30 lines
772 B
YAML
30 lines
772 B
YAML
id: xpl-open-redirect
|
|
info:
|
|
name: "Open Redirect"
|
|
author: imtaqin
|
|
severity: medium
|
|
description: |
|
|
Redirect parameters that accept arbitrary external URLs, usable
|
|
for phishing + OAuth token theft.
|
|
tags:
|
|
- open-redirect
|
|
- phishing
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/redirect?url=https://evil.example/"
|
|
- "{{BaseURL}}/go?to=https://evil.example/"
|
|
- "{{BaseURL}}/out?dest=https://evil.example/"
|
|
- "{{BaseURL}}/login?next=https://evil.example/"
|
|
redirects: false
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status: [301, 302, 303, 307, 308]
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- "(?i)^location:\\s*https?://evil\\.example"
|
|
name: redirect-to-evil
|