Merge pull request #3448 from pussycat0x/master

New Templates Added
2021-12-30 12:16:51 +05:30 · 2021-12-30 12:16:51 +05:30 · 046629b709
parent 80489bce76 a94c5d62a1
commit 046629b709
3 changed files with 94 additions and 36 deletions
--- a/cves/2021/CVE-2021-40859.yaml
+++ b/cves/2021/CVE-2021-40859.yaml
@ -1,40 +1,41 @@
-id: CVE-2021-40859
-
-info:
-  name: CVE-2021-40859
-  author: pussycat0x
-  severity: critical
-  description: unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain access to a web interface that allows for resetting the administrator password.
-  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-40859
-    - https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html
-  metadata:
-    fofa-dork: '"auerswald"'
-  tags: cve,cve2021,iot,unauth,voip
-
+id: CVE-2021-40859
+
+info:
+  name: Auerswald COMpact 5500R 7.8A and 8.0B devices Backdoor
+  author: pussycat0x
+  severity: critical
+  description: unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain access to a web interface that allows for resetting the administrator password.
+  reference:
+    - https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-40859
+  metadata:
+    fofa-dork: '"auerswald"'
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2021-40859
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/about_state"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '"pbx"'
-          - '"dongleStatus":0'
-          - '"macaddr"'
-        condition: and
-
-      - type: word
-        part: header
-        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
+  tags: cve,cve2021,iot,unauth,voip,auerswald
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/about_state"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"pbx"'
+          - '"dongleStatus":0'
+          - '"macaddr"'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/securepoint-utm.yaml
+++ b/exposed-panels/securepoint-utm.yaml
@ -0,0 +1,32 @@
+id: securepoint-utm
+
+info:
+  name: Securepoint UTM Admin Panel
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
+  tags: securepoint,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        part: body
+        regex:
+          - '<title>Securepoint UTM v11 - (.*)</title>'
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
--- a/exposed-panels/tableau-panel.yaml
+++ b/exposed-panels/tableau-panel.yaml
@ -0,0 +1,25 @@
+id: tableau-panel
+
+info:
+  name: Tableau Python Server Default Page Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Tableau-Python-Server"'
+  tags: tableau,panel,python
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Tableau Python Server</title>'
+
+      - type: status
+        status:
+          - 200