Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress All-in-One Security <=4.4.1 - Open Redirect

By kannthu

Medium
Vidoc logoVidoc Module
#wp-plugin#redirect#wordpress#wp#wpscan
Description

What is the "WordPress All-in-One Security <=4.4.1 - Open Redirect?" module?

The "WordPress All-in-One Security <=4.4.1 - Open Redirect" module is a test case designed to detect an open redirect vulnerability in the WordPress All-in-One Security plugin up to version 4.4.1. This vulnerability can expose the actual URL of the hidden login page feature, potentially allowing attackers to redirect users to malicious websites.

This module has a medium severity rating, indicating that it poses a moderate risk to the security of the affected WordPress installations.

This module was authored by akincibor.

Impact

If successfully exploited, the open redirect vulnerability in the WordPress All-in-One Security plugin can be used by attackers to trick users into visiting malicious websites. This can lead to various security risks, such as phishing attacks, malware infections, or unauthorized access to sensitive information.

How does the module work?

The module works by sending a specific HTTP request to the target WordPress website and then applying matching conditions to determine if the open redirect vulnerability is present. The request path used in this module is:

/?aiowpsec_do_log_out=1&after_logout=https://interact.sh

The module uses a regular expression matcher to check the response header for a specific pattern indicating an open redirect. The regular expression used is:

(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$

If the response header matches the regular expression, the module reports the vulnerability.

It's important to note that this module is just one test case among many that can be performed using the Vidoc platform to scan for vulnerabilities, misconfigurations, or software fingerprints.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/?aiowpsec_do_log_ou...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?:\/\/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability