Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Parameter Based Generic OOB Interaction

By kannthu

Informative
Vidoc logoVidoc Module
#oast#ssrf#generic
Description

What is the "Parameter Based Generic OOB Interaction?"

The "Parameter Based Generic OOB Interaction" module is designed to detect a misconfiguration in the target software. It focuses on identifying a vulnerability related to out-of-band (OOB) interactions through parameter-based requests. This module has an informative severity level and was authored by pdteam.

Impact

This module detects a scenario where the remote server fetches a spoofed URL from the request parameters. This can potentially lead to security issues, as it may allow an attacker to manipulate the server's behavior or exploit vulnerabilities in the software.

How the module works?

The module works by sending a GET request with specific parameters to the target server. It then checks for a matching condition related to the "interactsh_protocol" in the response. If the condition is met, it indicates the presence of the vulnerability.

Here is an example of the HTTP request sent by the module:

GET /?u=http://{%InteractionURL%}/&href=http://{%InteractionURL%}/&action=http://{%InteractionURL%}/&host={%InteractionURL%}&http_host={%InteractionURL%}&email=root@{%InteractionURL%}&url=http://{%InteractionURL%}/&load=http://{%InteractionURL%}/&preview=http://{%InteractionURL%}/&target=http://{%InteractionURL%}/&proxy=http://{%InteractionURL%}/&from=http://{%InteractionURL%}/&src=http://{%InteractionURL%}/&ref=http://{%InteractionURL%}/&referrer=http://{%InteractionURL%}/ HTTP/1.1

The module's matching condition checks for the presence of the "http" word in the "interactsh_protocol" part of the response. If this condition is met, it indicates a potential vulnerability.

For more information, you can refer to the Collaborator Everywhere GitHub repository.

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/?u=http://{%Interac...
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability