Update music-store-open-redirect.yaml

2022-02-15 03:10:01 +05:30 · 2022-02-15 03:10:01 +05:30 · 2d745615c5
parent 94005a6d19
commit 2d745615c5
1 changed files with 6 additions and 8 deletions
--- a/vulnerabilities/wordpress/music-store-open-redirect.yaml
+++ b/vulnerabilities/wordpress/music-store-open-redirect.yaml
@ -5,22 +5,20 @@ info:
  author: dhiyaneshDk
  severity: medium
  description: The Music Store – WordPress eCommerce WordPress plugin was affected by a Referer Header Open Redirect security vulnerability.
-  reference: https://wpscan.com/vulnerability/d73f6575-eb86-480c-bde1-f8765870cdd1
-  tags: wordpress,redirect,wp-plugin,musicstore
+  reference:
+    - https://wpscan.com/vulnerability/d73f6575-eb86-480c-bde1-f8765870cdd1
+    - https://seclists.org/fulldisclosure/2015/Jul/113
+  tags: wordpress,redirect,wp-plugin,musicstore,wp

 requests:
  - raw:
      - |
        GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1
        Host: {{Hostname}}
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
        Referer: https://example.com
-        Connection: keep-alive

    matchers:
      - type: regex
-        regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1