New Templates & Workflow (#3556)

* Create secure-login-panel.yaml * Create geo-webserver.yaml * Create hp-virtual-connect-manager.yaml * Create microsoft-azure-error.yaml * Create microsoft-iis-8.yaml * Create veeam-backup-azure-panel.yaml * Create user-control-panel.yaml * Create kafka-consumer-monitor.yaml * Update kafka-consumer-monitor.yaml * Create kafka-connect-ui-exposure.yaml * misc updates * duplicate template existing one - `exposed-panels/kafka-connect-ui.yaml` * Create kafka-cruise-control.yaml * Create kafka-center-default-login.yaml * Create kafka-center-login.yaml * minor update * Create azure-kubernetes-service.yaml * Update azure-kubernetes-service.yaml * Update azure-kubernetes-service.yaml * Create barracuda-panel.yaml * Update barracuda-panel.yaml * Update barracuda-panel.yaml * Create CVE-2021-24891.yaml * template meta info update * Delete CVE-2021-24891.yaml * Create caddy-open-redirect.yaml * Create concrete5-panel.yaml * Create concrete-workflow.yaml * updated matcher to avoid false negative results * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-19 13:21:15 +05:30 · 2022-01-19 13:21:15 +05:30 · 0e8b34f776
parent 4000a96d3b
commit 0e8b34f776
3 changed files with 52 additions and 0 deletions
--- a/exposed-panels/concrete5-panel.yaml
+++ b/exposed-panels/concrete5-panel.yaml
@ -0,0 +1,22 @@
+id: concrete5-panel
+
+info:
+  name: Concrete5 Panel
+  author: dhiyaneshDk
+  severity: info
+  metadata:
+    shodan-query: http.title:"concrete5"
+  tags: panel,concrete,cms
+
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php/login'
+
+    redirects: true
+    max-redirects: 2
+    matchers:
+      - type: word
+        words:
+          - 'concrete5'
--- a/misconfiguration/caddy-open-redirect.yaml
+++ b/misconfiguration/caddy-open-redirect.yaml
@ -0,0 +1,19 @@
+id: caddy-open-redirect
+
+info:
+  name: Caddy 2.4.6 Open Redirect (php_fastcgi)
+  author: dhiyaneshDK
+  severity: medium
+  reference: https://github.com/caddyserver/caddy/issues/4502
+  tags: redirect,caddy,server
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}//example.com/%2F..'
+
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
--- a/workflows/concrete-workflow.yaml
+++ b/workflows/concrete-workflow.yaml
@ -0,0 +1,11 @@
+id: concrete-workflow
+
+info:
+  name: Concrete Security Checks
+  author: dhiyaneshDK
+  description: A simple workflow that runs all Concrete related nuclei templates on a given target.
+
+workflows:
+  - template: exposed-panels/concrete5-panel.yaml
+    subtemplates:
+      - tags: concrete