Update CVE-2015-2863.yaml

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

https://github.com/projectdiscovery/nuclei

MIT License

8.2k stars 2.37k forks source link

Update CVE-2015-2863.yaml #9793

Closed Ahsraeisi closed 2 weeks ago

Ahsraeisi commented 2 weeks ago

False Positive mitigation

ritikchaddha commented 2 weeks ago

Hi there, @Ahsraeisi. Could you please explain the type of FP results you are getting with this regex?

Ahsraeisi commented 2 weeks ago

Sure. For example, the old regex considers Location: example.com or Location: .example.com as an Open Redirect. However, browsers consider this as an internal redirection.

Ex: https://labs.hackxpert.com/OPENREDIRECT/10.php?url=example.com

Look at this: https://regex101.com/r/1XwU1f/1

@ritikchaddha