id: caddy-open-redirect info: name: Caddy 2.4.6 Open Redirect (php_fastcgi) author: dhiyaneshDK severity: medium reference: - https://github.com/caddyserver/caddy/issues/4502 tags: redirect,caddy,server requests: - method: GET path: - '{{BaseURL}}//example.com/%2F..' matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1