id: wordpress-header-footer

info:
  name: Head, Footer and Post Injections Detection
  author: ricardomaia
  severity: info
  reference:
    - https://wordpress.org/plugins/header-footer/
  metadata:
    plugin_namespace: header-footer
    wpscan: https://wpscan.com/plugin/header-footer
  tags: tech,wordpress,wp-plugin,top-200

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/header-footer/readme.txt"

    payloads:
      last_version: helpers/wordpress/plugins/header-footer.txt

    extractors:
      - type: regex
        part: body
        internal: true
        name: internal_detected_version
        group: 1
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

      - type: regex
        part: body
        name: detected_version
        group: 1
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

    matchers-condition: or
    matchers:
      - type: dsl
        name: "outdated_version"
        dsl:
          - compare_versions(internal_detected_version, concat("< ", last_version))

      - type: regex
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502204750336747711b58f68c42bd01177d15c34ad6b0984bf4eff163c78dacef77d9022100fc357466879c3ab4006036162a713c46ff0ea348584b5e92655c7bf68e26faf4:922c64590222798bb761d5b6d8e72950