nuclei-templates/cves/2019/CVE-2019-15858.yaml

id: CVE-2019-15858

info:
  name: Unauthenticated Woody Ad Snippets WordPress Plugin RCE
  author: dwisiswant0 & fmunozs & patralos
  severity: high
  description: |
    This template supports the detection part only. See references.

    admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin
    before 2.2.5 for WordPress allows unauthenticated options import,
    as demonstrated by storing an XSS payload for remote code execution.

    Source/References:
    - https://github.com/GeneralEG/CVE-2019-15858
  tags: cve,cve2019,wordpress,wp-plugin,xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "2.2.5"
        part: body
        negative: true

      - type: word
        words:
          - "Changelog"
        part: body

      - type: word
        words:
          - "Woody ad snippets"
        part: body
misc changes 2021-01-02 04:59:06 +00:00			`id: CVE-2019-15858`
Reintroduce CVE-2019-15858.yaml check Old version had a lot of FP as it did not check if the returned page was acutally the correct readme. So I added a check for the name of the plugin and another one to ensure there is a changelog. This shoud remove almost all false positives. 2020-12-15 01:53:39 +00:00
			`info:`
			`name: Unauthenticated Woody Ad Snippets WordPress Plugin RCE`
			`author: dwisiswant0 & fmunozs & patralos`
			`severity: high`
			`description: \|`
			`This template supports the detection part only. See references.`

			`admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin`
			`before 2.2.5 for WordPress allows unauthenticated options import,`
			`as demonstrated by storing an XSS payload for remote code execution.`

			`Source/References:`
			`- https://github.com/GeneralEG/CVE-2019-15858`
tag improvements 2021-03-18 07:54:36 +00:00			`tags: cve,cve2019,wordpress,wp-plugin,xss`
Reintroduce CVE-2019-15858.yaml check Old version had a lot of FP as it did not check if the returned page was acutally the correct readme. So I added a check for the name of the plugin and another one to ensure there is a changelog. This shoud remove almost all false positives. 2020-12-15 01:53:39 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
			`- "2.2.5"`
			`part: body`
			`negative: true`

			`- type: word`
			`words:`
			`- "Changelog"`
			`part: body`

			`- type: word`
			`words:`
			`- "Woody ad snippets"`
			`part: body`