Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Pie Register < 3.7.2.4 - Open Redirect

By kannthu

Low
Vidoc logoVidoc Module
#redirect#wp-plugin#pieregister#wpscan#wordpress
Description

What is the "WordPress Pie Register < 3.7.2.4 - Open Redirect" module?

The "WordPress Pie Register < 3.7.2.4 - Open Redirect" module is a test case designed to detect an open redirect vulnerability in the WordPress Pie Register plugin version 3.7.2.4 and below. This vulnerability occurs when the plugin passes unvalidated user input to the wp_redirect() function, allowing an attacker to redirect users to a malicious website.

This module has a low severity level, indicating that the impact of the vulnerability is relatively limited.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability in the WordPress Pie Register plugin can be exploited by attackers to trick users into visiting malicious websites. This can lead to various consequences, such as phishing attacks, malware infections, or unauthorized data disclosure.

How does the module work?

The module works by sending a specific HTTP request to the target WordPress website. The request path includes the parameter "?piereg_logout_url=true&redirect_to=https://interact.sh", which triggers the vulnerable code in the WordPress Pie Register plugin.

The module then uses a regular expression matcher to check if the response header contains a redirect location to the domain "interact.sh". If a match is found, the module reports the vulnerability.

It's important to note that this module is part of a larger scanning process performed by the Vidoc platform, which utilizes multiple modules to detect various misconfigurations, vulnerabilities, and software fingerprints.

For more information about this vulnerability, you can refer to the WPScan vulnerability report.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/?piereg_logout_url=...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?://|/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability