21 lines
738 B
YAML
21 lines
738 B
YAML
id: ultimatemember-open-redirect
|
|
|
|
info:
|
|
name: Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
|
|
author: 0x_Akoko
|
|
severity: medium
|
|
description: The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.
|
|
reference: https://wpscan.com/vulnerability/97823f41-7614-420e-81b8-9e735e4c203f
|
|
tags: wp-plugin,redirect,wordpress
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/register/?redirect_to=https://example.com/"
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
|
|
part: header
|