122 lines
3.5 KiB
YAML
122 lines
3.5 KiB
YAML
id: headless-open-redirect
|
|
|
|
info:
|
|
name: Open Redirect - Detect
|
|
author: theamanrawat
|
|
severity: medium
|
|
description: |
|
|
An open redirect was detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cwe-id: CWE-601
|
|
tags: redirect,generic,headless
|
|
|
|
headless:
|
|
- steps:
|
|
- args:
|
|
url: '{{BaseURL}}/{{redirect}}'
|
|
action: navigate
|
|
- action: waitload
|
|
|
|
payloads:
|
|
redirect:
|
|
- '%0a/oast.live/'
|
|
- '%0d/oast.live/'
|
|
- '%00/oast.live/'
|
|
- '%09/oast.live/'
|
|
- '%5C%5Coast.live/%252e%252e%252f'
|
|
- '%5Coast.live'
|
|
- '%5coast.live/%2f%2e%2e'
|
|
- '%5c{{RootURL}}oast.live/%2f%2e%2e'
|
|
- '../oast.live'
|
|
- '.oast.live'
|
|
- '/%5coast.live'
|
|
- '////\;@oast.live'
|
|
- '////oast.live'
|
|
- '///oast.live'
|
|
- '///oast.live/%2f%2e%2e'
|
|
- '///oast.live@//'
|
|
- '///{{RootURL}}oast.live/%2f%2e%2e'
|
|
- '//;@oast.live'
|
|
- '//\/oast.live/'
|
|
- '//\@oast.live'
|
|
- '//\oast.live'
|
|
- '//\toast.live/'
|
|
- '//oast.live/%2F..'
|
|
- '//oast.live//'
|
|
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
|
|
- '//oast.live@//'
|
|
- '//oast.live\toast.live/'
|
|
- '//https://oast.live@//'
|
|
- '/<>//oast.live'
|
|
- '/\/\/oast.live/'
|
|
- '/\/oast.live'
|
|
- '/\oast.live'
|
|
- '/oast.live'
|
|
- '/oast.live/%2F..'
|
|
- '/oast.live/'
|
|
- '/oast.live/..;/css'
|
|
- '/https:oast.live'
|
|
- '/{{RootURL}}oast.live/'
|
|
- '/〱oast.live'
|
|
- '/〵oast.live'
|
|
- '/ゝoast.live'
|
|
- '/ーoast.live'
|
|
- '/ーoast.live'
|
|
- '<>//oast.live'
|
|
- '@oast.live'
|
|
- '@https://oast.live'
|
|
- '\/\/oast.live/'
|
|
- 'evil%E3%80%82com'
|
|
- 'oast.live'
|
|
- 'oast.live/'
|
|
- 'oast.live//'
|
|
- 'oast.live;@'
|
|
- 'https%3a%2f%2foast.live%2f'
|
|
- 'https:%0a%0doast.live'
|
|
- 'https://%0a%0doast.live'
|
|
- 'https://%09/oast.live'
|
|
- 'https://%2f%2f.oast.live/'
|
|
- 'https://%3F.oast.live/'
|
|
- 'https://%5c%5c.oast.live/'
|
|
- 'https://%5coast.live@'
|
|
- 'https://%23.oast.live/'
|
|
- 'https://.oast.live'
|
|
- 'https://////oast.live'
|
|
- 'https:///oast.live'
|
|
- 'https:///oast.live/%2e%2e'
|
|
- 'https:///oast.live/%2f%2e%2e'
|
|
- 'https:///oast.live@oast.live/%2e%2e'
|
|
- 'https:///oast.live@oast.live/%2f%2e%2e'
|
|
- 'https://:80#@oast.live/'
|
|
- 'https://:80?@oast.live/'
|
|
- 'https://:@\@oast.live'
|
|
- 'https://:@oast.live\@oast.live'
|
|
- 'https://;@oast.live'
|
|
- 'https://\toast.live/'
|
|
- 'https://oast.live/oast.live'
|
|
- 'https://oast.live/https://oast.live/'
|
|
- 'https://www.\.oast.live'
|
|
- 'https:/\/\oast.live'
|
|
- 'https:/\oast.live'
|
|
- 'https:/oast.live'
|
|
- 'https:oast.live'
|
|
- '{{RootURL}}oast.live'
|
|
- '〱oast.live'
|
|
- '〵oast.live'
|
|
- 'ゝoast.live'
|
|
- 'ーoast.live'
|
|
- 'ーoast.live'
|
|
- 'redirect/oast.live'
|
|
- 'cgi-bin/redirect.cgi?oast.live'
|
|
- 'out?oast.live'
|
|
- 'login?to=http://oast.live'
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Interactsh Server"
|