id: wordpress-header-footer

info:
  name: Head, Footer and Post Injections Detection
  author: ricardomaia
  severity: info
  reference:
    - https://wordpress.org/plugins/header-footer/
  metadata:
    plugin_namespace: header-footer
    wpscan: https://wpscan.com/plugin/header-footer
  tags: tech,wordpress,wp-plugin,top-200

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/header-footer/readme.txt"

    payloads:
      last_version: helpers/wordpress/plugins/header-footer.txt

    extractors:
      - type: regex
        part: body
        internal: true
        name: internal_detected_version
        group: 1
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

      - type: regex
        part: body
        name: detected_version
        group: 1
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'

    matchers-condition: or
    matchers:
      - type: dsl
        name: "outdated_version"
        dsl:
          - compare_versions(internal_detected_version, concat("< ", last_version))

      - type: regex
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502204c6b989e54a577f130952195038303ff7d9d8b3b688f1dbb901a92b7f7807ff9022100a71b8d7342c56686ce588bc43623994c1ee471d44e59834bd6a31b1da429d09f:922c64590222798bb761d5b6d8e72950