Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress ProStore <1.1.3 - Open Redirect

By kannthu

Low
Vidoc logoVidoc Module
#wordpress#wp-theme#redirect#wpscan
Description

What is the "WordPress ProStore <1.1.3 - Open Redirect" module?

The "WordPress ProStore <1.1.3 - Open Redirect" module is designed to detect an open redirect vulnerability in the WordPress ProStore theme before version 1.1.3. This vulnerability allows an attacker to redirect users to a malicious website, potentially leading to the disclosure of sensitive information, unauthorized data modification, or execution of unauthorized operations. The severity of this vulnerability is classified as low.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability in the WordPress ProStore theme can have several negative impacts, including:

- Potential disclosure of sensitive information - Possible modification of data - Execution of unauthorized operations

How does the module work?

The "WordPress ProStore <1.1.3 - Open Redirect" module works by sending an HTTP GET request to the following path: /wp-content/themes/prostore/go.php?https://interact.sh/. It then checks the response headers for a specific pattern using regular expressions. If the response header contains a location that matches the pattern, the module considers it a match.

The matching condition used in this module is a regular expression that looks for the presence of a location header containing a URL that starts with https://interact.sh/. If the condition is met, the module reports the vulnerability.

For more information, you can refer to the WordPress ProStore Open Redirect vulnerability on WPScan.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/themes/p...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?://|/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability