Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Brandfolder - Open Redirect (RFI & LFI)

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Brandfolder - Open Redirect (RFI & LFI)" module?

The "WordPress Brandfolder - Open Redirect (RFI & LFI)" module is designed to detect vulnerabilities in the WordPress Brandfolder plugin. It specifically targets the "callback.php" endpoint and checks for remote/local file inclusion (RFI/LFI) vulnerabilities. This module was authored by 0x_Akoko and has a medium severity rating.


If exploited, this vulnerability allows remote attackers to inject an arbitrary URL into the "callback.php" endpoint via the "wp_abspath" parameter. This can result in the victim being redirected to the injected URL, potentially leading to further attacks or unauthorized access.

How does the module work?

The module sends a GET request to the following path: /wp-content/plugins/brandfolder/callback.php?wp_abspath=

The module then uses a regular expression matcher to check if the response header contains a redirect to a URL that matches the pattern ^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$.

If the response header matches the specified pattern, the module reports a vulnerability.



Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?://|/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability