Merge pull request #9660 from idealphase/main

Update https-to-http-redirect.yaml
projectdiscovery · May 10, 2024 · 6d13aae · 6d13aae
2 parents 3368997 + 6e0963b
commit 6d13aae
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/http/misconfiguration/https-to-http-redirect.yaml b/http/misconfiguration/https-to-http-redirect.yaml
@@ -2,7 +2,7 @@ id: https-to-http-redirect
 
 info:
  name: HTTPS to HTTP redirect Misconfiguration
- author: kazet
+ author: kazet,idealphase
  severity: info
  description: |
  Detects whether there is a redirect from https:// to http://
@@ -16,11 +16,19 @@ http:
  path:
  - "{{BaseURL}}"
 
+ matchers-condition: or
  matchers:
  - type: dsl
  dsl:
  - 'startswith(tolower(location), "http://")'
  - 'startswith(tostring(BaseURL), "https://")'
- - '(status_code == 301 || status_code == 302 || status_code == 307)'
+ - '(status_code == 300 || status_code == 301 || status_code == 302 || status_code == 303 || status_code == 307 || status_code == 308)'
  condition: and
-# digest: 4a0a0047304502206212deffff885bc2abd110b7921124764815e61844a28cf278f271f6d9753151022100861fee57cff6e033d3b77a48aa8a88595f5d7ea267d502b1aadf739e417f6608:922c64590222798bb761d5b6d8e72950
+
+ - type: dsl
+ dsl:
+ - 'startswith(tostring(BaseURL), "https://")'
+ - 'status_code == 200'
+ - 'contains(tolower(body), "<meta http-equiv=\"refresh\" content=\"0; url=http://")'
+ condition: and
+# digest: 4b0a0048304602210095c09fe6d8f15bcb97731bcc870184de2350c35ab0db26b19fc3bbced9862e7b022100fbe5cddc9cf4e2d70fc2e700dbe0c90a05e20536b932ac17e44bb0b83d7edf8c:32bd8904a85baa2268cd2e24368f3b1a
diff --git a/http/technologies/favicon-detect.yaml b/http/technologies/favicon-detect.yaml
@@ -3731,8 +3731,13 @@ http:
  dsl:
  - "status_code==200 && (\"-1599943282\" == mmh3(base64_py(body)))"
 
+ - type: dsl
+ name: "Veeam Service Provider Console"
+ dsl:
+ - "status_code==200 && (\"-1728967963\" == mmh3(base64_py(body)))"
+
  extractors:
  - type: dsl
  dsl:
  - 'mmh3(base64_py(body))'
-# digest: 4a0a00473045022100d5db6ca1e3fae692c3d73e04bb2b8f32fbb0ce71e9dbe0e5e2568124a785b0b902202a8410c129ccda07db2f0cff823f28efc91b909fe40a147716b71e8f016a177e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d5db6ca1e3fae692c3d73e04bb2b8f32fbb0ce71e9dbe0e5e2568124a785b0b902202a8410c129ccda07db2f0cff823f28efc91b909fe40a147716b71e8f016a177e:922c64590222798bb761d5b6d8e72950