forked from akto-api-security/akto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
OpenRedirect.yaml
70 lines (67 loc) · 2.29 KB
/
OpenRedirect.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
id: OPEN_REDIRECT
info:
name: "Open redirect"
description: "An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain."
details: >
"Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way.
The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility
to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain"
impact: "This behavior can be leveraged to facilitate phishing attacks against users of the application."
category:
name: SM
shortName: Security Misconfiguration
displayName: Security Misconfiguration (SM)
subCategory: OPEN_REDIRECT
severity: HIGH
tags:
- Business logic
- OWASP top 10
- HackerOne top 10
references:
- "https://portswigger.net/kb/issues/00500100_open-redirection-reflected"
api_selection_filters:
response_code:
eq: 302
or:
- request_payload:
for_one:
value:
eq: "${sample_response_headers.location}"
extract: payload_location_value
key:
extract: payload_location_key
- query_param:
for_one:
value:
eq: "${sample_response_headers.location}"
extract: payload_location_value
key:
extract: payload_location_key
- request_headers:
for_one:
value:
eq: "${sample_response_headers.location}"
extract: payload_location_value
key:
extract: payload_location_key
execute:
type: single
requests:
- req:
- modify_query_param:
payload_location_key: http:https://evil.com/?p=${payload_location_value}
- modify_body_param:
payload_location_key: http:https://evil.com/?p=${payload_location_value}
- modify_header:
payload_location_key: http:https://evil.com/?p=${payload_location_value}
- follow_redirect: false
validate:
response_code:
eq: 302
response_headers:
for_one:
key:
eq: location
value:
contains_either:
- evil.com