.. / CVE-2020-28976

Exploit for WordPress Canto 1.3.0 - Blind Server-Side Request Forgery (CVE-2020-28976)

Description:

WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2020-28976.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-28976.yaml

References:

https://www.canto.com/integrations/wordpress/
https://www.exploit-db.com/exploits/49189
http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html
https://github.com/CantoDAM/Canto-Wordpress-Plugin
https://nvd.nist.gov/vuln/detail/CVE-2020-28976

.. / CVE-2020-28976 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Canto 1.3.0 - Blind Server-Side Request Forgery (CVE-2020-28976)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-28976