-
Notifications
You must be signed in to change notification settings - Fork 272
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e8796cb
commit d49338d
Showing
92 changed files
with
5,369 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20241108 | ||
20241109 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
id: apache-buffer-overflow | ||
|
||
info: | ||
name: Apache HTTP Server Outdated Version - Buffer Overflow | ||
author: AV10V | ||
severity: high | ||
description: | | ||
This template checks for outdated Apache HTTP Server versions that might be susceptible to a buffer overflow vulnerability. | ||
It sends a request to retrieve the server version and matches against known vulnerable versions. | ||
http: | ||
- raw: | ||
- | | ||
HEAD / HTTP/1.1 | ||
Host: {{Hostname}} | ||
User-Agent: Nuclei | ||
matchers-condition: and | ||
matchers: | ||
- type: regex | ||
part: header | ||
regex: | ||
- "Server: Apache/2\\.2\\.[0-8]" | ||
- type: word | ||
part: header | ||
words: | ||
- "Apache" |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2018-5158-67138bc530fcbd1f4c3ec3156662b94e.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2018-5158-67138bc530fcbd1f4c3ec3156662b94e | ||
|
||
info: | ||
name: > | ||
pdf.js < 2.0.943 - Authenticated (Author+) Stored Cross-Site Scripting | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The Algori PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to the use of a vulnerable version of pdf.js in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd66329-098e-4adf-b66f-d82a47720629?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | ||
cvss-score: 6.4 | ||
cve-id: CVE-2018-5158 | ||
metadata: | ||
fofa-query: "wp-content/plugins/algori-pdf-viewer/" | ||
google-query: inurl:"/wp-content/plugins/algori-pdf-viewer/" | ||
shodan-query: 'vuln:CVE-2018-5158' | ||
tags: cve,wordpress,wp-plugin,algori-pdf-viewer,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/algori-pdf-viewer/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "algori-pdf-viewer" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.0.7') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10187-2566d733855ca241bfb10537fd632ddf | ||
|
||
info: | ||
name: > | ||
myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/23a081d4-443d-4b3b-8c89-9eb0e23c961e?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | ||
cvss-score: 6.4 | ||
cve-id: CVE-2024-10187 | ||
metadata: | ||
fofa-query: "wp-content/plugins/mycred/" | ||
google-query: inurl:"/wp-content/plugins/mycred/" | ||
shodan-query: 'vuln:CVE-2024-10187' | ||
tags: cve,wordpress,wp-plugin,mycred,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "mycred" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.7.4') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-10261-13a111b77ff7242b7fd206b696ded4b9.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10261-13a111b77ff7242b7fd206b696ded4b9 | ||
|
||
info: | ||
name: > | ||
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution | ||
author: topscoder | ||
severity: high | ||
description: > | ||
The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | ||
cvss-score: 7.3 | ||
cve-id: CVE-2024-10261 | ||
metadata: | ||
fofa-query: "wp-content/plugins/paid-member-subscriptions/" | ||
google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/" | ||
shodan-query: 'vuln:CVE-2024-10261' | ||
tags: cve,wordpress,wp-plugin,paid-member-subscriptions,high | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/paid-member-subscriptions/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "paid-member-subscriptions" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.13.0') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10269-de3e977fc48c497bbd319154dc08b47e | ||
|
||
info: | ||
name: > | ||
Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5fbc0866-1e9d-457a-8ef3-fb046c89c1dd?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | ||
cvss-score: 6.4 | ||
cve-id: CVE-2024-10269 | ||
metadata: | ||
fofa-query: "wp-content/plugins/easy-svg/" | ||
google-query: inurl:"/wp-content/plugins/easy-svg/" | ||
shodan-query: 'vuln:CVE-2024-10269' | ||
tags: cve,wordpress,wp-plugin,easy-svg,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/easy-svg/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "easy-svg" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 3.7') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-10284-678b4260d3f280e8339a3c114f9bd9d3.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10284-678b4260d3f280e8339a3c114f9bd9d3 | ||
|
||
info: | ||
name: > | ||
CE21 Suite <= 2.2.0 - Authentication Bypass | ||
author: topscoder | ||
severity: critical | ||
description: > | ||
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/45d66743-300e-480d-98b8-99dc30b6e786?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||
cvss-score: 9.8 | ||
cve-id: CVE-2024-10284 | ||
metadata: | ||
fofa-query: "wp-content/plugins/ce21-suite/" | ||
google-query: inurl:"/wp-content/plugins/ce21-suite/" | ||
shodan-query: 'vuln:CVE-2024-10284' | ||
tags: cve,wordpress,wp-plugin,ce21-suite,critical | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/ce21-suite/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "ce21-suite" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.2.0') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-10285-0149e578f9b391b0d38534038361bcfd.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10285-0149e578f9b391b0d38534038361bcfd | ||
|
||
info: | ||
name: > | ||
CE21 Suite <= 2.2.0 - JWT Token Disclosure | ||
author: topscoder | ||
severity: critical | ||
description: > | ||
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||
cvss-score: 9.8 | ||
cve-id: CVE-2024-10285 | ||
metadata: | ||
fofa-query: "wp-content/plugins/ce21-suite/" | ||
google-query: inurl:"/wp-content/plugins/ce21-suite/" | ||
shodan-query: 'vuln:CVE-2024-10285' | ||
tags: cve,wordpress,wp-plugin,ce21-suite,critical | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/ce21-suite/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "ce21-suite" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.2.0') |
Oops, something went wrong.