daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2021/CVE-2021-25074.yaml

26 lines
982 B
YAML
Raw Normal View History

template id update
2022-02-22 13:23:25 +00:00
id: CVE-2021-25074
Create webp-coverter-open-redirect.yaml
2022-02-12 16:49:24 +00:00
info:
name: WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
author: dhiyaneshDk
severity: medium
description: The plugin contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue.
reference: https://wpscan.com/vulnerability/f3c0a155-9563-4533-97d4-03b9bac83164
template id update
2022-02-22 13:23:25 +00:00
tags: cve,cve2021,wordpress,redirect,wp-plugin,webpconverter
Auto Generated CVE annotations [Tue Feb 22 13:26:30 UTC 2022] :robot:
2022-02-22 13:26:30 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-25074
cwe-id: CWE-601
Create webp-coverter-open-redirect.yaml
2022-02-12 16:49:24 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://example.com"
matchers:
- type: regex
part: header
Update webp-coverter-open-redirect.yaml
2022-02-15 11:22:00 +00:00
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1