diff --git a/cves/CVE-2018-18069.yaml b/cves/CVE-2018-18069.yaml new file mode 100644 index 0000000000..e02d448de4 --- /dev/null +++ b/cves/CVE-2018-18069.yaml @@ -0,0 +1,17 @@ +id: CVE-2018-18069 + +info: + name: Wordpress unauthenticated stored xss + author: nadino + severity: medium + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-admin/admin.php" + body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN\">' + part: body + - type: dsl + dsl: + - 'contains(content_type,"html")' diff --git a/panels/crxde.yaml b/panels/crxde.yaml new file mode 100644 index 0000000000..8f82ca4cc6 --- /dev/null +++ b/panels/crxde.yaml @@ -0,0 +1,15 @@ +id: crxde + +info: + name: CRXDE Lite + author: nadino + severity: medium + +requests: + - method: GET + path: + - "{{BaseURL}}/crx/de/index.jsp" + matchers: + - type: word + words: + - "CRXDE Lite" diff --git a/security-misconfiguration/basic-cors.yaml b/security-misconfiguration/basic-cors.yaml index c9180bc523..c3c9597712 100644 --- a/security-misconfiguration/basic-cors.yaml +++ b/security-misconfiguration/basic-cors.yaml @@ -8,7 +8,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" headers: Origin: https://evil.com matchers: diff --git a/subdomain-takeover/detect-all-takeovers.yaml b/subdomain-takeover/detect-all-takeovers.yaml index 1283edffd4..7f5bfbbbcf 100644 --- a/subdomain-takeover/detect-all-takeovers.yaml +++ b/subdomain-takeover/detect-all-takeovers.yaml @@ -8,7 +8,7 @@ info: # Update this list with new takeovers matchers # Do not delete other template files for takeover # https://github.com/EdOverflow/can-i-take-over-xyz - # You need to claim the cname the subdomain to confirm the takeover. + # You need to claim the cname the subdomain to confirm the takeover. # Do not report this without claiming the cname. requests: @@ -22,17 +22,17 @@ requests: name: pantheon.io words: - "The gods are wise, but do not know of the site which you seek." - + - type: word name: aws-s3-bucket words: - "The specified bucket does not exist" - + - type: word name: anima words: - "If this is your website and you've just created it, try refreshing in a minute" - + - type: word name: ghost words: @@ -68,6 +68,12 @@ requests: - ngrok.io not found - Tunnel *.ngrok.io not found + - type: word + name: tumblr + words: + - Whatever you were looking for doesn't currently exist at this address. + - There's nothing here. + - type: word name: github words: @@ -277,57 +283,57 @@ requests: name: readme words: - Project doesnt exist... yet! - + - type: word name: smugmug words: - '{"text":"Page Not Found"' - + - type: word name: airee words: - Ошибка 402. Сервис Айри.рф не оплачен - + - type: word name: kinsta words: - No Site For Domain - + - type: word name: launchrock words: - It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us. - + - type: word name: Strikingly words: - But if you're looking to build your own website - you've come to the right place. - + - type: word name: HatenaBlog words: - 404 Blog is not found - Sorry, we can't find the page you're looking for. - + - type: word name: wufoo words: - Profile not found - Hmmm....something is not right. - + - type: word name: hubspot words: - Domain not found - does not exist in our system - + - type: word name: jazzhr words: - This account no longer active - + - type: word name: smartjob words: @@ -339,19 +345,19 @@ requests: name: Uptimerobot regex: - "^page not found$" - + - type: word - name: agile + name: agile words: - Sorry, this page is no longer available. - + - type: word - name: pingdom + name: pingdom words: - Public Report Not Activated - This public report page has not been activated by the user - + - type: word - name: zendesk + name: zendesk words: - this help center no longer exists diff --git a/tokens/amazon-mws-auth-token-value.yaml b/tokens/amazon-mws-auth-token-value.yaml index 3df57aa35e..48c934d38a 100755 --- a/tokens/amazon-mws-auth-token-value.yaml +++ b/tokens/amazon-mws-auth-token-value.yaml @@ -1,22 +1,22 @@ id: amazon-mws-auth-token-value -info: +info: author: puzzlepeaches name: "Amazon MWS Auth Token" severity: medium -requests: - - - extractors: - - +requests: + - + extractors: + - part: body - regex: + regex: - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" type: regex - matchers: - - + matchers: + - part: body - regex: + regex: - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" type: regex method: GET - path: - - "{{BaseURL}}/" + path: + - "{{BaseURL}}" diff --git a/tokens/aws-access-key-value.yaml b/tokens/aws-access-key-value.yaml index 0e4df1af8a..75f477f5a1 100755 --- a/tokens/aws-access-key-value.yaml +++ b/tokens/aws-access-key-value.yaml @@ -8,7 +8,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" matchers: - type: regex part: body @@ -18,4 +18,4 @@ requests: - type: regex part: body regex: - - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" \ No newline at end of file + - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" diff --git a/tokens/google-api-key.yaml b/tokens/google-api-key.yaml index 32584f089a..cb90c7dede 100755 --- a/tokens/google-api-key.yaml +++ b/tokens/google-api-key.yaml @@ -8,7 +8,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" matchers: - type: regex part: body diff --git a/tokens/mailchimp-api-key.yaml b/tokens/mailchimp-api-key.yaml index 5bb5a2dae7..a854e126a0 100755 --- a/tokens/mailchimp-api-key.yaml +++ b/tokens/mailchimp-api-key.yaml @@ -8,7 +8,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" matchers: - type: regex part: body diff --git a/tokens/slack-access-token.yaml b/tokens/slack-access-token.yaml index 5ddd4a7b0e..a2da5688dd 100644 --- a/tokens/slack-access-token.yaml +++ b/tokens/slack-access-token.yaml @@ -11,7 +11,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" matchers: - type: regex part: body