' - '../interact.sh' - '.interact.sh' - '/%5cinteract.sh' - '////\;@interact.sh' - '////interact.sh' - '///interact.sh' - '///interact.sh/%2f%2e%2e' - '///interact.sh@//' - '///{{RootURL}}interact.sh/%2f%2e%2e' - '//;@interact.sh' - '//\/interact.sh/' - '//\@interact.sh' - '//\interact.sh' - '//\tinteract.sh/' - '//interact.sh/%2F..' - '//interact.sh//' - '//%69%6e%74%65%72%61%63%74%2e%73%68' - '//interact.sh@//' - '//interact.sh\tinteract.sh/' - '//https://interact.sh@//' - '/<>//interact.sh' - '/\/\/interact.sh/' - '/\/interact.sh' - '/\interact.sh' - '/interact.sh' - '/interact.sh/%2F..' - '/interact.sh/' - '/interact.sh/..;/css' - '/https:interact.sh' - '/{{RootURL}}interact.sh/' - '/〱interact.sh' - '/〵interact.sh' - '/ゝinteract.sh' - '/ーinteract.sh' - '/ーinteract.sh' - '<>//interact.sh' - '@interact.sh' - '@https://interact.sh' - '\/\/interact.sh/' - 'interact%E3%80%82sh' - 'interact.sh' - 'interact.sh/' - 'interact.sh//' - 'interact.sh;@' - 'https%3a%2f%2finteract.sh%2f' - 'https:%0a%0dinteract.sh' - 'https://%0a%0dinteract.sh' - 'https://%09/interact.sh' - 'https://%2f%2f.interact.sh/' - 'https://%3F.interact.sh/' - 'https://%5c%5c.interact.sh/' - 'https://%5cinteract.sh@' - 'https://%23.interact.sh/' - 'https://.interact.sh' - 'https://////interact.sh' - 'https:///interact.sh' - 'https:///interact.sh/%2e%2e' - 'https:///interact.sh/%2f%2e%2e' - 'https:///interact.sh@interact.sh/%2e%2e' - 'https:///interact.sh@interact.sh/%2f%2e%2e' - 'https://:80#@interact.sh/' - 'https://:80?@interact.sh/' - 'https://:@\@interact.sh' - 'https://:@interact.sh\@interact.sh' - 'https://:@interact.sh\@WillBeReplaced.com' - 'https://;@interact.sh' - 'https://\tinteract.sh/' - 'https://interact.sh/interact.sh' - 'https://interact.sh/https://interact.sh/' - 'https://www.\.interact.sh' - 'https:/\/\interact.sh' - 'https:/\interact.sh' - 'https:/interact.sh' - 'https:interact.sh' - '{{RootURL}}interact.sh' - '〱interact.sh' - '〵interact.sh' - 'ゝinteract.sh' - 'ーinteract.sh' - 'ーinteract.sh' - '?page=interact.sh&_url=interact.sh&callback=interact.sh&checkout_url=interact.sh&content=interact.sh&continue=interact.sh&continueTo=interact.sh&counturl=interact.sh&data=interact.sh&dest=interact.sh&dest_url=interact.sh&dir=interact.sh&document=interact.sh&domain=interact.sh&done=interact.sh&download=interact.sh&feed=interact.sh&file=interact.sh&host=interact.sh&html=interact.sh&http=interact.sh&https=interact.sh&image=interact.sh&image_src=interact.sh&image_url=interact.sh&imageurl=interact.sh&include=interact.sh&langTo=interact.sh&media=interact.sh&navigation=interact.sh&next=interact.sh&open=interact.sh&out=interact.sh&page=interact.sh&page_url=interact.sh&pageurl=interact.sh&path=interact.sh&picture=interact.sh&port=interact.sh&proxy=interact.sh&redir=interact.sh&redirect=interact.sh&redirectUri=interact.sh&redirectUrl=interact.sh&reference=interact.sh&referrer=interact.sh&req=interact.sh&request=interact.sh&retUrl=interact.sh&return=interact.sh&returnTo=interact.sh&return_path=interact.sh&return_to=interact.sh&rurl=interact.sh&show=interact.sh&site=interact.sh&source=interact.sh&src=interact.sh&target=interact.sh&to=interact.sh&uri=interact.sh&url=interact.sh&val=interact.sh&validate=interact.sh&view=interact.sh&window=interact.sh&redirect_to=interact.sh&ret=interact.sh&r2=interact.sh&img=interact.sh&u=interact.sh&r=interact.sh&URL=interact.sh&AuthState=interact.sh' stop-at-first-match: true matchers-condition: and matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 - type: status status: - 301 - 302 - 307 - 308 condition: or # Enhanced by mp on 2022/10/14