Open Redirect: Cartoon Network

calendar Mar 18, 2025  ยท
Share on: linkedin copy

This rule detects the use of Cartoon Network's Denmark domain as an open redirect.

Sublime rule (View on GitHub)

 1name: "Open Redirect: Cartoon Network"
 2description: "This rule detects the use of Cartoon Network's Denmark domain as an open redirect."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and any(body.links,
 8          .href_url.domain.sld == 'cartoonnetwork'
 9           // it has to be www. - not hitting the www doesn't work
10          and .href_url.domain.subdomain == 'www'
11          // the path startswith a double //
12          and strings.starts_with(.href_url.path, '//')
13          // the path has to end in a trailing /
14          and strings.ends_with(.href_url.path, '/')
15   )  
16attack_types:
17  - "Credential Phishing"
18  - "Spam"
19tactics_and_techniques:
20  - "Open redirect"
21  - "Evasion"
22detection_methods:
23  - "Content analysis"
24  - "URL analysis"
25id: "7435e057-5abb-55b4-b1da-f1b6ec191c33"
to-top