Access Control: Wordpress Oembed Proxy - Server-side request forgery¶
Identifier:
wordpress_ssrf_oembed
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
WordPress oEmbed feature allows embedding content from external sources and can be exploited for server-side request forgery if not properly secured.
How we test: We test for SSRF vulnerabilities in WordPress oEmbed by injecting URLs pointing to internal services or our callback server and analyzing responses to detect if requests are made to the specified URLs.
Reference:
- https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
- https://github.com/incogbyte/quickpress/blob/master/core/req.go
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.