mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
Added template for open-redirect-url-redirect
This commit is contained in:
sophavinly
29
open-redirect-url-redirect.yaml
Normal file
29
open-redirect-url-redirect.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
id: open-redirect-url-redirect
|
||||
|
||||
info:
|
||||
name: Open Redirect in url_redirect Parameter
|
||||
author: ProjectDiscoveryAI
|
||||
severity: medium
|
||||
description: |
|
||||
This template detects open redirect vulnerabilities in the `url_redirect` parameter, which can potentially redirect users to malicious websites.
|
||||
tags: open-redirect
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /example?url_redirect=https://evil.com HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "https://evil\\.com"
|
||||
part: header
|
||||
- type: word
|
||||
words:
|
||||
- "302 Found"
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
Reference in New Issue
Block a user