parent
58d0e08739
commit
0896fc82f9
|
@ -4,10 +4,7 @@ info:
|
||||||
name: Oracle Content Server XSS
|
name: Oracle Content Server XSS
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
description:
|
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
|
||||||
The vulnerability can be used to include
|
|
||||||
HTML- or JavaScript code to the affected web page. The code is executed
|
|
||||||
in the browser of users if they visit the manipulated site.
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,7 +3,7 @@ info:
|
||||||
author: "Random Robbie"
|
author: "Random Robbie"
|
||||||
name: "Struts2 RCE "
|
name: "Struts2 RCE "
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
||||||
|
|
||||||
# This template supports the detection part only.
|
# This template supports the detection part only.
|
||||||
# Do not test any website without permission
|
# Do not test any website without permission
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Nuxeo Authentication Bypass Remote Code Execution
|
name: Nuxeo Authentication Bypass Remote Code Execution
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
description: Nuxeo Authentication Bypass Remote Code Execution < 103 using a SSTI
|
description: Nuxeo Authentication Bypass Remote Code Execution < 103 using a SSTI
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -15,9 +15,9 @@ info:
|
||||||
requests:
|
requests:
|
||||||
- payloads:
|
- payloads:
|
||||||
command:
|
command:
|
||||||
- "systeminfo" # Windows
|
- "systeminfo" # Windows
|
||||||
- "lsb_release -a" # Linux
|
- "lsb_release -a" # Linux
|
||||||
- "sysctl kern.ostype" # macOS
|
- "sysctl kern.ostype" # macOS
|
||||||
port:
|
port:
|
||||||
- "80"
|
- "80"
|
||||||
- "443"
|
- "443"
|
||||||
|
|
Loading…
Reference in New Issue