id: wordpress-header-footer

info:
  name: Head, Footer and Post Injections Detection
  author: ricardomaia
  severity: info
  reference:
    - https://wordpress.org/plugins/header-footer/
  metadata:
    max-request: 1
    plugin_namespace: header-footer
    wpscan: https://wpscan.com/plugin/header-footer
  tags: tech,wordpress,wp-plugin,top-200

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/header-footer/readme.txt"

    payloads:
      last_version: helpers/wordpress/plugins/header-footer.txt

    extractors:
      - type: regex
        part: body
        internal: true
        name: internal_detected_version
        group: 1
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

      - type: regex
        part: body
        name: detected_version
        group: 1
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

    matchers-condition: or
    matchers:
      - type: dsl
        name: "outdated_version"
        dsl:
          - compare_versions(internal_detected_version, concat("< ", last_version))

      - type: regex
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

# digest: 490a00463044022055a7c00fce3adb23ca6e5b189f80c31ad9e00b552179ab934e079588f0ba35ad022031cdbba936a1140a989801c53c2737ab6a97b233cf818b2ca5ede030d997a023:922c64590222798bb761d5b6d8e72950