2021-10-06 05:29:48 +00:00
id : ultimatemember-open-redirect
2021-10-05 23:49:24 +00:00
info :
name : Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
author : 0x_Akoko
severity : medium
2021-10-21 11:25:28 +00:00
description : The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.
2022-04-22 10:38:41 +00:00
reference :
- https://wpscan.com/vulnerability/97823f41-7614-420e-81b8-9e735e4c203f
2021-10-06 05:29:48 +00:00
tags : wp-plugin,redirect,wordpress
2021-10-05 23:49:24 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/register/?redirect_to=https://example.com/"
matchers :
- type : regex
regex :
2021-10-06 05:29:48 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
2021-10-05 23:49:24 +00:00
part : header