From e89760c89ca9aa6620c4a75f29bfbf4fa9486def Mon Sep 17 00:00:00 2001 From: lulz <39673284+Udyz@users.noreply.github.com> Date: Mon, 31 May 2021 14:23:44 +0700 Subject: [PATCH 1/3] Create wp-statistics-blindsql.yaml --- .../wordpress/wp-statistics-blindsql.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 vulnerabilities/wordpress/wp-statistics-blindsql.yaml diff --git a/vulnerabilities/wordpress/wp-statistics-blindsql.yaml b/vulnerabilities/wordpress/wp-statistics-blindsql.yaml new file mode 100644 index 0000000000..3fc6f4af66 --- /dev/null +++ b/vulnerabilities/wordpress/wp-statistics-blindsql.yaml @@ -0,0 +1,32 @@ +id: WP-Statistics-BlindSQL +info: + name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection + author: lotusdll + severity: critical + description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability. + reference: | + - https://www.exploit-db.com/exploits/49894 + - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/ + - https://github.com/Udyz/WP-Statistics-BlindSQL + tags: unauth,blindsql,wordpress + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "WP Statistics" + part: body + + - type: regex + regex: + - 'Stable tag\: [1][3]\.[0].([1]|[2]|[3]|[4]|[5]|[6]|[7])|[1][3]\.[0]' + part: body From 2b1a39cbab61a2f6eae1eca53eefa0d3a1f3b8a0 Mon Sep 17 00:00:00 2001 From: lulz <39673284+Udyz@users.noreply.github.com> Date: Mon, 31 May 2021 14:39:15 +0700 Subject: [PATCH 2/3] Update wp-statistics-blindsql.yaml --- vulnerabilities/wordpress/wp-statistics-blindsql.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-statistics-blindsql.yaml b/vulnerabilities/wordpress/wp-statistics-blindsql.yaml index 3fc6f4af66..40730242cd 100644 --- a/vulnerabilities/wordpress/wp-statistics-blindsql.yaml +++ b/vulnerabilities/wordpress/wp-statistics-blindsql.yaml @@ -28,5 +28,5 @@ requests: - type: regex regex: - - 'Stable tag\: [1][3]\.[0].([1]|[2]|[3]|[4]|[5]|[6]|[7])|[1][3]\.[0]' + - 'Stable tag\: [1][3]\.[0].([1]|[2]|[3]|[4]|[5]|[6]|[7])|[1][3]\.[0]$' part: body From 8d3f2e3604ea197ead0fe360e4f9e1bd4f9d2de4 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Mon, 31 May 2021 17:29:52 +0530 Subject: [PATCH 3/3] misc changes --- ...atistics-blindsql.yaml => wp-plugin-statistics-sqli.yaml} | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) rename vulnerabilities/wordpress/{wp-statistics-blindsql.yaml => wp-plugin-statistics-sqli.yaml} (92%) diff --git a/vulnerabilities/wordpress/wp-statistics-blindsql.yaml b/vulnerabilities/wordpress/wp-plugin-statistics-sqli.yaml similarity index 92% rename from vulnerabilities/wordpress/wp-statistics-blindsql.yaml rename to vulnerabilities/wordpress/wp-plugin-statistics-sqli.yaml index 40730242cd..da683968f2 100644 --- a/vulnerabilities/wordpress/wp-statistics-blindsql.yaml +++ b/vulnerabilities/wordpress/wp-plugin-statistics-sqli.yaml @@ -1,4 +1,5 @@ -id: WP-Statistics-BlindSQL +id: wp-plugin-statistics-sqli + info: name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection author: lotusdll @@ -8,7 +9,7 @@ info: - https://www.exploit-db.com/exploits/49894 - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/ - https://github.com/Udyz/WP-Statistics-BlindSQL - tags: unauth,blindsql,wordpress + tags: wordpress,wp-plugin,unauth,sqli,blind requests: - method: GET