daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Text Enhancements (#3927) 

Dashboard text enhancements
patch-1
MostInterestingBotInTheWorld 2022-03-17 13:01:45 -04:00 committed by GitHub
parent b36dcdcd4a
commit 056323ec5a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 360 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cnvd/2021/CNVD-2021-17369.yaml
View File

@ -3,9 +3,16 @@ id: CNVD-2021-17369
info:
name: Ruijie Smartweb Management System Password Information Disclosure
author: pikpikcu
severity: medium
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
severity: high
description: The wireless smartweb management system of Ruijie Networks Co., Ltd. has a logic flaw. An attacker can obtain the administrator account and password from a low-privileged user, thereby escalating the low-level privilege to the administrator's privilege.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
tags: ruijie,disclosure,cnvd,cnvd2021
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- method: GET
@ -26,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

5
cves/2010/CVE-2010-1875.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2010-1875
info:
name: Joomla! Component Property - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/11851
- https://www.cvedetails.com/cve/CVE-2010-1875
@ -23,4 +23,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/03/16

6
cves/2010/CVE-2010-1878.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2010-1878
info:
name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/12317
- https://www.cvedetails.com/cve/CVE-2010-1878
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1878
requests:
- method: GET
path:
@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/03/17

10
cves/2020/CVE-2020-23517.yaml
View File

@ -1,11 +1,13 @@
id: CVE-2020-23517
info:
name: Aryanic HighMail (High CMS) XSS
name: Aryanic HighMail (High CMS) Cross-Site Scripting
author: geeknik
severity: medium
description: XSS vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
reference: https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html
description: "A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm."
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-23517
- https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html
tags: xss,cve,cve2020
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -27,3 +29,5 @@ requests:
- type: word
words:
- "<img src=\"x\" onerror=\"alert('XSS')"
# Enhanced by mp on 2022/03/14

4
cves/2021/CVE-2021-22214.yaml
View File

@ -10,7 +10,7 @@ info:
versions starting from 10.5 was possible to exploit for an unauthenticated
attacker even on a GitLab instance where registration is limited.
The same vulnerability actually spans multiple CVEs, due to similar reports
that were fixed across seperate patches. These CVEs are:
that were fixed across separate patches. These CVEs are:
- CVE-2021-39935
- CVE-2021-22214
- CVE-2021-22175
@ -46,4 +46,4 @@ requests:
- type: word
part: body
words:
- "does not have valid YAML syntax"
- "does not have valid YAML syntax"

6
cves/2021/CVE-2021-39501.yaml
View File

@ -4,7 +4,7 @@ info:
name: EyouCMS 1.5.4 Open Redirect
author: 0x_Akoko
severity: medium
description: EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
reference:
- https://github.com/eyoucms/eyoucms/issues/17
- https://www.cvedetails.com/cve/CVE-2021-39501
@ -25,4 +25,6 @@ requests:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
# Enhanced by mp on 2022/03/16

8
cves/2021/CVE-2021-40323.yaml
View File

@ -1,10 +1,12 @@
id: CVE-2021-40323
info:
name: Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method
name: Cobbler <3.3.0 Remote Code Execution
severity: critical
author: c-sh0
description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.
reference:
- https://github.com/cobbler/cobbler/releases/tag/v3.3.0
- https://github.com/cobbler/cobbler/issues/2795
- https://tnpitsecurity.com/blog/cobbler-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2021-40323
@ -92,4 +94,6 @@ requests:
- "root:.*:0"
- "bin:.*:1"
- "nobody:.*:99"
condition: or
condition: or
# Enhanced by mp on 2022/03/16

8
cves/2021/CVE-2021-40539.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-40539
info:
name: ManageEngine ADSelfService Plus version 6113 Unauthenticated RCE
name: Zoho ManageEngine ADSelfService Plus version 6113 Unauthenticated RCE
author: daffainfo,pdteam
severity: critical
description: ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass which leads to remote code execution.
description: Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.
remediation: Upgrade to ADSelfService Plus build 6114.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-40539
- https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
- https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539
- https://github.com/synacktiv/CVE-2021-40539
tags: cve,cve2021,rce,ad,intrusive,manageengine
classification:
@ -112,3 +112,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

6
cves/2021/CVE-2021-40542.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-40542
info:
name: Opensis-Classic 8.0 Reflected XSS
name: Opensis-Classic 8.0 Reflected Cross-Site Scripting
author: alph4byt3
severity: medium
description: Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
description: Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
reference:
- https://github.com/OS4ED/openSIS-Classic/issues/189
- https://nvd.nist.gov/vuln/detail/CVE-2021-40542
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

6
cves/2021/CVE-2021-40856.yaml
View File

@ -4,10 +4,10 @@ info:
name: Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
author: gy741
severity: high
description: Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
description: Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-40856
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40856
tags: cve,cve2021,comfortel,auth-bypass,auerswald
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

6
cves/2021/CVE-2021-40859.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-40859
info:
name: Auerswald COMpact 5500R 7.8A and 8.0B devices Backdoor
name: Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
author: pussycat0x
severity: critical
description: unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain access to a web interface that allows for resetting the administrator password.
description: Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password.
reference:
- https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-40859
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

6
default-logins/solarwinds/solarwinds-default-login.yaml
View File

@ -14,9 +14,9 @@ info:
cve-id:
cwe-id: CWE-522
# Optional:
# POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1
# {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337}
# Optional:
# POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1
# {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337}
requests:
- raw:

9
dns/elasticbeantalk-takeover.yaml
View File

@ -1,13 +1,18 @@
id: elasticbeantalk-takeover
info:
name: ElasticBeanTalk takeover detection
name: ElasticBeanTalk Subdomain Takeover Detection
author: philippedelteil,rotemreiss
severity: high
description: ElasticBeanTalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
reference:
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/147 # kudos to @m7mdharoun for sharing process details.
- https://twitter.com/payloadartist/status/1362035009863880711
- https://www.youtube.com/watch?v=srKIqhj_ki8
classification:
cvss-score: 7.2
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cwe-id: CWE-404
tags: dns,takeover,aws
metadata:
comments: |
@ -40,3 +45,5 @@ dns:
group: 1
regex:
- "IN\tCNAME\t(.+)"
# Enhanced by mp on 2022/03/14

15
dns/mx-fingerprint.yaml
View File

@ -1,10 +1,19 @@
id: mx-fingerprint
info:
name: MX Fingerprint
name: MX Record Detection
author: pdteam
severity: info
description: An MX record was detected. MX records direct emails to a mail exchange server.
tags: dns,mx
reference:
- https://www.cloudflare.com/learning/dns/dns-records/dns-mx-record/
- https://mxtoolbox.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -19,4 +28,6 @@ dns:
- type: regex
group: 1
regex:
- "IN\tMX\t(.+)"
- "IN\tMX\t(.+)"
# Enhanced by mp on 2022/03/14

11
dns/mx-service-detector.yaml
View File

@ -1,11 +1,16 @@
id: mx-service-detector
info:
name: E-mail service detector
name: Email Service Detector
author: binaryfigments
severity: info
description: Check the email service or spam filter that is used for a domain.
description: An email service was detected. Check the email service or spam filter that is used for a domain.
tags: dns,service
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -77,3 +82,5 @@ dns:
words:
- "mx1-us1.ppe-hosted.com"
- "mx2-us1.ppe-hosted.com"
# Enhanced by mp on 2022/03/14

12
dns/nameserver-fingerprint.yaml
View File

@ -1,10 +1,16 @@
id: nameserver-fingerprint
info:
name: NS Fingerprint
name: NS Record Detection
author: pdteam
severity: info
description: An NS record was detected. An NS record delegates a subdomain to a set of name servers.
tags: dns,ns
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -19,4 +25,6 @@ dns:
- type: regex
group: 1
regex:
- "IN\tNS\t(.+)"
- "IN\tNS\t(.+)"
# Enhanced by mp on 2022/03/14

12
dns/ptr-fingerprint.yaml
View File

@ -1,10 +1,16 @@
id: ptr-fingerprint
info:
name: PTR Fingerprint
name: PTR Detected
author: pdteam
severity: info
description: A PTR record was detected. A PTR record refers to the domain name.
tags: dns,ptr
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -19,4 +25,6 @@ dns:
- type: regex
group: 1
regex:
- "IN\tPTR\t(.+)"
- "IN\tPTR\t(.+)"
# Enhanced by mp on 2022/03/14

10
dns/servfail-refused-hosts.yaml
View File

@ -1,8 +1,14 @@
id: servfail-refused-hosts
info:
name: Servfail Host Finder
name: DNS Servfail Host Finder
author: pdteam
description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
severity: info
tags: dns,takeover
@ -15,3 +21,5 @@ dns:
words:
- "SERVFAIL"
- "REFUSED"
# Enhanced by mp on 2022/03/14

15
dns/spoofable-spf-records-ptr.yaml
View File

@ -1,11 +1,18 @@
id: spoofable-spf-records-ptr
info:
name: Find spoofable SPF records containing the PTR mechanism
name: Spoofable SPF Records with PTR Mechanism
author: binaryfigments
severity: info
description: Check if TXT records in DNS for SPF records that have the PTR mechanism that is spoofable.
description: SPF records in DNS containing a PTR mechanism are spoofable.
tags: dns,spf
reference:
- https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -16,4 +23,6 @@ dns:
words:
- "v=spf1"
- " ptr "
condition: and
condition: and
# Enhanced by mp on 2022/03/14

14
dns/txt-fingerprint.yaml
View File

@ -1,10 +1,18 @@
id: txt-fingerprint
info:
name: TXT Fingerprint
name: DNS TXT Record Detected
author: pdteam
severity: info
description: A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.
tags: dns,txt
reference:
- https://www.netspi.com/blog/technical/network-penetration-testing/analyzing-dns-txt-records-to-fingerprint-service-providers/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -19,4 +27,6 @@ dns:
- type: regex
group: 1
regex:
- "IN\tTXT\t(.+)"
- "IN\tTXT\t(.+)"
# Enhanced by mp on 2022/03/14

13
dns/worksites-detection.yaml
View File

@ -1,11 +1,18 @@
id: detect-worksites
info:
name: worksites.net service detection
name: Worksites.net Service Detection
author: melbadry9
severity: info
description: A worksites.net service was detected.
tags: dns,service
reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
reference:
- https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
@ -15,3 +22,5 @@ dns:
- type: word
words:
- "69.164.223.206"
# Enhanced by mp on 2022/03/14

60
exposed-panels/3g-wireless-gateway.yaml
View File

@ -1,25 +1,35 @@
id: 3g-wireless-gateway
info:
name: 3G wireless gateway
author: pussycat0x
severity: info
reference: https://www.exploit-db.com/ghdb/7050
tags: panel,router
requests:
- method: GET
path:
- "{{BaseURL}}/htmlcode/html/indexdefault.asp"
matchers-condition: and
matchers:
- type: word
words:
- "g_i3gState"
- "g_sysinfo_sim_state"
- "g_iUID"
condition: and
- type: status
status:
- 200
id: 3g-wireless-gateway
info:
name: 3G Wireless Gateway Detection
author: pussycat0x
severity: info
description: A 3G wireless gateway was detected.
reference:
- https://www.exploit-db.com/ghdb/7050
tags: panel,router
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
path:
- "{{BaseURL}}/htmlcode/html/indexdefault.asp"
matchers-condition: and
matchers:
- type: word
words:
- "g_i3gState"
- "g_sysinfo_sim_state"
- "g_iUID"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/03/14

72
exposed-panels/acemanager-login.yaml
View File

@ -1,32 +1,40 @@
id: acemanager-login
info:
name: ACEmanager detect
author: pussycat0x
severity: info
metadata:
fofa-dork: 'app="ACEmanager"'
tags: panel,login,tech,acemanager
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>::: ACEmanager :::</title>'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
regex:
- 'ALEOS Version ([0-9.]+) \| Copyright &co'
id: acemanager-login
info:
name: ACEmanager Detection
author: pussycat0x
severity: info
description: ACEManager was detected. ACEManager is a configuration and diagnostic tool for the Sierra Wireless AirLink Raven modems.
metadata:
fofa-dork: 'app="ACEmanager"'
tags: panel,login,tech,acemanager
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>::: ACEmanager :::</title>'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
regex:
- 'ALEOS Version ([0-9.]+) \| Copyright &co'
# Enhanced by mp on 2022/03/14

10
exposed-panels/acrolinx-dashboard.yaml
View File

@ -4,11 +4,19 @@ info:
name: Acrolinx Dashboard
author: ffffffff0x
severity: info
description: An Acrolinx Analytics dashboard was detected.
metadata:
fofa-query: title=="Acrolinx Dashboard"
shodan-query: http.title:"Acrolinx Dashboard"
google-dork: inurl:"Acrolinx Dashboard"
tags: acrolinx,panel
reference:
- https://docs.acrolinx.com/coreplatform/latest/en/analytics/acrolinx-analytics-dashboards
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -27,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/14

11
exposed-panels/aims-password-portal.yaml
View File

@ -4,8 +4,15 @@ info:
name: AIMS Password Management Portal
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/6576
description: An AIMS Password Management portal was discovered.
reference:
- https://www.exploit-db.com/ghdb/6576
tags: panel,aims
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -20,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

14
exposed-panels/airflow-panel.yaml
View File

@ -1,12 +1,20 @@
id: airflow-panel
info:
name: Airflow Admin login
name: Apache Airflow Admin Login Panel
author: pdteam
severity: info
description: An Apache Airflow admin login panel was discovered.
reference:
- https://airflow.apache.org/docs/apache-airflow/stable/security/webserver.html
tags: panel,apache,airflow
metadata:
shodan-query: title:"Sign In - Airflow"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- method: GET
@ -25,4 +33,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/03/16

12
exposed-panels/akamai-cloudtest.yaml
View File

@ -3,8 +3,16 @@ id: akamai-cloudtest
info:
name: Akamai CloudTest Panel
author: emadshanab
description: An Akamai CloudTest panel was discovered.
severity: info
tags: panel,akamai
reference:
- https://techdocs.akamai.com/cloudtest/docs
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,4 +29,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/03/16

10
exposed-panels/alfresco-detect.yaml
View File

@ -3,8 +3,16 @@ id: alfresco-detect
info:
name: Alfresco CMS Detection
author: pathtaga
description: Alfresco CMS was discovered.
severity: info
tags: alfresco,tech,panel
reference:
- https://www.alfresco.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -31,3 +39,5 @@ requests:
- 'Enterprise v.*([0-9]\.[0-9]+\.[0-9]+)'
- 'Community v.*([0-9]\.[0-9]+\.[0-9]+)'
- 'Community Early Access v.*([0-9]\.[0-9]+\.[0-9]+)'
# Enhanced by mp on 2022/03/16

10
exposed-panels/alienvault-usm.yaml
View File

@ -1,12 +1,18 @@
id: alienVault-usm
info:
name: AlienVault USM
name: AlienVault USM Login Panel
author: dhiyaneshDK
severity: info
tags: panel,alienvault
description: An AlienVault USM login panel was detected.
metadata:
shodan-query: 'http.title:"AlienVault USM"'
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

10
exposed-panels/ambari-exposure.yaml
View File

@ -1,10 +1,16 @@
id: ambari-exposure
info:
name: Apache Ambari Exposure / Unauthenticated Access
name: Apache Ambari Exposure Admin Login Panel
author: pdteam
description: An Apache Ambari panel was discovered.
severity: medium
tags: panel,apache,ambari,exposure
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -17,3 +23,5 @@ requests:
- '<title>Ambari</title>'
- 'href="http://www.apache.org/licenses/LICENSE-2.0"'
condition: and
# Enhanced by mp on 2022/03/16

11
exposed-panels/amcrest-login.yaml
View File

@ -3,12 +3,19 @@ id: amcrest-login
info:
name: Amcrest Login
author: DhiyaneshDK
description: An Amcrest LDAP user login was discovered.
severity: info
reference: https://www.exploit-db.com/ghdb/7273
reference:
- https://www.exploit-db.com/ghdb/7273
metadata:
shodan-query: html:"amcrest"
google-dork: intext:"amcrest" "LDAP User"
tags: panel,camera,amcrest
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -26,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

12
exposed-panels/ametys-admin-login.yaml
View File

@ -1,10 +1,16 @@
id: ametys-admin-login
info:
name: Ametys Admin Login
name: Ametys Admin Login Panel
author: pathtaga
severity: info
description: An Ametys admin login panel was discovered.
tags: panel,ametys,cms
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -28,4 +34,6 @@ requests:
part: body
group: 1
regex:
- '&nbsp;([0-9.]+)</span>'
- '&nbsp;([0-9.]+)</span>'
# Enhanced by mp on 2022/03/16

8
exposed-panels/ampps-admin-panel.yaml
View File

@ -4,7 +4,13 @@ info:
name: AMPPS Admin Login Panel
author: deFr0ggy
severity: info
description: An AMPPS Admin login panel was detected.
tags: panel,ampps,login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -33,3 +39,5 @@ requests:
group: 1
regex:
- 'mpps\.com">Powered By FREE ([A-Z 0-9.]+)<\/a>'
# Enhanced by mp on 2022/03/16

8
exposed-panels/ampps-panel.yaml
View File

@ -4,7 +4,13 @@ info:
name: AMPPS Login Panel
author: deFr0ggy
severity: info
description: An AMPPS login panel was detected.
tags: panel,ampps,login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -33,3 +39,5 @@ requests:
group: 1
regex:
- 'mpps\.com">Powered By FREE ([A-Z 0-9.]+)<\/a>'
# Enhanced by mp on 2022/03/16

11
exposed-panels/ansible-tower-exposure.yaml
View File

@ -4,7 +4,7 @@ info:
name: Ansible Tower Exposure
author: pdteam,idealphase
severity: low
description: Ansible Tower is a commercial offering that helps teams manage complex multi-tier deployments by adding control, knowledge, and delegation to Ansible-powered environments.
description: Ansible Tower was detected. Ansible Tower is a commercial offering that helps teams manage complex multi-tier deployments by adding control, knowledge, and delegation to Ansible-powered environments.
reference:
- https://docs.ansible.com/ansible-tower/3.8.4/html/administration/
- https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html
@ -12,6 +12,11 @@ info:
google-query: intitle:"Ansible Tower"
shodan-query: title:"Ansible Tower"
tags: panel,ansible
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -30,4 +35,6 @@ requests:
group: 1
part: body
regex:
- 'href="\/static\/assets\/favicon\.ico\?v=(.+)" \/>'
- 'href="\/static\/assets\/favicon\.ico\?v=(.+)" \/>'
# Enhanced by mp on 2022/03/16

10
exposed-panels/apache/apache-apisix-panel.yaml
View File

@ -1,12 +1,18 @@
id: apache-apisix-panel
info:
name: Apache APISIX Panel detect
name: Apache APISIX Login Panel
author: pikpikcu
severity: info
description: An Apache APISIX login panel was detected.
metadata:
fofa-query: title="Apache APISIX Dashboard"
tags: apache,apisix,panel
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -23,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

10
exposed-panels/apache/public-tomcat-manager.yaml
View File

@ -1,10 +1,16 @@
id: public-tomcat-manager
info:
name: tomcat manager disclosure
name: Apache Tomcat Manager Disclosure
author: Ahmed Sherif,geeknik
severity: info
description: An Apache Tomcat Manager panel was discovered.
tags: panel,tomcat,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -23,3 +29,5 @@ requests:
- 401
- 200
condition: or
# Enhanced by mp on 2022/03/16