nuclei-templates/vulnerabilities/wordpress/ultimatemember-open-redirec...

21 lines
738 B
YAML

id: ultimatemember-open-redirect
info:
name: Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
author: 0x_Akoko
severity: medium
description: The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.
reference: https://wpscan.com/vulnerability/97823f41-7614-420e-81b8-9e735e4c203f
tags: wp-plugin,redirect,wordpress
requests:
- method: GET
path:
- "{{BaseURL}}/register/?redirect_to=https://example.com/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
part: header