daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added comments with URLs under the "references" field 

Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
patch-1
forgedhallpass 2021-08-19 16:15:35 +03:00
parent e68d15ab63
commit 0b432b341b
30 changed files with 70 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2017/CVE-2017-10271.yaml
View File

@ -5,11 +5,11 @@ info:
author: dr_set author: dr_set
severity: high severity: high
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 reference:
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
tags: cve,cve2017,rce,oracle,weblogic tags: cve,cve2017,rce,oracle,weblogic
# Source:- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
requests: requests:
- raw: - raw:
- | - |

7
cves/2017/CVE-2017-11444.yaml
View File

@ -5,12 +5,11 @@ info:
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
reference: https://github.com/intelliants/subrion/issues/479 reference:
- https://github.com/intelliants/subrion/issues/479
- https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
tags: cve,cve2017,sqli,subrion tags: cve,cve2017,sqli,subrion
# Source:
# - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
requests: requests:
- method: GET - method: GET
path: path:

2
cves/2017/CVE-2017-14537.yaml
View File

@ -9,7 +9,7 @@ info:
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- Product vendor:-https://sourceforge.net/projects/asteriskathome/ - https://sourceforge.net/projects/asteriskathome/ # vendor homepage
requests: requests:
- raw: - raw:

8
cves/2018/CVE-2018-16763.yaml
View File

@ -5,10 +5,10 @@ info:
author: pikpikcu author: pikpikcu
severity: critical severity: critical
tags: cve,cve2018,fuelcms,rce tags: cve,cve2018,fuelcms,rce
reference:
# Vendor Homepage: https://www.getfuelcms.com/ - https://www.exploit-db.com/exploits/47138
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 - https://www.getfuelcms.com/ # Vendor Homepage
# reference: https://www.exploit-db.com/exploits/47138 - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 # Software Link
requests: requests:
- raw: - raw:

7
cves/2018/CVE-2018-17431.yaml
View File

@ -6,10 +6,9 @@ info:
severity: critical severity: critical
description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based) description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
tags: cve,cve2018,comodo,rce tags: cve,cve2018,comodo,rce
reference:
# References: - https://www.exploit-db.com/exploits/48825
# - https://www.exploit-db.com/exploits/48825 - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
# - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
requests: requests:
- raw: - raw:

7
cves/2019/CVE-2019-7256.yaml
View File

@ -5,12 +5,11 @@ info:
author: pikpikcu author: pikpikcu
severity: critical severity: critical
description: Linear eMerge E3-Series devices allow Command Injections. description: Linear eMerge E3-Series devices allow Command Injections.
reference: https://www.exploit-db.com/exploits/47619 reference:
- https://www.exploit-db.com/exploits/47619
- http://linear-solutions.com/nsc_family/e3-series/ # vendor homepage
tags: cve,cve2019,emerge,rce tags: cve,cve2019,emerge,rce
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
requests: requests:
- raw: # Default Port - raw: # Default Port
- | - |

7
cves/2020/CVE-2020-0618.yaml
View File

@ -5,15 +5,14 @@ info:
author: joeldeleep author: joeldeleep
description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
severity: high severity: high
# THIS TEMPLATE IS ONLY FOR DETECTING
# To carry out further attacks, please see reference[1] below.
# This template works by guessing user ID.
reference: reference:
- https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ - https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
- https://github.com/euphrat1ca/CVE-2020-0618 - https://github.com/euphrat1ca/CVE-2020-0618
tags: cve,cve2020,rce tags: cve,cve2020,rce
# THIS TEMPLATE IS ONLY FOR DETECTING
# To carry out further attacks, please see reference[1] below.
# This template works by guessing user ID.
requests: requests:
- method: GET - method: GET
path: path:

11
cves/2020/CVE-2020-10148.yaml
View File

@ -7,14 +7,13 @@ info:
description: | description: |
This template could allow to bypass authentication and execute API This template could allow to bypass authentication and execute API
commands which may result in a compromise of the SolarWinds instance. commands which may result in a compromise of the SolarWinds instance.
reference: https://kb.cert.org/vuls/id/843464 reference:
- https://kb.cert.org/vuls/id/843464
- https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml
- https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
- https://twitter.com/0xsha/status/1343800953946787847
tags: cve,cve2020,solarwinds,rce tags: cve,cve2020,solarwinds,rce
# References:
# - https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml
# - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
# - https://twitter.com/0xsha/status/1343800953946787847
requests: requests:
- method: GET - method: GET
path: path:

5
cves/2020/CVE-2020-12720.yaml
View File

@ -8,11 +8,6 @@ info:
reference: https://github.com/rekter0/exploits/tree/master/CVE-2020-12720 reference: https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
tags: cve,cve2020,vbulletin,sqli tags: cve,cve2020,vbulletin,sqli
# Source https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
# This template supports the detection part only.
# Do not test any website without permission
# https://github.com/swisskyrepo/nuclei-templates/blob/20179794c2030144ec85f0231a8d455b5d7e35c5/cves/CVE-2020-12720.yaml
requests: requests:
- raw: - raw:
- | - |

16
cves/2020/CVE-2020-15505.yaml
View File

@ -6,23 +6,17 @@ info:
severity: critical severity: critical
description: | description: |
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
reference: | # THIS TEMPLATE IS ONLY FOR DETECTING
# To carry out further attacks, please see reference[2] below.
# This template works by passing a Hessian header, otherwise;
# it will return a 403 or 500 internal server error. Reference[3].
reference:
- https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html - https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
- https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505 - https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505
- https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10 - https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10
- https://github.com/orangetw/JNDI-Injection-Bypass - https://github.com/orangetw/JNDI-Injection-Bypass
tags: cve,cve2020,mobileiron,rce tags: cve,cve2020,mobileiron,rce
# THIS TEMPLATE IS ONLY FOR DETECTING
# To carry out further attacks, please see references[2] below.
# This template works by passing a Hessian header, otherwise;
# it will return a 403 or 500 internal server error. References[3].
# References:
# - [1] https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
# - [2] https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505
# - [3] https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10
# - [4] https://github.com/orangetw/JNDI-Injection-Bypass
requests: requests:
- raw: - raw:
- | - |

9
cves/2020/CVE-2020-24223.yaml
View File

@ -5,13 +5,12 @@ info:
author: pikpikcu author: pikpikcu
severity: medium severity: medium
description: Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. description: Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.
reference: https://www.exploit-db.com/exploits/48777 reference:
- https://www.exploit-db.com/exploits/48777
- https://sourceforge.net/projects/maracms/ # vendor homepage
- https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download # software link
tags: cve,cve2020,mara,xss tags: cve,cve2020,mara,xss
# Vendor Homepage: https://sourceforge.net/projects/maracms/
# Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download
# Source: https://www.exploit-db.com/exploits/48777
requests: requests:
- method: GET - method: GET
path: path:

6
cves/2020/CVE-2020-24312.yaml
View File

@ -6,11 +6,11 @@ info:
severity: high severity: high
description: | description: |
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
reference: https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/ reference:
- https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
- https://nvd.nist.gov/vuln/detail/CVE-2020-24312
tags: cve,cve2020,wordpress,backups tags: cve,cve2020,wordpress,backups
# NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-24312
# Source: https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
# Note: Manually check content # Note: Manually check content
requests: requests:

1
cves/2020/CVE-2020-5776.yaml
View File

@ -12,7 +12,6 @@ info:
# in the event that a CSRF is leveraged against an existing admin session for MAGMI. # in the event that a CSRF is leveraged against an existing admin session for MAGMI.
# At the time of this advisory, no patch exists for this issue. # At the time of this advisory, no patch exists for this issue.
requests: requests:
- raw: - raw:
- | - |

2
cves/2020/CVE-2020-5777.yaml
View File

@ -12,8 +12,6 @@ info:
# While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php # While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php
# whith default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=) # whith default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=)
# Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100 # Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100
# Ref:
# - https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35
requests: requests:
- raw: - raw:

12
cves/2020/CVE-2020-7209.yaml
View File

@ -7,17 +7,15 @@ info:
tags: cve,cve2020,rce tags: cve,cve2020,rce
description: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. description: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
reference: reference:
http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 - https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2
- https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
- https://www.hpe.com/us/en/home.html # vendor homepage
# This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.
# The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability. # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
# https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
# vendor: https://www.hpe.com/us/en/home.html
# software: https://github.com/HewlettPackard/LinuxKI
requests: requests:
- method: GET - method: GET
path: path:

9
cves/2020/CVE-2020-9496.yaml
View File

@ -9,14 +9,7 @@ info:
reference: reference:
- http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
# This template detects a Java deserialization vulnerability in Apache
# OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for
# versions prior to 17.12.04.
# --
# References:
# - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
requests: requests:
- raw: - raw:

8
cves/2021/CVE-2021-22122.yaml
View File

@ -12,14 +12,6 @@ info:
- https://twitter.com/ptswarm/status/1357316793753362433 - https://twitter.com/ptswarm/status/1357316793753362433
tags: cve,cve2021,fortiweb,xss tags: cve,cve2021,fortiweb,xss
# FortiWeb GUI interface may allow an unauthenticated, remote attacker
# to perform a reflected cross site scripting attack (XSS) by injecting
# malicious payload in different vulnerable API end-points.
# -
# References:
# - https://www.fortiguard.com/psirt/FG-IR-20-122
# - https://twitter.com/ptswarm/status/1357316793753362433
requests: requests:
- method: GET - method: GET
path: path:

1
cves/2021/CVE-2021-26295.yaml
View File

@ -13,7 +13,6 @@ info:
# Note:- This is detection template, To perform deserializes do as below # Note:- This is detection template, To perform deserializes do as below
# java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot # java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot
# `cat mad.ot | hex` and replace in <cus-obj> along with the url in std-String value # `cat mad.ot | hex` and replace in <cus-obj> along with the url in std-String value
# Exploit: https://github.com/yumusb/CVE-2021-26295-POC
requests: requests:
- raw: - raw:

8
default-logins/grafana/grafana-default-credential.yaml
View File

@ -4,9 +4,11 @@ info:
author: pdteam author: pdteam
severity: high severity: high
tags: grafana,default-login tags: grafana,default-login
reference:
- https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection
- https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
- https://github.com/grafana/grafana/issues/14755
# https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection
# https://github.com/grafana/grafana/issues/14755
# Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user. # Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user.
# So make sure, not to attempt more than 4 password for same valid user. # So make sure, not to attempt more than 4 password for same valid user.
@ -22,7 +24,7 @@ requests:
- admin - admin
# Added default grafana and prometheus user. # Added default grafana and prometheus user.
# Source:- https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page # Source: https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
attack: sniper attack: sniper

3
default-logins/solarwinds/solarwinds-default-admin.yaml
View File

@ -11,9 +11,6 @@ info:
# POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1 # POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1
# {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337} # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337}
# References:
# - https://github.com/solarwinds/OrionSDK/wiki/REST
requests: requests:
- method: GET - method: GET
path: path:

6
dns/azure-takeover-detection.yaml
View File

@ -5,13 +5,13 @@ info:
author: pdteam author: pdteam
severity: high severity: high
tags: dns,takeover tags: dns,takeover
reference:
- https://godiego.tech/posts/STO/ # kudos to @secfaults for sharing process details.
# Update the list with more CNAMEs related to azure # Update the list with more CNAMEs related to Azure
# You need to claim the CNAME in Azure portal (https://portal.azure.com) to confirm the takeover. # You need to claim the CNAME in Azure portal (https://portal.azure.com) to confirm the takeover.
# Reference:- https://godiego.tech/posts/STO/, kudos to @secfaults for sharing process details.
# Do not report this without claiming the CNAME. # Do not report this without claiming the CNAME.
dns: dns:
- name: "{{FQDN}}" - name: "{{FQDN}}"
type: A type: A

8
exposures/configs/alibaba-canal-info-leak.yaml
View File

@ -5,10 +5,10 @@ info:
author: pikpikcu author: pikpikcu
severity: info severity: info
tags: config,exposure tags: config,exposure
reference:
# https://github.com/alibaba/canal/issues/632 - https://github.com/alibaba/canal/issues/632
# https://netty.io/wiki/reference-counted-objects.html - https://netty.io/wiki/reference-counted-objects.html
# https://my.oschina.net/u/4581879/blog/4753320 - https://my.oschina.net/u/4581879/blog/4753320
requests: requests:
- method: GET - method: GET

3
technologies/clockwork-php-page.yaml
View File

@ -3,7 +3,8 @@ info:
name: Clockwork PHP page exposure name: Clockwork PHP page exposure
author: organiccrap author: organiccrap
severity: high severity: high
# https://twitter.com/damian_89_/status/1250721398747791360 reference: https://twitter.com/damian_89_/status/1250721398747791360
requests: requests:
- method: GET - method: GET
path: path:

2
technologies/firebase-detect.yaml
View File

@ -4,7 +4,7 @@ info:
name: firebase detect name: firebase detect
author: organiccrap author: organiccrap
severity: low severity: low
# http://ghostlulz.com/google-exposed-firebase-database/ reference: http://ghostlulz.com/google-exposed-firebase-database/
requests: requests:
- method: GET - method: GET

4
technologies/liferay-portal-detect.yaml
View File

@ -3,8 +3,8 @@ info:
name: Liferay Portal Detection name: Liferay Portal Detection
author: organiccrap,dwisiswant0 author: organiccrap,dwisiswant0
severity: info severity: info
# CVE-2020-7961: Liferay Portal Unauthenticated RCE reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
# https://github.com/mzer0one/CVE-2020-7961-POC
requests: requests:
- method: GET - method: GET
path: path:

2
vulnerabilities/jira/jira-unauthenticated-dashboards.yaml
View File

@ -1,7 +1,7 @@
id: jira-unauthenticated-dashboards id: jira-unauthenticated-dashboards
# If public sharing is ON it allows users to share dashboards and filters with all users including # If public sharing is ON it allows users to share dashboards and filters with all users including
# those that are not logged in. Those dashboard and filters could reveal potentially sensitive information. # those that are not logged in. Those dashboards and filters could reveal potentially sensitive information.
info: info:
name: Jira Unauthenticated Dashboards name: Jira Unauthenticated Dashboards

8
vulnerabilities/other/rconfig-rce.yaml
View File

@ -7,10 +7,10 @@ info:
tags: rconfig,rce tags: rconfig,rce
# This template supports the user creation part only. # This template supports the user creation part only.
# To triggering an RCE, see references[2]. # To triggering an RCE, see reference[2].
# References: reference:
# - [1] https://www.rconfig.com/downloads/rconfig-3.9.5.zip - https://www.rconfig.com/downloads/rconfig-3.9.5.zip
# - [2] https://www.exploit-db.com/exploits/48878 - https://www.exploit-db.com/exploits/48878
requests: requests:
- raw: - raw:

9
vulnerabilities/other/sick-beard-xss.yaml
View File

@ -5,10 +5,11 @@ info:
author: pikpikcu author: pikpikcu
severity: medium severity: medium
tags: xss tags: xss
reference:
# Vendor Homepage: https://sickbeard.com/ - https://sickbeard.com/ # vendor homepage
# Software Link: https://github.com/midgetspy/Sick-Beard - https://github.com/midgetspy/Sick-Beard # software link
# shodan dork: sickbeard customAttributes:
shodan-dork: sickbeard
requests: requests:
- method: GET - method: GET

1
vulnerabilities/springboot/springboot-h2-db-rce.yaml
View File

@ -7,7 +7,6 @@ info:
tags: springboot,rce tags: springboot,rce
# Payload taken from @pyn3rd (Twitter), see reference[2]. # Payload taken from @pyn3rd (Twitter), see reference[2].
reference: reference:
- https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database - https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database
- https://twitter.com/pyn3rd/status/1305151887964946432 - https://twitter.com/pyn3rd/status/1305151887964946432

2
vulnerabilities/wordpress/wordpress-emergency-script.yaml
View File

@ -5,8 +5,6 @@ info:
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: wordpress tags: wordpress
# Ref:-
reference: https://wordpress.org/support/article/resetting-your-password/#using-the-emergency-password-reset-script reference: https://wordpress.org/support/article/resetting-your-password/#using-the-emergency-password-reset-script
requests: requests: