forked from adysec/nuclei_poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaccesspress-social-icons-d41d8cd98f00b204e9800998ecf8427e.yaml
56 lines (48 loc) · 1.49 KB
/
accesspress-social-icons-d41d8cd98f00b204e9800998ecf8427e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
id: accesspress-social-icons-d41d8cd98f00b204e9800998ecf8427e
info:
name: "AccessPress Social Icons <= 1.6.6 - Cross-Site Scripting"
author: topscoder
severity: high
description: "The AccessPress Social Icons plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser."
reference:
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/accesspress-social-icons/"
google-query: inurl:"/wp-content/plugins/accesspress-social-icons/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,accesspress-social-icons,high
http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/accesspress-social-icons/readme.txt"
extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"
- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "accesspress-social-icons"
part: body
- type: dsl
dsl:
- compare_versions(version, '<= 1.6.6')