Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Brandfolder - Open Redirect (RFI & LFI)" module is designed to detect vulnerabilities in the WordPress Brandfolder plugin. It specifically targets the "callback.php" endpoint and checks for remote/local file inclusion (RFI/LFI) vulnerabilities. This module was authored by 0x_Akoko and has a medium severity rating.
If exploited, this vulnerability allows remote attackers to inject an arbitrary URL into the "callback.php" endpoint via the "wp_abspath" parameter. This can result in the victim being redirected to the injected URL, potentially leading to further attacks or unauthorized access.
The module sends a GET request to the following path: /wp-content/plugins/brandfolder/callback.php?wp_abspath=https://interact.sh/
The module then uses a regular expression matcher to check if the response header contains a redirect to a URL that matches the pattern ^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$
.
If the response header matches the specified pattern, the module reports a vulnerability.
Reference