daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/generic/open-redirect.yaml

51 lines
2.7 KiB
YAML
Raw Blame History

id: open-redirect
info:
name: Open URL redirect detection
author: afaq & @melbadry9 & @Elmahdi & @pxmme1337 & @Regala_ & @andirrahmani1 & @geeknik
severity: low
description: A user-controlled input redirect users to an external website.
tags: redirect
requests:
- method: GET
path:
- '{{BaseURL}}/test.com/'
- '{{BaseURL}}/test.com//'
- '{{BaseURL}}///;@test.com'
- '{{BaseURL}}///test.com/%2F..'
- '{{BaseURL}}/////test.com'
- '{{BaseURL}}//test.com/%2F..'
- '{{BaseURL}}//test.com/..;/css'
- '{{BaseURL}}/test%E3%80%82com'
- '{{BaseURL}}/%5Ctest.com'
- '{{BaseURL}}test.com'
- '{{BaseURL}}/test.com'
- '{{BaseURL}}\test.com'
- '{{BaseURL}}//test.com/'
- '{{BaseURL}}\/\/test.com/'
- '{{BaseURL}}%00\/\/test.com/'
- '{{BaseURL}}/%00/test.com/'
- '{{BaseURL}}/%09/test.com/'
- '{{BaseURL}}/%0a/test.com/'
- '{{BaseURL}}/%0d/test.com/'
- '{{BaseURL}}////test.com/%2f%2e%2e'
- '{{BaseURL}}/%5ctest.com/%2f%2e%2e'
- '{{BaseURL}}@test.com'
- '{{BaseURL}}/{{BaseURL}}test.com'
- '{{BaseURL}}\{{BaseURL}}test.com'
- '{{BaseURL}}//{{BaseURL}}test.com/'
- '{{BaseURL}}\/\/{{BaseURL}}test.com/'
- '{{BaseURL}}%00\/\/{{BaseURL}}test.com/'
- '{{BaseURL}}////{{BaseURL}}test.com/%2f%2e%2e'
- '{{BaseURL}}/%5c{{BaseURL}}test.com/%2f%2e%2e'
- '{{BaseURL}}/〱{{BaseURL}}test.com/%2f%2e%2e'
- '{{BaseURL}}@{{BaseURL}}test.com'
- '{{BaseURL}}/?page=test.com&_url=test.com&callback=test.com&checkout_url=test.com&content=test.com&continue=test.com&continueTo=test.com&counturl=test.com&data=test.com&dest=test.com&dest_url=test.com&dir=test.com&document=test.com&domain=test.com&done=test.com&download=test.com&feed=test.com&file=test.com&host=test.com&html=test.com&http=test.com&https=test.com&image=test.com&image_src=test.com&image_url=test.com&imageurl=test.com&include=test.com&langTo=test.com&media=test.com&navigation=test.com&next=test.com&open=test.com&out=test.com&page=test.com&page_url=test.com&pageurl=test.com&path=test.com&picture=test.com&port=test.com&proxy=test.com&redir=test.com&redirect=test.com&redirectUri=test.com&redirectUrl=test.com&reference=test.com&referrer=test.com&req=test.com&request=test.com&retUrl=test.com&return=test.com&returnTo=test.com&return_path=test.com&return_to=test.com&rurl=test.com&show=test.com&site=test.com&source=test.com&src=test.com&target=test.com&to=test.com&uri=test.com&url=test.com&val=test.com&validate=test.com&view=test.com&window=test.com&redirect_to=test.com'
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?test\.com(?:\s*?)$'
part: header
Reference in New Issue View Git Blame Copy Permalink