-
Notifications
You must be signed in to change notification settings - Fork 295
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
65605c4
commit 942d4ab
Showing
209 changed files
with
11,245 additions
and
731 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 20240822 | ||
| 20240823 |
59 changes: 59 additions & 0 deletions
59
poc/auth/login-as-users-0e39f1f2ee0d17c654853b5f04aceb5b.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: login-as-users-0e39f1f2ee0d17c654853b5f04aceb5b | ||
|
|
||
| info: | ||
| name: > | ||
| Login As Users <= 1.4.2 - Authentication Bypass | ||
| author: topscoder | ||
| severity: critical | ||
| description: > | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a0d7a9-374b-430d-a7e5-3c7cdaff5785?source=api-scan | ||
| classification: | ||
| cvss-metrics: | ||
| cvss-score: | ||
| cve-id: | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/login-as-users/" | ||
| google-query: inurl:"/wp-content/plugins/login-as-users/" | ||
| shodan-query: 'vuln:' | ||
| tags: cve,wordpress,wp-plugin,login-as-users,critical | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/login-as-users/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "login-as-users" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 1.4.2') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: mycred-0ba5901497b34cfef40a203e86fad82f | ||
|
|
||
| info: | ||
| name: > | ||
| myCred <= 2.7.2 - Unauthenticated PHP Object Injection | ||
| author: topscoder | ||
| severity: critical | ||
| description: > | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/44ea3322-10f6-4f52-8fa8-8cc2632b67ce?source=api-scan | ||
| classification: | ||
| cvss-metrics: | ||
| cvss-score: | ||
| cve-id: | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/mycred/" | ||
| google-query: inurl:"/wp-content/plugins/mycred/" | ||
| shodan-query: 'vuln:' | ||
| tags: cve,wordpress,wp-plugin,mycred,critical | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "mycred" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 2.7.2') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: mycred-5b86df80efa6b07ad02aa927c0bbfb50 | ||
|
|
||
| info: | ||
| name: > | ||
| myCred <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | ||
| author: topscoder | ||
| severity: low | ||
| description: > | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/69695e2e-2086-4d50-8518-0b2f5ab9ea56?source=api-scan | ||
| classification: | ||
| cvss-metrics: | ||
| cvss-score: | ||
| cve-id: | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/mycred/" | ||
| google-query: inurl:"/wp-content/plugins/mycred/" | ||
| shodan-query: 'vuln:' | ||
| tags: cve,wordpress,wp-plugin,mycred,low | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "mycred" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 2.7.2') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2024-28000 | ||
|
|
||
| info: | ||
| name: > | ||
| LiteSpeed Cache <= 6.3.0.1 - Unauthenticated Privilege Escalation | ||
| author: topscoder | ||
| severity: critical | ||
| description: > | ||
| The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.3.0.1. This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator, if they have access to a valid hash which can be found in the debug logs or brute forced. This makes it possible for unauthenticated attackers to spoof their user ID to that of an administrator, and then create a new user account with the administrator role utilizing the /wp-json/wp/v2/users REST API endpoint. In some environments, the crawler may be disabled making this a non-exploitable issue in those instances. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/104badec-6e6e-44bb-936b-d135dd80890d?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||
| cvss-score: 9.8 | ||
| cve-id: CVE-2024-28000 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/litespeed-cache/" | ||
| google-query: inurl:"/wp-content/plugins/litespeed-cache/" | ||
| shodan-query: 'vuln:CVE-2024-28000' | ||
| tags: cve,wordpress,wp-plugin,litespeed-cache,critical | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "litespeed-cache" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 6.3.0.1') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-35768-1f25d9ae7e4422f1fede1a610a06c13f.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2024-35768-1f25d9ae7e4422f1fede1a610a06c13f | ||
|
|
||
| info: | ||
| name: > | ||
| Page Builder: Live Composer <= 1.5.47 - Authenticated (Author+) Stored Cross-Site Scripting | ||
| author: topscoder | ||
| severity: low | ||
| description: > | ||
| The Page Builder: Live Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.47 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e661d3c-8acf-48c2-9e54-6913c65a46aa?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | ||
| cvss-score: 6.4 | ||
| cve-id: CVE-2024-35768 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/live-composer-page-builder/" | ||
| google-query: inurl:"/wp-content/plugins/live-composer-page-builder/" | ||
| shodan-query: 'vuln:CVE-2024-35768' | ||
| tags: cve,wordpress,wp-plugin,live-composer-page-builder,low | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/live-composer-page-builder/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "live-composer-page-builder" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 1.5.47') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-38675-2521ccef87d99c1d3555b4d5b192db9a.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2024-38675-2521ccef87d99c1d3555b4d5b192db9a | ||
|
|
||
| info: | ||
| name: > | ||
| Arkhe Blocks <= 2.22.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | ||
| author: topscoder | ||
| severity: low | ||
| description: > | ||
| The Arkhe Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.22.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/1079282d-3183-4190-8a54-d6085d27935a?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | ||
| cvss-score: 6.4 | ||
| cve-id: CVE-2024-38675 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/arkhe-blocks/" | ||
| google-query: inurl:"/wp-content/plugins/arkhe-blocks/" | ||
| shodan-query: 'vuln:CVE-2024-38675' | ||
| tags: cve,wordpress,wp-plugin,arkhe-blocks,low | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/arkhe-blocks/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "arkhe-blocks" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 2.22.1') |
Oops, something went wrong.