Unrelated matches with Open redirect templates
ehsandeep opened this issue · comments
Sandeep Singh commented
There has been many instances where redirect template flagged false positive result as example.com
is being common domain to be used across multiple hosts and available in the response in unrelated cases where host is not vulnerable for open redirect but still marked as valid results as templates are looking for example.com
in the response.
Template file:
All the templates to detect open redirects and using example.com
as payload + matcher.
Command to reproduce:
nuclei -tags redirect
We can update the payload + matchers to look for interact.sh
instead of example.com