nuclei-templates/vulnerabilities/wordpress/attitude-theme-open-redirec...

id: attitude-theme-open-redirect

info:
  name: WordPress Attitude Themes 1.1.1 Open Redirection
  author: 0x_Akoko
  severity: low
  reference: https://cxsecurity.com/issue/WLB-2020030185
  tags: wordpress,wp-plugin,redirect

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/themes/Attitude/go.php?https://example.com/"

    matchers:
      - type: regex
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
        part: header
Update and rename attitude-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/attitude-theme-open-redirect.yaml 2021-09-17 09:38:59 +00:00			`id: attitude-theme-open-redirect`
Create attitude-wp-theme-open-redirect.yaml 2021-09-17 09:04:38 +00:00
			`info:`
			`name: WordPress Attitude Themes 1.1.1 Open Redirection`
			`author: 0x_Akoko`
			`severity: low`
Update and rename attitude-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/attitude-theme-open-redirect.yaml 2021-09-17 09:38:59 +00:00			`reference: https://cxsecurity.com/issue/WLB-2020030185`
			`tags: wordpress,wp-plugin,redirect`
Create attitude-wp-theme-open-redirect.yaml 2021-09-17 09:04:38 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wp-content/themes/Attitude/go.php?https://example.com/"`

			`matchers:`
			`- type: regex`
			`regex:`
			`- '(?m)^(?:Location\s?:\s?)(?:https?://\|//)?(?:[a-zA-Z0-9\-_\.@])example\.com.$'`
			`part: header`