Create 14.5.2.yaml

Signed-off-by: Hamed Salimian <[email protected]>
OWASP · Oct 6, 2023 · 5331b72 · 5331b72
1 parent 4a47e7b
commit 5331b72
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/templates/14.5.2.yaml b/templates/14.5.2.yaml
@@ -0,0 +1,48 @@
+id: ASVS-4-0-3-V14-5-2
+
+info:
+  name: ASVS 14.5.2 Check
+  author: Hamed Salimian
+  severity: low
+  classification:
+    cwe-id: CWE-346
+  reference:
+    - https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_2/
+  tags: asvs,14.5.2
+  description: |
+    Verify that the supplied Origin header is not used for authentication or access control decisions, as the Origin header can easily be changed by an attacker.
+
+variables:
+  forbidden_status_code: 403
+
+http:
+  - raw:
+      - |
+        GET {{BaseURL}} HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{origin_schema}}{{origin_host}}{{origin_port}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
+        Accept: */*
+
+    cookie-reuse: true
+    payloads:
+      origin_host:
+        - 127.0.0.1
+        - localhost
+        - '{{resolve("{{FQDN}}")}}'
+      origin_schema:
+        - http://
+        - https://
+      origin_port:
+        -
+        - :80
+        - :443
+    attack: clusterbomb
+
+    stop-at-first-match: true
+    matchers:
+      - type: dsl
+        name: 'Access Restriction Bypass Via Origin Spoof'
+        dsl:
+          - status_code < 210 && status_code >= 200
+          - to_number(forbidden_status_code) != status_code