diff --git a/cves/jira-cve-2017-9506.yaml b/cves/jira-cve-2017-9506.yaml new file mode 100644 index 0000000000..b82551cf65 --- /dev/null +++ b/cves/jira-cve-2017-9506.yaml @@ -0,0 +1,16 @@ +id: jira-cve-2017-9506 + +info: + name: Jira IconURIServlet SSRF + author: Ice3man + severity: high + +requests: + - method: GET + path: + - "{{BaseURL}}/plugins/servlet/oauth/users/icon-uri?consumerUri=https://ipinfo.io/json" + matchers: + - type: word + words: + - "ipinfo.io/missingauth" + part: body diff --git a/files/git-config.yaml b/files/git-config.yaml new file mode 100644 index 0000000000..4cddf21641 --- /dev/null +++ b/files/git-config.yaml @@ -0,0 +1,15 @@ +id: git-config + +info: + name: Git Config Disclosure + author: Ice3man + severity: medium + +requests: + - method: GET + path: + - "{{BaseURL}}/.git/config" + matchers: + - type: word + words: + - "[core]" diff --git a/files/phpinfo.yaml b/files/phpinfo.yaml new file mode 100644 index 0000000000..0bc41894c3 --- /dev/null +++ b/files/phpinfo.yaml @@ -0,0 +1,20 @@ +id: phpinfo-files + +info: + name: phpinfo Disclosure + author: bauthard + severity: low + +requests: + - method: GET + path: + - "{{BaseURL}}/php.php" + - "{{BaseURL}}/phpinfo.php" + - "{{BaseURL}}/info.php" + - "{{BaseURL}}/_profiler/phpinfo" + matchers: + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and \ No newline at end of file diff --git a/files/server-status-localhost.yaml b/files/server-status-localhost.yaml new file mode 100644 index 0000000000..9f220b0f83 --- /dev/null +++ b/files/server-status-localhost.yaml @@ -0,0 +1,24 @@ +id: server-status-localhost + +info: + name: Server Status Disclosure + author: bauthard + severity: low + +requests: + - method: GET + # Example of sending some headers to the servers + headers: + X-Client-IP: "127.0.0.1" + X-Remote-IP: "127.0.0.1" + X-Remote-Addr: "127.0.0.1" + X-Forwarded-For: "127.0.0.1" + X-Originating-IP: "127.0.0.1" + path: + - "{{BaseURL}}/server-status" + matchers: + - type: word + words: + - "Apache Server Status" + - "Server Version" + condition: and diff --git a/panels/phpmyadmin-panel.yaml b/panels/phpmyadmin-panel.yaml new file mode 100644 index 0000000000..6873573bf3 --- /dev/null +++ b/panels/phpmyadmin-panel.yaml @@ -0,0 +1,15 @@ +id: phpmyadmin-panel + +info: + name: phpMyAdmin Panel + author: bauthard + severity: low + +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/" + matchers: + - type: word + words: + - "