How this template works
APIs Selection
The API selection filters in this template are used to filter and select the specific requests that need to be modified. It checks for a response code of 302 (redirect) and then checks if the location value in the response matches the specified conditions using different methods such as request payload, query parameter, or request headers.
Execute request
In the execute section, the template modifies the request by replacing the payload_location_key with the value obtained from the sample_response_headers.location. It modifies the query parameter, body parameter, and header of the request by appending the payload_location_value to the URL of the malicious domain (http://evil.com/?p=${payload_location_value}). The follow_redirect parameter is set to false to prevent automatic redirection.
Validation
The validation section checks the response code to ensure it is still 302 (redirect). It then checks the response headers to validate if the location header contains the domain "evil.com". If the conditions are met, the validation is successful, indicating that the open redirect vulnerability has been exploited successfully.
Frequently asked questions
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable
