Bypass unescaped dot inside regex validation

PortSwigger / url-cheatsheet-data

This is the data that powers the PortSwigger URL validation bypass cheat sheet.

https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet

18 stars 2 forks source link

Bypass unescaped dot inside regex validation #3

Closed hansmach1ne closed 2 weeks ago

hansmach1ne commented 3 weeks ago

If say regex validation is used for vulnerable.test.com Bypass: vulnerableztest.com

Instead of a dot, any character can be used, since dot matches everything. Attacker would need to buy this domain for abuse, though,

d0ge commented 3 weeks ago

Thank you very much for your contribution to the URL validation bypass cheat sheet. Unfortunately, this type of URL validation bypass cannot be achieved with the current JSON files. I will look into how this can be accomplished using advanced settings.

Cheers!

d0ge commented 2 weeks ago

Thank you very much for your contribution to the URL Validation Bypass Cheat Sheet. The unescaped dot in regex validation bypass is now included in the cheat sheet. If you'd like to test it, please enter your test domain into the allowed domain input field. The selected wordlist can be empty for this type of attack.

Cheers!