Skip to content

Commit

Permalink
Enhace the Open Redirect meta redirect regexp (closes #75).
Browse files Browse the repository at this point in the history 
* Match the test URL when it ends with `?...`, `&...`, or `&...`.
* Make the giant regex a little more readable.
* Added more test cases to the specs.
  • Loading branch information
@postmodern
postmodern committed May 25, 2024
1 parent 7fa453a commit 5a95758
Show file tree
Hide file tree
Showing 2 changed files with 469 additions and 4 deletions.
32 changes: 28 additions & 4 deletions lib/ronin/vulns/open_redirect.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,34 @@ def vulnerable?
http-equiv\s*=\s*(?: "refresh" | 'refresh' | refresh )\s+
content\s*=\s*
(?:
"\s*\d+\s*;\s*url\s*=\s*(?: '\s*#{escaped_test_url}\s*' | #{escaped_test_url} )\s*"|
'\s*\d+\s*;\s*url\s*=\s*(?: "\s*#{escaped_test_url}\s*" | #{escaped_test_url} )\s*'|
\s*\d+;url=(?: "#{escaped_test_url}" | '#{escaped_test_url}' | #{escaped_test_url} )
)\s*
# content="..."
"\s*\d+\s*;\s*url\s*=\s*
(?:
# content="0; url='...'"
'\s*#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s'"]+)?\s*' |
# content="0; url=..."
#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s"]+)?
)\s*" |
# content='...'
'\s*\d+\s*;\s*url\s*=\s*
(?:
# content='0; url="..."'
"\s*#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s"']+)?\s*" |
# content='0; url=...'
#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s']+)?
)\s*' |
# content=...
\s*\d+;url=(?:
# content=0;url="..."
"\s*#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s"]+)?\s*" |
# content=0;url='...'
'\s*#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s']+)?\s*' |
# content=0;url=...
#{escaped_test_url}(?:(?:\?|&(amp;)?)[^\s/>]+)?
)
)
\s*
# /> or / >
(?:/\s*)?>
}xi

Expand Down
Loading

0 comments on commit 5a95758

Please sign in to comment.