Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Eatery 2.2 - Open Redirect

By kannthu

Medium
Vidoc logoVidoc Module
#wordpress#wp-theme#redirect#wp
Description

What is the "WordPress Eatery 2.2 - Open Redirect" module?

The "WordPress Eatery 2.2 - Open Redirect" module is a test case designed to detect an open redirect vulnerability in the WordPress Eatery theme version 2.2. This vulnerability allows an attacker to redirect users to a malicious website by manipulating a user-controlled input that specifies a link to an external site. The severity of this vulnerability is classified as medium, with a CVSS score of 6.1.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability in the WordPress Eatery theme 2.2 can have several potential impacts:

- Users may be redirected to malicious websites, exposing them to phishing attacks or the installation of malware. - Attackers can exploit the vulnerability to bypass security measures and gain unauthorized access to sensitive information. - The reputation and trustworthiness of the affected website may be compromised, leading to a loss of user confidence.

How does the module work?

The "WordPress Eatery 2.2 - Open Redirect" module works by sending a specific HTTP request to the target website and checking for specific conditions to determine if the open redirect vulnerability exists. The module sends a GET request to the path "/wp-content/themes/eatery/nav.php?-Menu-=https://interact.sh/". It then matches the response headers against a regular expression to identify if the "Location" header contains a redirect to a URL that includes "interact.sh". If a match is found, the module reports the vulnerability.

The matching conditions for this module are:

- The response header must contain a "Location" header. - The "Location" header must match the regular expression "(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$".

By analyzing the response headers and matching them against the defined conditions, the module can accurately identify the presence of the open redirect vulnerability in the WordPress Eatery theme 2.2.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/themes/e...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?://|/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability