Closed akincibor closed 2 years ago
@2pifinance can you share the example respose?
nuclei -l target.txt -t cves/2020/CVE-2020-35489.yaml
I got a lot of false positive but only one of them was positive:
[2022-02-23 13:11:35] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:11:36] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt
This CVE impact Contact Form 7 plugin before 5.3.2 and here you will see below that the version is 5.5.3.
echo https://REDACTED/wp-content/plugins/contact-form-7/readme.txt | httpx -debug-resp
HTTP/1.1 200 OK Connection: close Accept-Ranges: bytes Content-Type: text/plain Date: Wed, 23 Feb 2022 12:11:35 GMT Etag: "119c-5d88452622640-gzip" Keep-Alive: timeout=5, max=297 Last-Modified: Mon, 21 Feb 2022 10:01:53 GMT Vary: Accept-Encoding X-Cache-Info: cached
=== Contact Form 7 === Contributors: takayukister Donate link: https://contactform7.com/donate/ Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual Requires at least: 5.7 Tested up to: 5.8 Stable tag: 5.5.3 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html
Just another contact form plugin. Simple but flexible.
== Description ==
Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.
= Docs and support =
You can find docs, FAQ and more detailed information about Contact Form 7 on contactform7.com. When you can't find the answer to your question on the FAQ or in any of the documentation, check the support forum on WordPress.org. If you can't locate any topics that pertain to your particular issue, post a new topic for it.
= Contact Form 7 needs your support =
It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider making a donation. Your donation will help encourage and support the plugin's continued development and better user support.
= Privacy notices =
With the default configuration, this plugin, in itself, does not:
If you activate certain features in this plugin, the contact form submitter's personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider's privacy policy is recommended. These features include:
= Recommended plugins =
The following plugins are recommended for Contact Form 7 users:
= Translations =
You can translate Contact Form 7 on translate.wordpress.org.
== Installation ==
contact-form-7
folder to the /wp-content/plugins/
directory.You will find Contact menu in your WordPress admin screen.
For basic usage, have a look at the plugin's website.
== Frequently Asked Questions ==
Do you have questions or issues with Contact Form 7? Use these support channels appropriately.
== Screenshots ==
== Changelog ==
For more information, see Releases.
= 5.5.3 =
https://contactform7.com/contact-form-7-553/
= 5.5.2 =
= 5.5.1 =
in_array()
call.= 5.5 =
https://contactform7.com/contact-form-7-55/
= 5.4.2 =
https://contactform7.com/contact-form-7-542/
= 5.4.1 =
https://contactform7.com/contact-form-7-541/
= 5.4 =
https://contactform7.com/contact-form-7-54/
== Upgrade Notice == https://REDACTED/wp-content/plugins/contact-form-7/readme.txt
Here with an other target list :
[2022-02-23 13:24:39] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:41] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:42] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:47] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:48] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:49] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt
HTTP response for some:
The first one is real positive with version 5.1.1
HTTP/1.1 200 OK Connection: close Accept-Ranges: bytes Age: 197 Cache-Control: max-age=31622400 Content-Type: text/plain Date: Wed, 23 Feb 2022 12:27:56 GMT Etag: W/"6214dfdc-1de0" Expires: Fri, 24 Feb 2023 12:24:39 GMT Last-Modified: Tue, 22 Feb 2022 13:06:36 GMT Server: nginx Strict-Transport-Security: max-age=300 Traceparent: 00-e5b21efdf0d748fc8fe5ce9634bccfc8-36d9b21ba9594f7f-00 Vary: Accept-Encoding Via: 1.1 varnish, 1.1 varnish X-Cache: MISS, HIT X-Cache-Hits: 0, 1 X-Cloud-Trace-Context: e5b21efdf0d748fc8fe5ce9634bccfc8/3952385979869384575;o=0 X-Pantheon-Styx-Hostname: styx-fe2-b-d8dd6bb59-zlf6l X-Served-By: cache-mdw17349-MDW, cache-cdg20767-CDG X-Styx-Req-Id: 92215681-94a3-11ec-a750-26ee24a5d31a X-Timer: S1645619276.105325,VS0,VE6
=== Contact Form 7 === Contributors: takayukister Donate link: https://contactform7.com/donate/ Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual Requires at least: 4.9 Tested up to: 5.0 Stable tag: 5.1.1 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html
Just another contact form plugin. Simple but flexible.
== Description ==
Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.
= Docs & Support =
You can find docs, FAQ and more detailed information about Contact Form 7 on contactform7.com. If you were unable to find the answer to your question on the FAQ or in any of the documentation, you should check the support forum on WordPress.org. If you can't locate any topics that pertain to your particular issue, post a new topic for it.
= Contact Form 7 Needs Your Support =
It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider making a donation. Your donation will help encourage and support the plugin's continued development and better user support.
= Privacy Notices =
With the default configuration, this plugin, in itself, does not:
If you activate certain features in this plugin, the contact form submitter's personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider's privacy policy is recommended. These features include:
= Recommended Plugins =
The following plugins are recommended for Contact Form 7 users:
= Translations =
You can translate Contact Form 7 on translate.wordpress.org.
== Installation ==
contact-form-7
folder to the /wp-content/plugins/
directory.You will find 'Contact' menu in your WordPress admin panel.
For basic usage, you can also have a look at the plugin web site.
== Frequently Asked Questions ==
Do you have questions or issues with Contact Form 7? Use these support channels appropriately.
== Screenshots ==
== Changelog ==
For more information, see Releases.
= 5.1.1 =
= 5.1 =
= 5.0.5 =
= 5.0.4 =
= 5.0.3 =
= 5.0.2 =
= 5.0.1 =
= 5.0 =
== Upgrade Notice ==
= 5.1.1 =
Read the release announcement post before upgrading. There is an important notice.
= 5.0.4 =
This is a security and maintenance release and we strongly encourage you to update to it immediately. For more information, refer to the release announcement post. https://REDACTED/wp-content/plugins/contact-form-7/readme.txt
This one have 5.3.2 it's a false positive:
HTTP/1.1 200 OK Connection: close Accept-Ranges: bytes Content-Type: text/plain Date: Wed, 23 Feb 2022 12:32:55 GMT Etag: "18ff-5b7af34d543a0-gzip" Last-Modified: Wed, 30 Dec 2020 14:20:17 GMT Server: Apache Upgrade: h2,h2c Vary: Accept-Encoding
=== Contact Form 7 === Contributors: takayukister Donate link: https://contactform7.com/donate/ Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual Requires at least: 5.4 Tested up to: 5.6 Stable tag: 5.3.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html
Just another contact form plugin. Simple but flexible.
== Description ==
Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.
= Docs and support =
You can find docs, FAQ and more detailed information about Contact Form 7 on contactform7.com. When you can't find the answer to your question on the FAQ or in any of the documentation, check the support forum on WordPress.org. If you can't locate any topics that pertain to your particular issue, post a new topic for it.
= Contact Form 7 needs your support =
It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider making a donation. Your donation will help encourage and support the plugin's continued development and better user support.
= Privacy notices =
With the default configuration, this plugin, in itself, does not:
If you activate certain features in this plugin, the contact form submitter's personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider's privacy policy is recommended. These features include:
= Recommended plugins =
The following plugins are recommended for Contact Form 7 users:
= Translations =
You can translate Contact Form 7 on translate.wordpress.org.
== Installation ==
contact-form-7
folder to the /wp-content/plugins/
directory.You will find Contact menu in your WordPress admin screen.
For basic usage, have a look at the plugin's website.
== Frequently Asked Questions ==
Do you have questions or issues with Contact Form 7? Use these support channels appropriately.
== Screenshots ==
== Changelog ==
For more information, see Releases.
= 5.3.2 =
comment_date_gmt
parameter.= 5.3.1 =
last_contacted
parameter based on the submission timestamp.= 5.3 =
wpcf7_form_tag_date_option
.min
and max
options.wpcf7_submission_is_blacklisted
filter hook in favor of wpcf7_submission_has_disallowed_words
.aria-describedby
attribute for invalid fields.= 5.2.2 =
WPCF7_USE_PIPE
constant value was false.wpcf7_doing_it_wrong()
function.trigger_error()
function’s $error_type
parameter explicitly.wpcf7_special_mail_tags
filter functions’ $mail_tag
parameter optional.= 5.2.1 =
permission_callback
argument to every endpoint definition.id()
instead of id
, if available.free_text
option did not work correctly with the exclusive
option.wpcf7_mail_tag_replaced
filters even when the $posted_data
is null.= 5.2 =
$posted_data_hash
and $skip_spam_check
properties.wpcf7_skip_spam_check
filter hook.pref()
method.wpcf7_ajax_json_echo
and wpcf7_ajax_onload
filter hooks and introduces the wpcf7_feedback_response
and wpcf7_refill_response
filter hooks as alternatives.form
element’s class
attribute.g-recaptcha-response
to _wpcf7_recaptcha_response
.== Upgrade Notice == https://REDACTED/wp-content/plugins/contact-form-7/readme.txt
Nuclei Version:
Latest
Template file:
cves/2020/CVE-2020-35489.yaml
Command to reproduce:
I got positive for this, there is ^ before = in the regex :
== Changelog ==
For more information, see Releases.
= 5.5.4 =
https://contactform7.com/contact-form-7-554/
= 5.5.3 =
https://contactform7.com/contact-form-7-553/
= 5.5.2 =
= 5.5.1 =
in_array()
call.= 5.5 =
https://contactform7.com/contact-form-7-55/
= 5.4.2 =
https://contactform7.com/contact-form-7-542/
= 5.4.1 =
https://contactform7.com/contact-form-7-541/
= 5.4 =
https://contactform7.com/contact-form-7-54/
== Upgrade Notice ==