mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
id: tinytiny-rss-redirect
|
|
|
|
info:
|
|
name: TinyTiny RSS Open Redirect
|
|
author: DhiyaneshDk
|
|
severity: low
|
|
description: |
|
|
Detected an open redirect vulnerability in Tiny Tiny RSS where the return parameter in public.php was abused to redirect users to an attacker-controlled external URL after the authentication flow.
|
|
reference:
|
|
- https://seclists.org/oss-sec/2019/q1/155
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: html:"Tiny Tiny RSS"
|
|
tags: redirect,tiny-tiny,rss
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/public.php?return=http%3a%2f%2finteract.sh%2f&op=login&login=password=&profile=0"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
|
|
|
|
- type: status
|
|
status:
|
|
- 302
|
|
- 301
|
|
# digest: 4a0a0047304502205e101f757480f1537500ee1e8b2b79b30a764bd0d217a758fae969b8d0c72ea8022100d7f0de8979044374234c4a2cca69fd21a0809959ea493f580dddd461ac3aa0f3:922c64590222798bb761d5b6d8e72950 |