forked from adysec/nuclei_poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGoogleAlertandtwitterplugin-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
58 lines (51 loc) · 2.22 KB
/
GoogleAlertandtwitterplugin-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
id: GoogleAlertandtwitterplugin-plugin-d41d8cd98f00b204e9800998ecf8427e
info:
name: >
Google Alert and Twitter Plugin <= 3.1.5 - Multiple Vulnerabilities
author: topscoder
severity: critical
description: >
The Google Alert and Twitter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The plugin is also vulnerable to generic SQL Injection via the ‘EID’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/181e41d6-1599-4229-ace8-0bdb5735858f?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id:
metadata:
fofa-query: "wp-content/plugins/GoogleAlertandtwitterplugin/"
google-query: inurl:"/wp-content/plugins/GoogleAlertandtwitterplugin/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,GoogleAlertandtwitterplugin,critical
http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/GoogleAlertandtwitterplugin/readme.txt"
extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"
- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "GoogleAlertandtwitterplugin"
part: body
- type: dsl
dsl:
- compare_versions(version, '3.1.5')