create 'wp_plugin_cve_2023_47668_vuln' (#1029)

* create 'wp_plugin_cve_2023_47668_vuln' * Update wp_plugin_cve_2023_47668.yaml
2025-03-03 05:27:48 +05:30 · 2025-03-03 05:27:48 +05:30 · 71ea8a7c5e
parent 65192c8fc6
commit 71ea8a7c5e
2 changed files with 55 additions and 0 deletions
--- a/docs/Modules.md
+++ b/docs/Modules.md
@ -159,6 +159,7 @@ If you want to scan all ports please define -g 1-65535 range. Otherwise Nettacke
 * '**ssl_version_vuln**' - check if the server's SSL configuration supports old and insecure SSL versions
 * '**ssl_weak_cipher_vuln**' - check if server's SSL configuration supports weak cipher suites
 * '**wordpress_dos_cve_2018_6389_vuln**' - check if Wordpress is vulnerable to CVE-2018-6389 Denial Of Service (DOS) 
+* '**wp_plugin_cve_2023_47668_vuln**' - check the target for CVE-2023-47668 
 * '**wp_xmlrpc_bruteforce_vuln**' - check if Wordpress is vulnerable to credential Brute Force via XMLRPC wp.getUsersBlogs
 * '**wp_xmlrpc_pingback_vuln**' - check if Wordpress is vulnerable to XMLRPC pingback 
 * '**x_powered_by_vuln**' - check if the web server is leaking server configuration in 'X-Powered-By' response header
--- a/nettacker/modules/vuln/wp_plugin_cve_2023_47668.yaml
+++ b/nettacker/modules/vuln/wp_plugin_cve_2023_47668.yaml
@ -0,0 +1,54 @@
+info:
+  name: wp_plugin_cve_2023_47668_vuln
+  author: Manushya-a
+  severity: 5.3
+  description: The Membership Plugin Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.7 via the legacy log file. This makes it possible for unauthenticated attackers to extract sensitive data including debug information.
+  references: 
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-47668
+    - https://wpscan.com/vulnerability/b7e164be-6b22-42dc-a43f-229a482f463d/
+    
+  profiles:
+    - vuln
+    - vulnerability
+    - http
+    - medium_severity
+    - wordpress
+    - wp
+
+payloads:
+  - library: http
+    steps:
+      - method: get
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+          Accept-Language: en-US
+          Content-Type: text/plain
+          Accept: text/html
+          Accept-Encoding: gzip, deflate, br
+          Connection: keep-alive
+
+        allow_redirects: true
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/wp-content/uploads/rcp-debug.log"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: and
+          conditions:
+            status_code:
+              regex: "200"
+              reverse: false
+            content:
+              regex: "wp_rcp_discounts"
+              reverse: false