# # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and # payload crafting functionality. # # Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com) # # ronin-exploits is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ronin-exploits is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ronin-exploits. If not, see . # require 'ronin/exploits/client_side_web_vuln' require 'ronin/vulns/open_redirect' require 'ronin/payloads/url_payload' require 'ronin/payloads/builtin/test/open_redirect' module Ronin module Exploits # # Represents a [Open Redirect] exploit. # # [Open Redirect]: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect # # ## Example # # require 'ronin/exploits/open_redirect' # # module Ronin # module Exploits # class MyExploit < OpenRedirect # # register 'my_exploit' # # base_path '/path/to/page.php' # query_param 'url' # # end # end # end # # @api public # # @since 1.0.0 # class OpenRedirect < ClientSideWebVuln payload_class Payloads::URLPayload references [ 'https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect', 'https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html' ] param :redirect_url, String, desc: 'The URL to redirect to' # # Initializes the Open Redirect exploit and defaults the {#payload} to a # Open Redirect test payload. # # @param [Ronin::Payloads::URLtPayload, String, nil] payload # The payload to use. # def initialize(payload: Payloads::Test::OpenRedirect.new, **kwargs) super(payload: payload, **kwargs) end # # Returns the type or kind of exploit. # # @return [Symbol] # # @note # This is used internally to map an exploit class to a printable type. # # @api private # def self.exploit_type :open_redirect end # # The open redirect vulnerability to exploit. # # @return [Ronin::Vulns::OpenRedirect] # def vuln @vuln ||= Vulns::OpenRedirect.new(url, test_url: params[:redirect_url], **web_vuln_kwargs) end end end end