Merge pull request #1576 from Udyz/patch-1

Create wp-statistics-blindsql.yaml
2021-06-01 11:36:42 +05:30 · 2021-06-01 11:36:42 +05:30 · fdd2103fa1
parent f41ec6bb68 8d3f2e3604
commit fdd2103fa1
1 changed files with 33 additions and 0 deletions
--- a/vulnerabilities/wordpress/wp-plugin-statistics-sqli.yaml
+++ b/vulnerabilities/wordpress/wp-plugin-statistics-sqli.yaml
@ -0,0 +1,33 @@
+id: wp-plugin-statistics-sqli
+
+info:
+  name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection
+  author: lotusdll
+  severity: critical
+  description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability.
+  reference: |
+    - https://www.exploit-db.com/exploits/49894
+    - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
+    - https://github.com/Udyz/WP-Statistics-BlindSQL
+  tags: wordpress,wp-plugin,unauth,sqli,blind
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "WP Statistics"
+        part: body
+
+      - type: regex
+        regex:
+          - 'Stable tag\: [1][3]\.[0].([1]|[2]|[3]|[4]|[5]|[6]|[7])|[1][3]\.[0]$'
+        part: body