jaeles-signatures icon indicating copy to clipboard operation
jaeles-signatures copied to clipboard

Published 20 hours ago verified publisher icon jaeles-project

Dectetion in Open redirect gives false positive

Open Sicks3c opened this issue 4 years ago • 5 comments

Hello

First of all thanks for the tool

I was trying to check your condition on open redirect and it seems like it will give a a false positive results due to the validation You are using

      - >-
        (StatusCode() >= 300 && StatusCode() < 400)

Which doesnt mean 100% redirected to the evil destination

➜  doorman.elisaviihde.fi cat open-redirect-fuzz-01-a6c01bf9310679b985b8d0343708c05648843f27
[open-redirect-fuzz-01] - http://doorman.elisaviihde.fi/google.com

GET http://doorman.elisaviihde.fi/google.com HTTP/1.1

--------------------------------------------------
302 Moved Temporarily HTTP/1.0
Location: https://doorman.elisaviihde.fi/google.com
Server: BigIP
Connection: close
Content-Length: 0
Total Length: 102
Response Time: 0.314296

Location should be google.com instead of https://doorman.elisaviihde.fi/google.com

I think the best way to match open redirect is with a regex that looks like this < location: (https?:)?[/\\]{2,}example.com Replace example.com with the {dest} This should apply to Open-redirect-params.yaml as well Regards

Sicks3c avatar Apr 10 '20 15:04 Sicks3c

Thank you for the feedback.

I've just updated some fuzz signature from my config to resolve that issue https://github.com/jaeles-project/jaeles-signatures/blob/master/fuzz/open-redirect/open-redirect-param-base.yaml https://github.com/jaeles-project/jaeles-signatures/blob/master/fuzz/open-redirect/open-redirect-param.yaml

Let me know if you have any issue.

j3ssie avatar Apr 14 '20 17:04 j3ssie

Thank you for the fast reply But apperantly after the change it get stuck like that stuck

Sicks3c avatar Apr 14 '20 21:04 Sicks3c

Oops, forget to update the path one. It should be like this one. Screenshot from 2020-04-15 11-06-51

j3ssie avatar Apr 15 '20 04:04 j3ssie

Hello @j3ssie

Hope you are doing good Thank again for the tool , I'm wondering if you can make nuclei signatures compatible with jaeles signatures Those signatures those not work with jaeles https://github.com/projectdiscovery/nuclei-templates

Sicks3c avatar Apr 29 '20 13:04 Sicks3c

Tried to make a one of my own failed miserably

name: 'Upload file'
desc: 'Check in HTML if upload is possible'
rules:
    - id: upload-file
      reason: uploading
      detections:
          - >-
            RegexSearch("response", "\u003cinput[^\u003e]+type=[\"']?file[\"']?")

Sicks3c avatar Apr 29 '20 14:04 Sicks3c