Update open-redirect.yaml

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

https://github.com/projectdiscovery/nuclei

MIT License

8.2k stars 2.37k forks source link

Update open-redirect.yaml #9777

Closed Ahsraeisi closed 2 weeks ago

Ahsraeisi commented 2 weeks ago

Updating regex block for false positive mitigation.

GeorginaReeder commented 2 weeks ago

Thanks so much for opening this PR @Ahsraeisi , we appreciate it!

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

Ahsraeisi commented 2 weeks ago

Explanation: For example, the old regex considers Location: example.com or Location: .example.com as an Open Redirect. However, browsers consider this as an internal redirection.

Ex: https://labs.hackxpert.com/OPENREDIRECT/10.php?url=example.com

Look at this: https://regex101.com/r/1XwU1f/1