nuclei-templates/cves/2005/CVE-2005-2428.yaml

id: CVE-2005-2428
info:
  name: CVE-2005-2428
  author: CasperGN
  severity: medium

requests:
  - method: GET
    path:
      - "{{BaseURL}}/names.nsf/People?OpenView"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        name: domino-username
        regex:
          - '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
        part: body
cve id updates 2021-01-02 05:02:50 +00:00			`id: CVE-2005-2428`
Inclusion of stage- 1 detection of the old hashdump vuln. Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-09-09 08:11:50 +00:00			`info:`
few updates 2020-11-17 10:57:15 +00:00			`name: CVE-2005-2428`
Inclusion of stage- 1 detection of the old hashdump vuln. Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-09-09 08:11:50 +00:00			`author: CasperGN`
			`severity: medium`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/names.nsf/People?OpenView"`
:hammer: Add matchers condition 2020-09-09 18:44:26 +00:00			`matchers-condition: and`
And the last file Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-09-09 08:38:32 +00:00			`matchers:`
Inclusion of stage- 1 detection of the old hashdump vuln. Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-09-09 08:11:50 +00:00			`- type: status`
			`status:`
Adding word matcher which mimics public PoC exploits Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-09-09 14:53:16 +00:00			`- 200`
Based on metasploit regex Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com> 2020-09-09 17:08:23 +00:00			`- type: regex`
			`name: domino-username`
			`regex:`
			`- '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'`
			`part: body`