Update CVE-2019-9978.yaml
parent
1e96305cf2
commit
3517bab6cc
|
@ -6,23 +6,25 @@ info:
|
|||
severity: medium
|
||||
description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
|
||||
reference: https://github.com/mpgn/CVE-2019-9978
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2019-9978
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-admin/admin-post.php?swp_debug=load_options&swp_url={{interactsh-url}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "Burp Collabolator Server"
|
||||
part: body
|
||||
- "http"
|
||||
|
|
Loading…
Reference in New Issue