rules: r0: request: method: GET path: / headers: X-Forwarded-Host: //xxx follow_redirects: false expression: '"(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)xxx\\.sh.*$".bmatches(response.raw_header)'
国内外均能够进行访问
返回内容简单
不牵扯隐私内容
只
推荐
可以
==
r0: request: cache: true method: GET path: /new/newhttp:/interact.sh? follow_redirects: false expression: response.status == 302 && response.headers["location"] == "http:/interact.sh?" && response.body.bcontains(b"http:/interact.sh?\">Found</a>.")
一个网站并没有Redirect漏洞,但是当我们访问发出的path时,如果系统里并没有对于这条path的路由,也会发生302跳转,同时把访问地址的全部内容(schema+uri+path)全部塞入Location中
Was this page helpful?