diff --git a/cves/2015/CVE-2015-2755.yaml b/cves/2015/CVE-2015-2755.yaml
index 6bf534cb1e..433ac5272d 100644
--- a/cves/2015/CVE-2015-2755.yaml
+++ b/cves/2015/CVE-2015-2755.yaml
@@ -1,16 +1,21 @@
id: CVE-2015-2755
info:
- name: AB Google Map Travel (AB-MAP) Wordpress Plugin <=3.4 - Stored XSS
+ name: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- Multiple cross-site scripting vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.
+ WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.
reference:
- https://packetstormsecurity.com/files/131155/
- - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
- http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
+ - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
+ classification:
+ cve-id: CVE-2015-2755
+ cwe-id: CWE-79
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
metadata:
verified: "true"
tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve
@@ -41,3 +46,5 @@ requests:
- 'contains(body_2, "")'
- 'contains(body_2, "ab-google-map-travel")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2015/CVE-2015-2996.yaml b/cves/2015/CVE-2015-2996.yaml
index fa4ba511ed..55927ae626 100644
--- a/cves/2015/CVE-2015-2996.yaml
+++ b/cves/2015/CVE-2015-2996.yaml
@@ -1,16 +1,16 @@
id: CVE-2015-2996
info:
- name: SysAid Help Desk <15.2 - Local File Disclosure
+ name: SysAid Help Desk <15.2 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
- Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.
+ SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
reference:
- https://seclists.org/fulldisclosure/2015/Jun/8
- - https://nvd.nist.gov/vuln/detail/CVE-2015-2996
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
+ - https://nvd.nist.gov/vuln/detail/CVE-2015-2996
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/cves/2015/CVE-2015-4062.yaml b/cves/2015/CVE-2015-4062.yaml
index 99f4b05cd3..c20c1a91fc 100644
--- a/cves/2015/CVE-2015-4062.yaml
+++ b/cves/2015/CVE-2015-4062.yaml
@@ -1,18 +1,18 @@
id: CVE-2015-4062
info:
- name: NewStatPress 0.9.8 - SQL Injection
+ name: WordPress NewStatPress 0.9.8 - SQL Injection
author: r3Y3r53
severity: critical
description: |
- The NewStatPress WordPress plugin was affected by SQL Injection security vulnerability.
+ WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
reference:
- https://packetstormsecurity.com/files/132038/
- - https://nvd.nist.gov/vuln/detail/CVE-2015-4062
- https://wordpress.org/plugins/newstatpress
- http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2015-4062
remediation: |
- Update to plugin version 0.9.9 or latest
+ Update to plugin version 0.9.9 or latest.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -43,3 +43,5 @@ requests:
- 'status_code == 200'
- 'contains(body_2, "newstatpress_page_nsp_search")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2015/CVE-2015-4063.yaml b/cves/2015/CVE-2015-4063.yaml
index 9f55dbcec1..96e34ed25a 100644
--- a/cves/2015/CVE-2015-4063.yaml
+++ b/cves/2015/CVE-2015-4063.yaml
@@ -1,17 +1,22 @@
id: CVE-2015-4063
info:
- name: NewStatPress 0.9.8 - Cross Site Scripting
+ name: NewStatPress <0.9.9 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
+ WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
reference:
- https://packetstormsecurity.com/files/132038/
- - https://nvd.nist.gov/vuln/detail/CVE-2015-4063
- https://wordpress.org/plugins/newstatpress/
- http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2015-4063
remediation: Update to plugin version 0.9.9 or latest.
+ classification:
+ cve-id: CVE-2015-4063
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 5.4
+ cwe-id: CWE-80
metadata:
verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm
@@ -36,3 +41,5 @@ requests:
- 'status_code_2 == 200'
- "contains(body_2, '') && contains(body_2, 'newstatpress')"
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2015/CVE-2015-9312.yaml b/cves/2015/CVE-2015-9312.yaml
index 80aaf13074..6954a1c100 100644
--- a/cves/2015/CVE-2015-9312.yaml
+++ b/cves/2015/CVE-2015-9312.yaml
@@ -1,7 +1,7 @@
id: CVE-2015-9312
info:
- name: NewStatPress <= 1.0.4 - Cross Site Scripting
+ name: NewStatPress <= 1.0.4 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
@@ -42,3 +42,5 @@ requests:
- 'contains(body_2, "
alert(document.domain)")'
- 'contains(body_2, "2kb-amazon-affiliates-store")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2018/CVE-2018-16159.yaml b/cves/2018/CVE-2018-16159.yaml
index 57ac28f95e..acbd9b7622 100644
--- a/cves/2018/CVE-2018-16159.yaml
+++ b/cves/2018/CVE-2018-16159.yaml
@@ -1,17 +1,17 @@
id: CVE-2018-16159
info:
- name: Gift Voucher < 4.1.8 - Unauthenticated Blind SQL Injection
+ name: WordPress Gift Voucher <4.1.8 - Blind SQL Injection
author: theamanrawat
severity: critical
description: |
- The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
+ WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/9117
- https://wordpress.org/plugins/gift-voucher/
- - https://nvd.nist.gov/vuln/detail/CVE-2018-16159
- https://www.exploit-db.com/exploits/45255/
- remediation: Fixed in version 4.1.8
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-16159
+ remediation: Fixed in version 4.1.8.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -39,3 +39,5 @@ requests:
- 'contains(content_type, "application/json")'
- 'contains(body, "images") && contains(body, "title")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2018/CVE-2018-6184.yaml b/cves/2018/CVE-2018-6184.yaml
index 50fbdd0d99..b0b0589db5 100644
--- a/cves/2018/CVE-2018-6184.yaml
+++ b/cves/2018/CVE-2018-6184.yaml
@@ -1,15 +1,15 @@
id: CVE-2018-6184
info:
- name: ZEIT Next.js Framework Path Traversal
+ name: Zeit Next.js <4.2.3 - Local File Inclusion
author: DhiyaneshDK
severity: high
description: |
- ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
+ Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/NextFrameworkPathTraversal.java
- - https://nvd.nist.gov/vuln/detail/CVE-2018-6184
- https://github.com/zeit/next.js/releases/tag/4.2.3
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-6184
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@@ -34,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2019/CVE-2019-5434.yaml b/cves/2019/CVE-2019-5434.yaml
index 60f6609fd2..4666784b5a 100644
--- a/cves/2019/CVE-2019-5434.yaml
+++ b/cves/2019/CVE-2019-5434.yaml
@@ -5,12 +5,12 @@ info:
author: omarjezi
severity: critical
description: |
- An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0
+ Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g. serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2019-5434
- https://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/47739
- https://www.revive-adserver.com/security/revive-sa-2019-001/
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-5434
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2020/CVE-2020-15895.yaml b/cves/2020/CVE-2020-15895.yaml
index 17440857bf..c053f7607b 100644
--- a/cves/2020/CVE-2020-15895.yaml
+++ b/cves/2020/CVE-2020-15895.yaml
@@ -1,16 +1,15 @@
id: CVE-2020-15895
info:
- name: D-Link DIR-816L - Cross Site Scripting
+ name: D-Link DIR-816L 2.x - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
- An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
+ D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.
reference:
- - https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/
- - https://nvd.nist.gov/vuln/detail/CVE-2020-15895
- https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-15895
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -42,3 +41,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/cves/2021/CVE-2021-21311.yaml b/cves/2021/CVE-2021-21311.yaml
index f02e7d0428..64c3b20ed1 100644
--- a/cves/2021/CVE-2021-21311.yaml
+++ b/cves/2021/CVE-2021-21311.yaml
@@ -4,7 +4,7 @@ info:
name: Adminer <4.7.9 - Server-Side Request Forgery
author: Adam Crosser,pwnhxl
severity: high
- description: Adminer from version 4.0.0 through 4.7.8 is susceptible to server-side request forgery due to its use of verbose error messages. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.
+ description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
@@ -50,8 +50,10 @@ requests:
- type: word
part: body
words:
- - "<title>400 - Bad Request</title>"
+ - "400 - Bad Request"
- type: status
status:
- 403
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-24169.yaml b/cves/2021/CVE-2021-24169.yaml
index d33d26fafb..d34230fafa 100644
--- a/cves/2021/CVE-2021-24169.yaml
+++ b/cves/2021/CVE-2021-24169.yaml
@@ -1,17 +1,17 @@
id: CVE-2021-24169
info:
- name: Advanced Order Export For WooCommerce < 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)
+ name: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
+ WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3
- https://www.exploit-db.com/exploits/50324
- https://wordpress.org/plugins/woo-order-export-lite/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24169
- remediation: Fixed in version 3.1.8
+ remediation: Fixed in version 3.1.8.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -42,3 +42,5 @@ requests:
- 'contains(body_2, "")'
- 'contains(body_2, "woo-order-export-lite")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-24287.yaml b/cves/2021/CVE-2021-24287.yaml
index d3abe20d98..76a04d1027 100644
--- a/cves/2021/CVE-2021-24287.yaml
+++ b/cves/2021/CVE-2021-24287.yaml
@@ -1,17 +1,17 @@
id: CVE-2021-24287
info:
- name: Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
+ name: WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
+ WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://www.exploit-db.com/exploits/50349
- - https://nvd.nist.gov/vuln/detail/CVE-2021-24287
- https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf
- https://wordpress.org/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/
- remediation: Fixed in version 1.3.2
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24287
+ remediation: Fixed in version 1.3.2.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -42,3 +42,5 @@ requests:
- 'contains(body_2, "alert(document.domain)")'
- 'contains(body_2, "Set up the taxonomies")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-24554.yaml b/cves/2021/CVE-2021-24554.yaml
index 7acddadd6a..7eb0765e01 100644
--- a/cves/2021/CVE-2021-24554.yaml
+++ b/cves/2021/CVE-2021-24554.yaml
@@ -1,16 +1,16 @@
id: CVE-2021-24554
info:
- name: Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection
+ name: WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
author: theamanrawat
severity: high
description: |
- The Paytm Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue.
+ WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/f2842ac8-76fa-4490-aa0c-5f2b07ecf2ad
- https://wordpress.org/plugins/wp-paytm-pay/
- - https://nvd.nist.gov/vuln/detail/CVE-2021-24554
- https://codevigilant.com/disclosure/2021/wp-plugin-wp-paytm-pay/
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24554
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
@@ -43,3 +43,5 @@ requests:
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "paytm-settings_page_wp_paytm_donation")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-24875.yaml b/cves/2021/CVE-2021-24875.yaml
index 28e53177ba..dfcad339d8 100644
--- a/cves/2021/CVE-2021-24875.yaml
+++ b/cves/2021/CVE-2021-24875.yaml
@@ -1,12 +1,12 @@
id: CVE-2021-24875
info:
- name: eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting
+ name: WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue.
- remediation: Fixed in version 3.0.39
+ WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
+ remediation: Fixed in version 3.0.39.
reference:
- https://wpscan.com/vulnerability/652efc4a-f931-4668-ae74-a58b288a5715
- https://nvd.nist.gov/vuln/detail/CVE-2021-24875
@@ -40,3 +40,5 @@ requests:
- 'contains(body_2, "alert(document.domain)")'
- 'contains(body_2, "eCommerce Product Catalog")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-24931.yaml b/cves/2021/CVE-2021-24931.yaml
index 4bbf89759f..f2eceba929 100644
--- a/cves/2021/CVE-2021-24931.yaml
+++ b/cves/2021/CVE-2021-24931.yaml
@@ -1,16 +1,16 @@
id: CVE-2021-24931
info:
- name: Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
+ name: WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
author: theamanrawat
severity: critical
description: |
- The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
+ WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231
- https://wordpress.org/plugins/secure-copy-content-protection/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24931
- remediation: Fixed in version 2.8.2
+ remediation: Fixed in version 2.8.2.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -35,3 +35,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "{\"status\":true")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-25067.yaml b/cves/2021/CVE-2021-25067.yaml
index 4b5476a29c..fbbf11d168 100644
--- a/cves/2021/CVE-2021-25067.yaml
+++ b/cves/2021/CVE-2021-25067.yaml
@@ -42,3 +42,5 @@ requests:
- 'contains(body_2, "test\\\" style=animation-name:rotation onanimationstart=alert(document.domain)")'
- 'contains(body_2, "Enter Page Title")'
condition: and
+
+# Enhanced by cs 03/10/2023
diff --git a/cves/2021/CVE-2021-25114.yaml b/cves/2021/CVE-2021-25114.yaml
index b1513872af..cb60dac398 100644
--- a/cves/2021/CVE-2021-25114.yaml
+++ b/cves/2021/CVE-2021-25114.yaml
@@ -1,11 +1,11 @@
id: CVE-2021-25114
info:
- name: Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
+ name: WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
author: theamanrawat
severity: critical
description: |
- The plugin does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection.
+ WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discount_code in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/6c25a5f0-a137-4ea5-9422-8ae393d7b76b
- https://wordpress.org/plugins/paid-memberships-pro/
@@ -39,3 +39,5 @@ requests:
- status_code == 200
- contains(body_2, 'other_discount_code_')
condition: and
+
+# Enhanced by md on 2023/02/22
diff --git a/cves/2021/CVE-2021-25299.yaml b/cves/2021/CVE-2021-25299.yaml
index 43d053d4ab..bd86582ac7 100644
--- a/cves/2021/CVE-2021-25299.yaml
+++ b/cves/2021/CVE-2021-25299.yaml
@@ -5,12 +5,12 @@ info:
author: ritikchaddha
severity: medium
description: |
- Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
+ Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with the previous bugs to get one-click remote command execution on the Nagios XI server.
reference:
- https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md#cve-2021-25299
- - https://nvd.nist.gov/vuln/detail/CVE-2021-25299
- http://nagios.com
- https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-25299
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -55,3 +55,5 @@ requests:
regex:
- 'name="nsp" value="(.*)">'
internal: true
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2021/CVE-2021-25899.yaml b/cves/2021/CVE-2021-25899.yaml
index bfdaab1976..320a1242c9 100644
--- a/cves/2021/CVE-2021-25899.yaml
+++ b/cves/2021/CVE-2021-25899.yaml
@@ -5,7 +5,7 @@ info:
author: edoardottt
severity: high
description: |
- An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
+ Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765
@@ -36,3 +36,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "Contacte con el administrador")'
condition: and
+
+# Enhanced by md on 2023/02/22
diff --git a/cves/2021/CVE-2021-27520.yaml b/cves/2021/CVE-2021-27520.yaml
index 698523c8af..eff00e3ad0 100644
--- a/cves/2021/CVE-2021-27520.yaml
+++ b/cves/2021/CVE-2021-27520.yaml
@@ -1,16 +1,16 @@
id: CVE-2021-27520
info:
- name: FUDForum 3.1.0 - Cross Site Scripting
+ name: FUDForum 3.1.0 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
+ FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks.
reference:
- https://www.exploit-db.com/exploits/49943
- - https://nvd.nist.gov/vuln/detail/CVE-2021-27520
- https://github.com/fudforum/FUDforum/issues/2
- http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-27520
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2021/CVE-2021-30134.yaml b/cves/2021/CVE-2021-30134.yaml
index 7c584e4149..944af48b91 100644
--- a/cves/2021/CVE-2021-30134.yaml
+++ b/cves/2021/CVE-2021-30134.yaml
@@ -1,11 +1,11 @@
id: CVE-2021-30134
info:
- name: php-mod/curl Library - Cross-Site Scripting
+ name: Php-mod/curl Library <2.3.2 - Cross-Site Scripting
author: theamanrawat
severity: medium
description: |
- php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
+ Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.
reference:
- https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7
- https://nvd.nist.gov/vuln/detail/CVE-2021-30134
@@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2021/CVE-2021-36580.yaml b/cves/2021/CVE-2021-36580.yaml
index c3fd4b08bb..f7ece1c56c 100644
--- a/cves/2021/CVE-2021-36580.yaml
+++ b/cves/2021/CVE-2021-36580.yaml
@@ -1,11 +1,19 @@
id: CVE-2021-36580
info:
- name: IceWarp Open Redirect
+ name: IceWarp Mail Server - Open Redirect
author: DhiyaneshDk
+ description: |
+ IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.
severity: medium
reference:
+ - https://www.icewarp.com/
- https://twitter.com/shifacyclewala/status/1443298941311668227
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cwe-id: CWE-601
+ cve-id: CVE-2021-36580
metadata:
verified: true
shodan-query: title:"icewarp"
@@ -21,3 +29,5 @@ requests:
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
+
+# Enhanced by cs 03/02/2023
\ No newline at end of file
diff --git a/cves/2022/CVE-2022-0693.yaml b/cves/2022/CVE-2022-0693.yaml
index be25a6da49..4a8ef1d846 100644
--- a/cves/2022/CVE-2022-0693.yaml
+++ b/cves/2022/CVE-2022-0693.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-0693
info:
- name: Master Elements <= 8.0 - Unauthenticated SQLi
+ name: WordPress Master Elements <=8.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
- The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection.
+ WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/a72bf075-fd4b-4aa5-b4a4-5f62a0620643
- https://wordpress.org/plugins/master-elements
@@ -33,3 +33,5 @@ requests:
- 'status_code == 200'
- 'contains(body, "Post Meta Setting Deleted Successfully")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2022/CVE-2022-0760.yaml b/cves/2022/CVE-2022-0760.yaml
index 57dbae11c3..511212dcf5 100644
--- a/cves/2022/CVE-2022-0760.yaml
+++ b/cves/2022/CVE-2022-0760.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-0760
info:
- name: Simple Link Directory < 7.7.2 - Unauthenticated SQL injection
+ name: WordPress Simple Link Directory <7.7.2 - SQL injection
author: theamanrawat
severity: critical
description: |
- The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.
+ WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210
- https://wordpress.org/plugins/simple-link-directory/
@@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "vote_status") || contains(body, "critical error")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2022/CVE-2022-0949.yaml b/cves/2022/CVE-2022-0949.yaml
index 24fcb69790..d820a83c25 100644
--- a/cves/2022/CVE-2022-0949.yaml
+++ b/cves/2022/CVE-2022-0949.yaml
@@ -1,12 +1,12 @@
id: CVE-2022-0949
info:
- name: WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi
+ name: WordPress Stop Bad Bots <6.930 - SQL Injection
author: theamanrawat
severity: critical
description: |
- The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection.
- remediation: Fixed in version 6.930
+ WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+ remediation: Fixed in version 6.930.
reference:
- https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb
- https://wordpress.org/plugins/stopbadbots/
@@ -54,3 +54,5 @@ requests:
- 'status_code_2 == 200'
- 'contains(body_3, "commentform")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2022/CVE-2022-1013.yaml b/cves/2022/CVE-2022-1013.yaml
index 52a4159065..c17d2f4ed6 100644
--- a/cves/2022/CVE-2022-1013.yaml
+++ b/cves/2022/CVE-2022-1013.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-1013
info:
- name: Personal Dictionary < 1.3.4 - Unauthenticated SQLi
+ name: WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
author: theamanrawat
severity: critical
description: |
- The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.
+ WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: Fixed in version 1.3.4.
reference:
- https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d
@@ -38,3 +38,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "\"status\":true,")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2022/CVE-2022-2599.yaml b/cves/2022/CVE-2022-2599.yaml
index cdd87106a7..af6aaba153 100644
--- a/cves/2022/CVE-2022-2599.yaml
+++ b/cves/2022/CVE-2022-2599.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-2599
info:
- name: Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Cross-Site Scripting
+ name: WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
- The plugin does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting.
+ WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.
reference:
- https://wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef
- https://wordpress.org/plugins/gotmls/advanced/
@@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2022/CVE-2022-28923.yaml b/cves/2022/CVE-2022-28923.yaml
index 35c24dba0a..fcc09df351 100644
--- a/cves/2022/CVE-2022-28923.yaml
+++ b/cves/2022/CVE-2022-28923.yaml
@@ -1,15 +1,16 @@
id: CVE-2022-28923
info:
- name: Caddy 2.4.6 Open Redirect
+ name: Caddy 2.4.6 - Open Redirect
author: Sascha Brendel,DhiyaneshDk
severity: medium
description: |
- Caddy version 2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
+ Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/
- https://www.cve.org/CVERecord?id=CVE-2022-28923
- https://github.com/caddyserver/caddy/issues/4502
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-28923
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -30,3 +31,5 @@ requests:
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2022/CVE-2022-36446.yaml b/cves/2022/CVE-2022-36446.yaml
index e8b9e0f7de..8ea407a0a5 100644
--- a/cves/2022/CVE-2022-36446.yaml
+++ b/cves/2022/CVE-2022-36446.yaml
@@ -1,16 +1,16 @@
id: CVE-2022-36446
info:
- name: Webmin - Remote Code Execution (Authenticated)
+ name: Webmin <1.997 - Authenticated Remote Code Execution
author: gy741
severity: critical
description: |
- Webmin before 1.997 is vulnerable to RCE exploits. an authenticated, remote attacker to perform command injection attacks.
+ Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference:
- https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165
- https://www.exploit-db.com/exploits/50998
- - https://nvd.nist.gov/vuln/detail/CVE-2022-36446
- https://github.com/webmin/webmin/compare/1.996...1.997
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-36446
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -51,3 +51,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/cves/2022/CVE-2022-3934.yaml b/cves/2022/CVE-2022-3934.yaml
index 9fc8e3518f..399dc66020 100644
--- a/cves/2022/CVE-2022-3934.yaml
+++ b/cves/2022/CVE-2022-3934.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-3934
info:
- name: Flat PM < 3.0.13 - Reflected Cross-Site Scripting
+ name: WordPress FlatPM <3.0.13 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
+ WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.
remediation: Fixed in version 3.0.13.
reference:
- https://wpscan.com/vulnerability/ab68381f-c4b8-4945-a6a5-1d4d6473b73a
@@ -40,3 +40,5 @@ requests:
- 'status_code_2 == 200'
- 'contains(body_2, "alert(document.domain)") && contains(body_2, "Flat PM")'
condition: and
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2022/CVE-2022-4063.yaml b/cves/2022/CVE-2022-4063.yaml
index 620353b6f3..9cc8893f09 100644
--- a/cves/2022/CVE-2022-4063.yaml
+++ b/cves/2022/CVE-2022-4063.yaml
@@ -1,12 +1,12 @@
id: CVE-2022-4063
info:
- name: InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
+ name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
author: theamanrawat
severity: critical
description: |
- The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
- remediation: Fixed in version 2.1.4.1
+ WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
+ remediation: Fixed in version 2.1.4.1.
reference:
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://wordpress.org/plugins/inpost-gallery/
@@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/13
diff --git a/cves/2022/CVE-2022-4301.yaml b/cves/2022/CVE-2022-4301.yaml
index 9493c9ceee..e2d3c454bb 100644
--- a/cves/2022/CVE-2022-4301.yaml
+++ b/cves/2022/CVE-2022-4301.yaml
@@ -1,12 +1,12 @@
id: CVE-2022-4301
info:
- name: Sunshine Photo Cart < 2.9.15 - Cross Site Scripting
+ name: WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
- remediation: Fixed in version 2.9.15
+ WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+ remediation: Fixed in version 2.9.15.
reference:
- https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d
- https://nvd.nist.gov/vuln/detail/CVE-2022-4301
@@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/14
diff --git a/cves/2022/CVE-2022-4306.yaml b/cves/2022/CVE-2022-4306.yaml
index 519f1153f5..f0d4d65a6c 100644
--- a/cves/2022/CVE-2022-4306.yaml
+++ b/cves/2022/CVE-2022-4306.yaml
@@ -1,12 +1,12 @@
id: CVE-2022-4306
info:
- name: Panda Pods Repeater Field < 1.5.4 - Cross Site Scripting
+ name: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.
- remediation: Fixed in version 1.5.4
+ WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.
+ remediation: Fixed in version 1.5.4.
reference:
- https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe
- https://nvd.nist.gov/vuln/detail/CVE-2022-4306
@@ -40,3 +40,5 @@ requests:
- 'contains(body_2, "alert(document.domain)")'
- 'contains(body_2, "panda-repeater-add-new")'
condition: and
+
+# Enhanced by md on 2023/03/14
diff --git a/cves/2022/CVE-2022-4447.yaml b/cves/2022/CVE-2022-4447.yaml
index ee37e0fedf..43358fba9f 100644
--- a/cves/2022/CVE-2022-4447.yaml
+++ b/cves/2022/CVE-2022-4447.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-4447
info:
- name: Fontsy <= 1.8.6 - Unauthenticated SQLi
+ name: WordPress Fontsy <=1.8.6 - SQL Injection
author: theamanrawat
severity: critical
description: |
- The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
+ WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad
- https://wordpress.org/plugins/fontsy/
@@ -38,3 +38,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "{{md5(num)}}")'
condition: and
+
+# Enhanced by md on 2023/02/22
diff --git a/cves/2022/CVE-2022-45805.yaml b/cves/2022/CVE-2022-45805.yaml
index 8fb7acaa86..caacc0d1b1 100644
--- a/cves/2022/CVE-2022-45805.yaml
+++ b/cves/2022/CVE-2022-45805.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-45805
info:
- name: WordPress Paytm Payment Gateway Plugin <= 2.7.3 - SQL Injection
+ name: WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
author: theamanrawat
- severity: high
+ severity: critical
description: |
- SQL Injection vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information and creating new administrator accounts. This vulnerability has been fixed in version 2.7.7.
- remediation: Update to version 2.7.7, or a newer patched version.
+ WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+ remediation: Update to version 2.7.7 or a newer patched version.
reference:
- https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability
- https://wordpress.org/plugins/paytm-payments/
- https://nvd.nist.gov/vuln/detail/CVE-2022-45805
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- cvss-score: 8.2
- cve-id: CVE-2022-45805
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
cwe-id: CWE-89
+ cve-id: CVE-2022-45805
metadata:
verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,paytm-payments,authenticated
@@ -42,3 +42,5 @@ requests:
- 'status_code_2 == 200'
- 'contains(body_2, "toplevel_page_paytm")'
condition: and
+
+# Enhanced by cs on 2023/03/17
diff --git a/cves/2022/CVE-2022-46888.yaml b/cves/2022/CVE-2022-46888.yaml
index 9fd31b9c58..d7ecf6bb83 100644
--- a/cves/2022/CVE-2022-46888.yaml
+++ b/cves/2022/CVE-2022-46888.yaml
@@ -1,15 +1,15 @@
id: CVE-2022-46888
info:
- name: NexusPHP - Cross-Site Scripting
+ name: NexusPHP <1.7.33 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
- NexusPHPbefore 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php.
+ NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..
reference:
- https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities
- - https://nvd.nist.gov/vuln/detail/CVE-2022-46888
- https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-46888
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/14
diff --git a/cves/2022/CVE-2022-4897.yaml b/cves/2022/CVE-2022-4897.yaml
index f1b09754de..7117f87811 100644
--- a/cves/2022/CVE-2022-4897.yaml
+++ b/cves/2022/CVE-2022-4897.yaml
@@ -1,12 +1,12 @@
id: CVE-2022-4897
info:
- name: BackupBuddy < 8.8.3 - Cross Site Scripting
+ name: WordPress BackupBuddy <8.8.3 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
- The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting.
- remediation: Fixed in version 8.8.3
+ WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+ remediation: Fixed in version 8.8.3.
reference:
- https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f
- https://nvd.nist.gov/vuln/detail/CVE-2022-4897
@@ -40,3 +40,5 @@ requests:
- 'contains(body_2, "onload=alert(document.domain)")'
- 'contains(body_2, "BackupBudddy iFrame")'
condition: and
+
+# Enhanced by md on 2023/03/14
diff --git a/cves/2023/CVE-2023-23488.yaml b/cves/2023/CVE-2023-23488.yaml
index 674da13d7f..8b790a2250 100644
--- a/cves/2023/CVE-2023-23488.yaml
+++ b/cves/2023/CVE-2023-23488.yaml
@@ -1,11 +1,11 @@
id: CVE-2023-23488
info:
- name: Paid Memberships Pro < 2.9.8 - Unauthenticated Blind SQLi
+ name: WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
author: dwisiswant0
severity: critical
description: |
- The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
+ WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.tenable.com/security/research/tra-2023-2
- https://wordpress.org/plugins/paid-memberships-pro/
@@ -37,3 +37,5 @@ requests:
- status_code_1 != 403 # Wordfence
- contains(body_2, "pmpro_updates")
condition: and
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2023/CVE-2023-23489.yaml b/cves/2023/CVE-2023-23489.yaml
index 3666fe6662..0fbd0188b4 100644
--- a/cves/2023/CVE-2023-23489.yaml
+++ b/cves/2023/CVE-2023-23489.yaml
@@ -1,16 +1,16 @@
id: CVE-2023-23489
info:
- name: Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi
+ name: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
author: theamanrawat
severity: critical
description: |
- The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
+ WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/c5a6830c-6420-42fc-b20c-8e20224d6f18
- https://wordpress.org/plugins/easy-digital-downloads/
- - https://nvd.nist.gov/vuln/detail/CVE-2023-23489
- https://www.tenable.com/security/research/tra-2023-2
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-23489
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -38,3 +38,5 @@ requests:
- 'status_code_1 == 200'
- 'contains(body_1, "[]") && contains(body_2, "Easy Digital Downloads")'
condition: and
+
+# Enhanced by md on 2023/03/07
diff --git a/cves/2023/CVE-2023-23492.yaml b/cves/2023/CVE-2023-23492.yaml
index e5fdea20f6..fa7c64a9cb 100644
--- a/cves/2023/CVE-2023-23492.yaml
+++ b/cves/2023/CVE-2023-23492.yaml
@@ -3,18 +3,20 @@ id: CVE-2023-23492
info:
name: Login with Phone Number - Cross-Site Scripting
author: r3Y3r53
- severity: high
+ severity: medium
description: |
Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
+
+ Note that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.
reference:
- https://wordpress.org/plugins/login-with-phone-number/
- https://www.tenable.com/security/research/tra-2023-3
- https://nvd.nist.gov/vuln/detail/CVE-2023-23492
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- cvss-score: 8.8
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 5.4
+ cwe-id: CWE-80
cve-id: CVE-2023-23492
- cwe-id: CWE-89
metadata:
verified: "true"
tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023
@@ -41,3 +43,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/17
diff --git a/cves/2023/CVE-2023-23752.yaml b/cves/2023/CVE-2023-23752.yaml
index 9b2678d028..a86dc66f3e 100644
--- a/cves/2023/CVE-2023-23752.yaml
+++ b/cves/2023/CVE-2023-23752.yaml
@@ -1,17 +1,17 @@
id: CVE-2023-23752
info:
- name: Joomla Improper AccessCheck in WebService Endpoint
+ name: Joomla! Webservice - Password Disclosure
author: badboycxcc,Sascha Brendel
severity: medium
description: |
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
+ remediation: Upgrade to Joomla! version 4.2.8 or later.
reference:
- https://unsafe.sh/go-149780.html
- https://twitter.com/gov_hack/status/1626471960141238272/photo/1
- - https://cve.report/CVE-2023-23752
- https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
- remediation: Upgrade to Joomla! version 4.2.8 or later.
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-23552
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
@@ -47,3 +47,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs 02/23/2023
diff --git a/cves/2023/CVE-2023-24322.yaml b/cves/2023/CVE-2023-24322.yaml
index 4693e98799..1c4ec7d767 100644
--- a/cves/2023/CVE-2023-24322.yaml
+++ b/cves/2023/CVE-2023-24322.yaml
@@ -1,20 +1,21 @@
id: CVE-2023-24322
info:
- name: mojoPortal - Cross-Site Scripting
+ name: mojoPortal 2.7.0.0 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: |
- A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.
+ mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2023-24322
- https://github.com/blakduk/Advisories/blob/main/Mojoportal/README.md
- https://github.com/i7MEDIA/mojoportal/
- https://www.mojoportal.com/
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-24322
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-79
+ cve-id: CVE-2023-24322
metadata:
shodan-query: html:"mojoPortal"
verified: "true"
@@ -42,3 +43,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/fuzzing/adminer-panel-fuzz.yaml b/exposed-panels/adminer-panel-detect.yaml
similarity index 78%
rename from fuzzing/adminer-panel-fuzz.yaml
rename to exposed-panels/adminer-panel-detect.yaml
index e80d5d2ff8..04bb959ba0 100644
--- a/fuzzing/adminer-panel-fuzz.yaml
+++ b/exposed-panels/adminer-panel-detect.yaml
@@ -1,11 +1,16 @@
-id: adminer-panel-fuzz
+id: adminer-panel-detect
info:
- name: Adminer Login Panel Fuzz
+ name: Adminer Login Panel - Detect
author: random_robbie,meme-lord
severity: info
+ description: Adminer login panel was detected.
reference:
- https://blog.sorcery.ie/posts/adminer/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: fuzz,adminer,login
# <= 4.2.4 can have unauthenticated RCE via SQLite driver
@@ -46,3 +51,5 @@ requests:
group: 1
regex:
- '([0-9.]+)'
+
+# Enhanced by md on 2023/03/08
diff --git a/exposed-panels/kubeview-dashboard.yaml b/exposed-panels/kubeview-dashboard.yaml
index 8c03a579e8..2e1c63fbe7 100644
--- a/exposed-panels/kubeview-dashboard.yaml
+++ b/exposed-panels/kubeview-dashboard.yaml
@@ -1,11 +1,15 @@
id: kubeview-dashboard
info:
- name: KubeView Dashboard Exposure
+ name: KubeView Dashboard - Detect
author: ja1sh
severity: low
description: |
- An attacker can detect the public instance of a KubeView dashboard
+ KubeView dashboard was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: "true"
shodan-query: http.favicon.hash:-379154636
@@ -26,3 +30,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposed-panels/nsq-admin-panel.yaml b/exposed-panels/nsq-admin-panel.yaml
index 8236a4988d..5d9bf2ca6b 100644
--- a/exposed-panels/nsq-admin-panel.yaml
+++ b/exposed-panels/nsq-admin-panel.yaml
@@ -1,10 +1,10 @@
id: nsq-admin-panel
info:
- name: NSQ Admin Panel Exposure
+ name: NSQ Admin Panel - Detect
author: random-robbie
severity: medium
- description: NSQ unauthenticated admin panel detect.
+ description: NSQ admin panel was detected.
reference:
- https://nsq.io/components/nsqd.html
classification:
@@ -37,3 +37,5 @@ requests:
group: 1
regex:
- "nsqadmin/v([0-9.]+)"
+
+# Enhanced by md on 2023/02/22
diff --git a/exposed-panels/signet-explorer-dashboard.yaml b/exposed-panels/signet-explorer-dashboard.yaml
index 9d9e9e86df..e7d1735881 100644
--- a/exposed-panels/signet-explorer-dashboard.yaml
+++ b/exposed-panels/signet-explorer-dashboard.yaml
@@ -1,10 +1,16 @@
id: signet-explorer-dashboard
info:
- name: Signet Explorer Dashboard
+ name: Signet Explorer Dashboard - Detect
author: ritikchaddha
- severity: low
- description: Signet Explorer Dashboard detect to explore full Bitcoin ecosystem.
+ severity: info
+ description: Signet Explorer Dashboard was detected.
+ reference:
+ - https://github.com/mempool/mempool
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"mempool-space" || title:"Signet Explorer"
@@ -28,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/17
diff --git a/exposures/backups/zip-backup-files.yaml b/exposures/backups/zip-backup-files.yaml
index 22de7570b6..ac7fc5a9a2 100644
--- a/exposures/backups/zip-backup-files.yaml
+++ b/exposures/backups/zip-backup-files.yaml
@@ -23,8 +23,8 @@ requests:
- "{{RDN}}" # example.com
- "{{DN}}" # example
- "{{SD}}" # www
- - "{{date_time('%Y')}}" #2023
- - "ROOT" #tomcat
+ - "{{date_time('%Y')}}" # 2023
+ - "ROOT" # tomcat
- "wwwroot"
- "htdocs"
- "www"
diff --git a/exposures/configs/kyan-credential-exposure.yaml b/exposures/configs/kyan-credential-exposure.yaml
index 93512bb62f..55d5efce01 100644
--- a/exposures/configs/kyan-credential-exposure.yaml
+++ b/exposures/configs/kyan-credential-exposure.yaml
@@ -1,11 +1,16 @@
id: kyan-credential-exposure
info:
- name: Kyan network monitoring device account and password exposure
+ name: Kyan Network Login Panel - Detect
author: pikpikcu
severity: medium
+ description: Kyan Network login panel was detected. Password and other credential theft is possible via accessing this panel.
reference:
- https://mp.weixin.qq.com/s/6phWjDrGG0pCpGuCdLusIg
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: kyan,exposure,config,network
requests:
@@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/magento-config-disclosure.yaml b/exposures/configs/magento-config-disclosure.yaml
index f757dedf4c..df07dda52e 100644
--- a/exposures/configs/magento-config-disclosure.yaml
+++ b/exposures/configs/magento-config-disclosure.yaml
@@ -1,13 +1,17 @@
id: magento-config-disclosure
info:
- name: Magento - Config Disclosure
+ name: Magento Configuration Panel - Detect
author: ptonewreckin,danigoland,geeknik
severity: high
description: |
- Misconfigured instances of Magento may disclose usernames, passwords, and database configurations via /app/etc/local.xml
+ Magento configuration panel was detected. Misconfigured instances of Magento may disclose usernames, passwords, and database configurations via /app/etc/local.xml.
reference:
- https://github.com/ptonewreckin/cmsDetector/blob/master/signatures/magento.py
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.component:"Magento"
@@ -47,3 +51,5 @@ requests:
- "/config/global/resources/default_setup/connection/username"
- "/config/global/resources/default_setup/connection/password"
- "/config/global/resources/default_setup/connection/dbname"
+
+# Enhanced by cs on 2023/02/23
diff --git a/exposures/configs/nagios-status-page.yaml b/exposures/configs/nagios-status-page.yaml
index fab2593951..018a39a7e3 100644
--- a/exposures/configs/nagios-status-page.yaml
+++ b/exposures/configs/nagios-status-page.yaml
@@ -1,11 +1,16 @@
id: nagios-status-page
info:
- name: Nagios Current Status Page
+ name: Nagios Current Status Page - Detect
author: dhiyaneshDk
- severity: low
+ severity: medium
+ description: Nagios current status page was detected.
reference:
- https://www.exploit-db.com/ghdb/6918
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: exposure,nagios,status,edb
requests:
@@ -19,3 +24,5 @@ requests:
- type: word
words:
- Current Network Status
+
+# Enhanced by cs on 2023/02/23
diff --git a/exposures/configs/opcache-status-exposure.yaml b/exposures/configs/opcache-status-exposure.yaml
index 1a576ac817..a464bc1706 100644
--- a/exposures/configs/opcache-status-exposure.yaml
+++ b/exposures/configs/opcache-status-exposure.yaml
@@ -1,9 +1,15 @@
id: opcache-status-exposure
info:
- name: OPcache Status Exposure
+ name: OPcache Status Page - Detect
author: pdteam
- severity: low
+ severity: medium
+ description: OPcache status page was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
+ reference: https://www.php.net/manual/en/book.opcache.php
tags: config,exposure,status
requests:
@@ -19,3 +25,5 @@ requests:
- "opcache_hit_rate | "
condition: and
part: body
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/oracle-cgi-printenv.yaml b/exposures/configs/oracle-cgi-printenv.yaml
index 9c23391f7b..6c7573964d 100644
--- a/exposures/configs/oracle-cgi-printenv.yaml
+++ b/exposures/configs/oracle-cgi-printenv.yaml
@@ -1,11 +1,16 @@
id: oracle-cgi-printenv
info:
- name: Oracle CGI printenv - Information Disclosure
+ name: Oracle CGI Printenv - Information Disclosure
author: DhiyaneshDk
severity: medium
+ description: Oracle CGI printenv component is susceptible to an information disclosure vulnerability.
reference:
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/OracleCGIPrintEnv.java
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: exposure,oracle,config
requests:
@@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/oracle-ebs-credentials.yaml b/exposures/configs/oracle-ebs-credentials.yaml
index 5d0282a212..d42d9d3ba9 100644
--- a/exposures/configs/oracle-ebs-credentials.yaml
+++ b/exposures/configs/oracle-ebs-credentials.yaml
@@ -1,13 +1,18 @@
id: oracle-ebs-credentials
info:
- name: Oracle EBS Credentials Disclosure
+ name: Oracle E-Business System Credentials Page - Detect
author: dhiyaneshDk
- severity: medium
+ severity: high
+ description: Oracle E-Business System credentials page was detected.
reference:
- https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
- https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
- http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
tags: config,exposure,oracle
requests:
@@ -31,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/ovpn-config-exposed.yaml b/exposures/configs/ovpn-config-exposed.yaml
index ecd2acbab9..b6387f5444 100644
--- a/exposures/configs/ovpn-config-exposed.yaml
+++ b/exposures/configs/ovpn-config-exposed.yaml
@@ -1,9 +1,12 @@
id: ovpn-config-exposed
info:
- name: OVPN Config Download
+ name: OVPN Configuration Download Page - Detect
author: tess
severity: low
+ description: OVPS configuration download page was detected.
+ classification:
+ cwe-id: CWE-200
metadata:
verified: "true"
shodan-query: http.title:"OVPN Config Download"
@@ -28,3 +31,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/perl-status.yaml b/exposures/configs/perl-status.yaml
index 76d539b2d2..eb343e22a8 100644
--- a/exposures/configs/perl-status.yaml
+++ b/exposures/configs/perl-status.yaml
@@ -1,9 +1,15 @@
id: perl-status
info:
- name: Apache mod_perl Status Page Exposure
+ name: Apache Mod_perl Status Page - Detect
author: pdteam
severity: medium
+ description: Apache mod_perl status page was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
+ reference: https://perl.apache.org/
tags: config,exposure,apache,status
requests:
@@ -16,3 +22,5 @@ requests:
- "Apache2::Status"
- "Perl version"
condition: and
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/php-fpm-config.yaml b/exposures/configs/php-fpm-config.yaml
index 8ee6d315d2..7e9398f289 100644
--- a/exposures/configs/php-fpm-config.yaml
+++ b/exposures/configs/php-fpm-config.yaml
@@ -1,9 +1,15 @@
id: php-fpm-config
info:
- name: PHP-FPM Config file disclosure
+ name: PHP-FPM Configuration Page - Detect
author: sheikhrishad
- severity: low
+ severity: info
+ description: PHP-FPM configuration page was detected.
+ reference: https://www.php.net/manual/en/install.fpm.php
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: config,exposure,php
requests:
@@ -21,4 +27,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/phpinfo-files.yaml b/exposures/configs/phpinfo-files.yaml
index 3c3e9648aa..b76241120f 100644
--- a/exposures/configs/phpinfo-files.yaml
+++ b/exposures/configs/phpinfo-files.yaml
@@ -1,13 +1,14 @@
id: phpinfo-files
info:
- name: phpinfo Disclosure
+ name: PHPinfo Page - Detect
author: pdteam,daffainfo,meme-lord,dhiyaneshDK,wabafet
- description: |
- A "PHP Info" page was found. The output of the phpinfo() command can reveal detailed PHP environment information.
- remediation: |
- Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only.
severity: low
+ description: |
+ PHPinfo page was detected. The output of the phpinfo() command can reveal sensitive and detailed PHP environment information.
+ remediation: Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only.
+ classification:
+ cwe-id: CWE-200
tags: config,exposure,phpinfo
requests:
@@ -55,3 +56,5 @@ requests:
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/phpstan-config.yaml b/exposures/configs/phpstan-config.yaml
index e79f2ce8c6..d20e56bffd 100644
--- a/exposures/configs/phpstan-config.yaml
+++ b/exposures/configs/phpstan-config.yaml
@@ -1,9 +1,15 @@
id: phpstan-config
info:
- name: PHPStan Configuration Exposure
+ name: PHPStan Configuration Page - Detect
author: DhiyaneshDK
- severity: low
+ severity: info
+ description: PHPStan configuration page was detected.
+ reference: https://phpstan.org/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"phpstan.neon"
@@ -30,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/plesk-stat.yaml b/exposures/configs/plesk-stat.yaml
index 5f0400beed..5d30598b5c 100644
--- a/exposures/configs/plesk-stat.yaml
+++ b/exposures/configs/plesk-stat.yaml
@@ -1,9 +1,14 @@
id: plesk-stat
info:
- name: Plesk-stat (Log analyzer)
+ name: Webalizer Log Analyzer Configuration - Detect
author: th3.d1p4k
- severity: low
+ severity: medium
+ description: Webalizer log analyzer configuration was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
reference:
- http://www.webalizer.org
tags: config,exposure,plesk
@@ -32,3 +37,5 @@ requests:
- 'webstat-ssl'
- 'webstat'
condition: or
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/pre-commit-config.yaml b/exposures/configs/pre-commit-config.yaml
index 715b6b4494..1cf60083bd 100644
--- a/exposures/configs/pre-commit-config.yaml
+++ b/exposures/configs/pre-commit-config.yaml
@@ -1,9 +1,15 @@
id: pre-commit-config
info:
- name: Pre Commit Configuration File Exposure
+ name: Pre-commit Configuration File - Detect
author: DhiyaneshDk
- severity: low
+ severity: info
+ description: Pre-commit configuration file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
+ reference: https://pre-commit.com/
metadata:
verified: true
tags: exposure,devops,config,cicd
@@ -28,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/22
diff --git a/exposures/configs/proftpd-config.yaml b/exposures/configs/proftpd-config.yaml
index ed5a4a8b08..1ca917b4cd 100644
--- a/exposures/configs/proftpd-config.yaml
+++ b/exposures/configs/proftpd-config.yaml
@@ -1,9 +1,15 @@
id: proftpd-config
info:
- name: ProFTPD Config file disclosure
+ name: ProFTPD Configuration File - Detect
author: sheikhrishad
severity: low
+ description: ProFTPD configuration file was detected.
+ reference: http://www.proftpd.org/docs/howto/ConfigFile.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: config,exposure,proftpd
requests:
@@ -21,4 +27,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by cs on 2023/02/24
diff --git a/exposures/configs/prometheus-metrics.yaml b/exposures/configs/prometheus-metrics.yaml
index b98c6d64ed..68e6eaab58 100644
--- a/exposures/configs/prometheus-metrics.yaml
+++ b/exposures/configs/prometheus-metrics.yaml
@@ -1,9 +1,14 @@
id: prometheus-metrics
info:
- name: Exposed Prometheus metrics
+ name: Prometheus Metrics - Detect
author: dhiyaneshDK, philippedelteil
- severity: low
+ severity: medium
+ description: Prometheus metrics page was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
reference:
- https://github.com/prometheus/prometheus
- https://hackerone.com/reports/1026196
@@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/proxy-wpad-exposure.yaml b/exposures/configs/proxy-wpad-exposure.yaml
index 82d7108188..b30a383e16 100644
--- a/exposures/configs/proxy-wpad-exposure.yaml
+++ b/exposures/configs/proxy-wpad-exposure.yaml
@@ -1,9 +1,15 @@
id: proxy-wpad-exposure
info:
- name: Proxy WPAD Configuration Exposure
+ name: Web Proxy Auto-Discovery Configuration File - Detect
author: DhiyaneshDk
- severity: low
+ severity: info
+ description: Web Proxy Auto-Discovery configuration file was detected.
+ reference: https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"wpad.dat"
@@ -26,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/pubspec-config.yaml b/exposures/configs/pubspec-config.yaml
index db1e1043de..8d54e4d774 100644
--- a/exposures/configs/pubspec-config.yaml
+++ b/exposures/configs/pubspec-config.yaml
@@ -1,9 +1,17 @@
id: pubspec-config
info:
- name: Pubspec YAML Configuration File Exposure
+ name: Pubspec YAML Configuration File - Detect
author: DhiyaneshDk
- severity: low
+ severity: info
+ description: Pubspec YAML configuration file was detected.
+ reference:
+ - https://docs.flutter.dev/development/tools/pubspec
+ - https://xeladu.medium.com/the-flutter-pubspec-yaml-in-detail-eee5729d9df7
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"pubspec.yaml"
@@ -29,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/rails-database-config.yaml b/exposures/configs/rails-database-config.yaml
index 6e5b4f8f2b..ea592eb05b 100644
--- a/exposures/configs/rails-database-config.yaml
+++ b/exposures/configs/rails-database-config.yaml
@@ -1,9 +1,15 @@
id: rails-database-config
info:
- name: Ruby-on-Rails Database Configuration Exposure
+ name: Ruby on Rails Database Configuration File - Detect
author: pdteam,geeknik
- severity: low
+ severity: high
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
+ description: Ruby on Rails database configuration file was detected, which may contain database credentials.
+ reference: https://guides.rubyonrails.org/configuring.html#configuring-a-database
tags: config,exposure,rails
requests:
@@ -23,4 +29,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/redis-config.yaml b/exposures/configs/redis-config.yaml
index 63a8801564..fb7568f96c 100644
--- a/exposures/configs/redis-config.yaml
+++ b/exposures/configs/redis-config.yaml
@@ -1,10 +1,16 @@
id: redis-config
info:
- name: Redis Configuration File Exposure
+ name: Redis Configuration File - Detect
author: geeknik
severity: medium
- reference: https://redis.io/docs/manual/config/
+ description: Redis configuration file was detected.
+ reference:
+ - https://redis.io/docs/manual/config/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"redis.conf"
@@ -33,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/robomongo-credential.yaml b/exposures/configs/robomongo-credential.yaml
index 3bcbf8430c..883342ca3b 100644
--- a/exposures/configs/robomongo-credential.yaml
+++ b/exposures/configs/robomongo-credential.yaml
@@ -1,10 +1,15 @@
id: robomongo-credential
info:
- name: MongoDB credential disclosure
+ name: RoboMongo Configuration File - Detect
author: geeknik
severity: high
- description: MongoDB credentials file used by RoboMongo
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
+ description: A MongoDB credentials file used by RoboMongo was detected.
+ reference: https://robomongo.org/
tags: mongodb,robomongo,disclosure,config
requests:
@@ -30,4 +35,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/ruijie-information-disclosure.yaml b/exposures/configs/ruijie-information-disclosure.yaml
index c74cf1f58d..f30186d531 100644
--- a/exposures/configs/ruijie-information-disclosure.yaml
+++ b/exposures/configs/ruijie-information-disclosure.yaml
@@ -1,10 +1,16 @@
id: ruijie-information-disclosure
info:
- name: Ruijie Information Disclosure
+ name: Ruijie Login Panel - Detect
author: pikpikcu
severity: high
+ description: Ruijie login panel was detected and leaks authentication credentials.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
reference:
+ - https://www.ruijienetworks.com/
- https://www.cnblogs.com/cHr1s/p/14499858.html
tags: ruijie,config,exposure
@@ -25,3 +31,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/ruijie-nbr1300g-exposure.yaml b/exposures/configs/ruijie-nbr1300g-exposure.yaml
index b4ae923be3..90562cd58d 100644
--- a/exposures/configs/ruijie-nbr1300g-exposure.yaml
+++ b/exposures/configs/ruijie-nbr1300g-exposure.yaml
@@ -1,12 +1,17 @@
id: ruijie-nbr1300g-exposure
info:
- name: Ruijie NBR1300G Cli Password Leak
+ name: Ruijie NBR1300G Cli Password Leak - Detect
author: pikpikcu
- severity: medium
+ severity: high
+ description: Ruijie NBR1300G CLI password leak vulnerability was detected.
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html
- https://www.ruijienetworks.com
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
tags: ruijie,exposure
requests:
@@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/ruijie-phpinfo.yaml b/exposures/configs/ruijie-phpinfo.yaml
index 63c1ac858d..32bdd3fc4a 100644
--- a/exposures/configs/ruijie-phpinfo.yaml
+++ b/exposures/configs/ruijie-phpinfo.yaml
@@ -1,9 +1,12 @@
id: ruijie-phpinfo
info:
- name: Ruijie Phpinfo
+ name: Ruijie Phpinfo Configuration - Detect
author: pikpikcu
severity: low
+ description: Ruijie phpinfo configuration was detected.
+ classification:
+ cwe-id: CWE-200
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20phpinfo.view.php%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
tags: phpinfo,rujjie,config,exposure,ruijie
@@ -24,3 +27,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/s3cfg-config.yaml b/exposures/configs/s3cfg-config.yaml
index 5cc225f727..deca348e1e 100644
--- a/exposures/configs/s3cfg-config.yaml
+++ b/exposures/configs/s3cfg-config.yaml
@@ -1,9 +1,14 @@
id: s3cfg-config
info:
- name: S3CFG Configuration - File Exposure
+ name: S3CFG Configuration - Detect
author: geeknik,DhiyaneshDK
- severity: unknown
+ severity: high
+ description: S3CFG configuration file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
reference:
- https://s3tools.org/kb/item14.htm
tags: amazon,s3,exposure,config
@@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/saia-web-server-info.yaml b/exposures/configs/saia-web-server-info.yaml
index 6028fa843a..a310906037 100644
--- a/exposures/configs/saia-web-server-info.yaml
+++ b/exposures/configs/saia-web-server-info.yaml
@@ -1,9 +1,14 @@
id: saia-web-server
info:
- name: Saia PCD Web-Server
+ name: Saia PCD Web-Server Configuration Page - Detect
author: DhiyaneshDk
- severity: low
+ severity: info
+ description: Saia PCD Web-Server configuration page was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
reference:
- https://www.exploit-db.com/ghdb/6865
tags: edb,config,exposure
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/server-private-keys.yaml b/exposures/configs/server-private-keys.yaml
index c6301eaaae..e3c1aa236c 100644
--- a/exposures/configs/server-private-keys.yaml
+++ b/exposures/configs/server-private-keys.yaml
@@ -1,9 +1,14 @@
id: server-private-keys
info:
- name: Detect Private SSL, SSH, TLS, and JWT Keys
+ name: SSL/SSH/TLS/JWT Keys - Detect
author: geeknik,R12W4N
severity: high
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
+ description: Private SSL, SSH, TLS, and JWT keys were detected.
tags: config,exposure
requests:
@@ -70,3 +75,5 @@ requests:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/sftp-config-exposure.yaml b/exposures/configs/sftp-config-exposure.yaml
index 6d3e3c5db0..65ec67cb3a 100644
--- a/exposures/configs/sftp-config-exposure.yaml
+++ b/exposures/configs/sftp-config-exposure.yaml
@@ -1,9 +1,14 @@
id: sftp-config-exposure
info:
- name: SFTP Config File Disclosure
+ name: SFTP Configuration File - Detect
author: geeknik
severity: high
+ description: SFTP configuration file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
reference:
- https://blog.sucuri.net/2012/11/psa-sftpftp-password-exposure-via-sftp-config-json.html
- https://www.acunetix.com/vulnerabilities/web/sftp-ftp-credentials-exposure/
@@ -31,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/sftp-credentials-exposure.yaml b/exposures/configs/sftp-credentials-exposure.yaml
index f95a5785fb..6cb0372375 100644
--- a/exposures/configs/sftp-credentials-exposure.yaml
+++ b/exposures/configs/sftp-credentials-exposure.yaml
@@ -1,9 +1,14 @@
id: sftp-credentials-exposure
info:
- name: SFTP credentials exposure
+ name: SFTP Credentials - Detect
author: sheikhrishad
- severity: medium
+ severity: high
+ description: SFTP credentials were detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
tags: config,ftp,exposure
requests:
@@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/sftp-deployment-config.yaml b/exposures/configs/sftp-deployment-config.yaml
index 2d1ea3b4a6..ec2970fabe 100644
--- a/exposures/configs/sftp-deployment-config.yaml
+++ b/exposures/configs/sftp-deployment-config.yaml
@@ -1,11 +1,15 @@
id: sftp-deployment-config
info:
- name: Atom Package SFTP - Deployment Configuration Disclosure
+ name: Atom SFTP Configuration File - Detect
author: geeknik
severity: high
description: |
- Created by sftp-deployment for Atom, contains server details and credentials
+ Atom SFTP deployment configuration file was detected. File contains server details and credentials.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
reference:
- https://atom.io/packages/sftp-deployment
metadata:
@@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/ssh-authorized-keys.yaml b/exposures/configs/ssh-authorized-keys.yaml
index 5c1a902cc3..edae32dedd 100644
--- a/exposures/configs/ssh-authorized-keys.yaml
+++ b/exposures/configs/ssh-authorized-keys.yaml
@@ -1,9 +1,14 @@
id: ssh-authorized-keys
info:
- name: SSH Authorized Keys
+ name: SSH Authorized Keys File - Detect
author: geeknik
- severity: low
+ severity: medium
+ description: SSH authorized keys file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
reference:
- https://www.ssh.com/academy/ssh/authorized-key
tags: config,exposure,ssh
@@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/ssh-known-hosts.yaml b/exposures/configs/ssh-known-hosts.yaml
index 021c215702..f6e8d056b8 100644
--- a/exposures/configs/ssh-known-hosts.yaml
+++ b/exposures/configs/ssh-known-hosts.yaml
@@ -1,9 +1,14 @@
id: ssh-known-hosts
info:
- name: SSH Known Hosts
+ name: SSH Known Hosts File - Detect
author: geeknik
- severity: low
+ severity: info
+ description: SSH known hosts file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
reference:
- https://datacadamia.com/ssh/known_hosts
tags: config,exposure,ssh
@@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/stestr-config.yaml b/exposures/configs/stestr-config.yaml
index b6ae305ca1..909377c965 100644
--- a/exposures/configs/stestr-config.yaml
+++ b/exposures/configs/stestr-config.yaml
@@ -1,12 +1,17 @@
id: stestr-config
info:
- name: Stestr Configuration File Exposure
+ name: Stestr Configuration File - Detect
author: Hardik-Solanki
severity: info
+ description: Stestr configuration file was detected.
reference:
- https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
- https://stestr.readthedocs.io/en/latest/MANUAL.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
github-query: filename:stestr.conf
@@ -29,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/svnserve-config.yaml b/exposures/configs/svnserve-config.yaml
index 443b519f85..fa5c34e11f 100644
--- a/exposures/configs/svnserve-config.yaml
+++ b/exposures/configs/svnserve-config.yaml
@@ -1,9 +1,18 @@
id: svnserve-config
info:
- name: svnserve config file disclosure
+ name: Svnserve Configuration File - Detect
author: sheikhrishad
- severity: low
+ severity: info
+ description: Svnserve configuration file was detected.
+ reference: https://linux.die.net/man/8/svnserve
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
+ metadata:
+ verified: "true"
+ google-query: intext:"configuration of the svnserve daemon"
tags: config,exposure,svnserve
requests:
@@ -19,4 +28,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/symfony-database-config.yaml b/exposures/configs/symfony-database-config.yaml
index d73e68a056..aaed2d59dd 100644
--- a/exposures/configs/symfony-database-config.yaml
+++ b/exposures/configs/symfony-database-config.yaml
@@ -1,9 +1,15 @@
id: symfony-database-config
info:
- name: Symfony Database Configuration Exposure
+ name: Symfony Database Configuration File - Detect
author: pdteam,geeknik
severity: high
+ description: Symfony database configuration file was detected and may contain database credentials.
+ reference: https://symfony.com/legacy/doc/reference/1_3/en/07-Databases
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
tags: config,exposure,symfony
requests:
@@ -26,3 +32,5 @@ requests:
- "param:"
condition: and
part: body
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/symfony-profiler.yaml b/exposures/configs/symfony-profiler.yaml
index f02bf7c591..d77f6917a6 100644
--- a/exposures/configs/symfony-profiler.yaml
+++ b/exposures/configs/symfony-profiler.yaml
@@ -1,12 +1,18 @@
id: symfony-profiler
info:
- name: Symfony Profiler
+ name: Symfony Profiler - Detect
author: pdteam
severity: high
+ description: Symfony profiler was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"symfony Profiler"
+ reference: https://symfony.com/doc/current/profiler.html
tags: config,exposure,symfony
requests:
@@ -21,3 +27,5 @@ requests:
part: body
words:
- "Symfony Profiler"
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/symfony-security-config.yaml b/exposures/configs/symfony-security-config.yaml
index f1365ebe3d..7c349abc28 100644
--- a/exposures/configs/symfony-security-config.yaml
+++ b/exposures/configs/symfony-security-config.yaml
@@ -1,12 +1,17 @@
id: symfony-security-config
info:
- name: Symfony Security Configuration Exposure
+ name: Symfony Security Configuration File - Detect
author: dahse89
severity: info
+ description: Symfony security configuration file was detected.
reference:
- https://symfony2-document.readthedocs.io/en/latest/book/security.html
- https://symfony.com/doc/current/reference/configuration/security.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: config,exposure,symfony
requests:
@@ -28,3 +33,5 @@ requests:
- "access_control:"
condition: and
part: body
+
+# Enhanced by md on 2023/02/23
diff --git a/exposures/configs/tox-ini.yaml b/exposures/configs/tox-ini.yaml
index e020d670cd..2f7f29bea8 100644
--- a/exposures/configs/tox-ini.yaml
+++ b/exposures/configs/tox-ini.yaml
@@ -1,9 +1,14 @@
id: tox-ini
info:
- name: tox.ini File Exposure
+ name: Tox Configuration File - Detect
author: geeknik
- severity: low
+ severity: info
+ description: Tox configuration file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
reference: https://tox.wiki/en/latest/config.html
metadata:
verified: true
@@ -32,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/ventrilo-config.yaml b/exposures/configs/ventrilo-config.yaml
index 7471b77e51..f53980acde 100644
--- a/exposures/configs/ventrilo-config.yaml
+++ b/exposures/configs/ventrilo-config.yaml
@@ -1,11 +1,15 @@
id: ventrilo-config
info:
- name: Ventrilo Configuration File
+ name: Ventrilo Configuration File - Detect
author: geeknik
severity: high
description: |
- It discloses the AdminPassword and Password of the application.
+ Ventrilo configuration file was detected, The file discloses the application's Adminpassword and Password.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
reference:
- https://www.ventrilo.com/setup.php
metadata:
@@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/web-config.yaml b/exposures/configs/web-config.yaml
index 767cbd0315..9cbf28d881 100644
--- a/exposures/configs/web-config.yaml
+++ b/exposures/configs/web-config.yaml
@@ -1,10 +1,16 @@
id: web-config
info:
- name: Web Config file
+ name: Web Configuration File - Detect
author: Yash Anand @yashanand155,DhiyaneshDK
severity: info
- reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
+ description: Web configuration file was detected.
+ reference:
+ - https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: config,exposure
requests:
@@ -24,3 +30,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/24
diff --git a/exposures/configs/webpack-config.yaml b/exposures/configs/webpack-config.yaml
index b742c6e588..08326bb052 100644
--- a/exposures/configs/webpack-config.yaml
+++ b/exposures/configs/webpack-config.yaml
@@ -1,10 +1,14 @@
id: webpack-config
info:
- name: webpack config disclosure
+ name: Webpack Configuration File - Detect
author: ambassify
severity: info
- description: A lot of web projects use webpack these days to bundle their project to publish it online - this file holds various metadata relevant to the project.
+ description: Webpack configuration file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: html:"webpack.config.js"
tags: config,exposure
@@ -31,4 +35,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by md on 2023/02/24
diff --git a/exposures/configs/websheets-config.yaml b/exposures/configs/websheets-config.yaml
index 5c56d3f69c..827c75b55d 100644
--- a/exposures/configs/websheets-config.yaml
+++ b/exposures/configs/websheets-config.yaml
@@ -1,9 +1,14 @@
id: websheets-config
info:
- name: Websheets Config File Exposure
+ name: Websheets Configuration File - Detect
author: geeknik
- severity: low
+ severity: high
+ description: Websheets configuration file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
reference:
- https://github.com/daveagp/websheets
metadata:
@@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/configs/wgetrc-config.yaml b/exposures/configs/wgetrc-config.yaml
index 038b767fcb..787f01409e 100644
--- a/exposures/configs/wgetrc-config.yaml
+++ b/exposures/configs/wgetrc-config.yaml
@@ -1,9 +1,15 @@
id: wgetrc-config
info:
- name: Wgetrc Configuration File Exposure
+ name: Wgetrc Configuration File - Detect
author: DhiyaneshDK
- severity: medium
+ severity: info
+ description: Wgetrc configuration file was detected.
+ reference: https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:".wgetrc"
@@ -31,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/02/24
diff --git a/exposures/configs/xprober-service.yaml b/exposures/configs/xprober-service.yaml
index 222da85829..918a329450 100644
--- a/exposures/configs/xprober-service.yaml
+++ b/exposures/configs/xprober-service.yaml
@@ -1,10 +1,16 @@
id: xprober-service
info:
- name: X Prober server information leakage
+ name: X Prober Server - Information Disclosure
author: pdteam
- severity: low
+ severity: medium
+ description: X Prober Server information disclosure was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
reference:
+ - https://github.com/kmvan/x-prober
- https://twitter.com/bugbounty_tips/status/1339984643517423616
tags: config,exposure
@@ -17,4 +23,6 @@ requests:
words:
- '"appName":"X Prober"'
- '<title>X Prober'
- condition: and
\ No newline at end of file
+ condition: and
+
+# Enhanced by cs on 2023/03/02
diff --git a/exposures/files/db-xml-file.yaml b/exposures/files/db-xml-file.yaml
index c0728ced52..a185ab63ec 100644
--- a/exposures/files/db-xml-file.yaml
+++ b/exposures/files/db-xml-file.yaml
@@ -1,9 +1,14 @@
id: db-xml-file
info:
- name: db.xml File Exposure
+ name: db.xml File - Detect
author: tess
severity: medium
+ description: db.xml file was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
tags: misconfig,db,files,exposure
@@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposures/files/dbeaver-database-connections.yaml b/exposures/files/dbeaver-database-connections.yaml
index 604d5843bd..9114c6492d 100644
--- a/exposures/files/dbeaver-database-connections.yaml
+++ b/exposures/files/dbeaver-database-connections.yaml
@@ -1,11 +1,16 @@
id: dbeaver-database-connections
info:
- name: DBeaver Database Connections
+ name: DBeaver Database Connections - Detect
author: geeknik
severity: info
+ description: DBeaver database connections were detected.
reference:
- https://dbeaver.com/docs/wiki/Admin-Manage-Connections/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
tags: dbeaver,files,exposure
@@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposures/files/jetbrains-webservers.yaml b/exposures/files/jetbrains-webservers.yaml
index 6fa54683ba..a5e54e2021 100644
--- a/exposures/files/jetbrains-webservers.yaml
+++ b/exposures/files/jetbrains-webservers.yaml
@@ -1,13 +1,17 @@
id: jetbrains-webservers
info:
- name: Jetbrains WebServers File Exposure
+ name: JetBrains WebServers File - Detect
author: geeknik
severity: info
description: |
- Created by Jetbrains IDEs, contains webserver credentials with encoded passwords.
+ JetBrains webservers file was detected. The file contains webserver credentials with encoded passwords.
reference:
- https://www.exploit-db.com/ghdb/6648
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
google-query: intitle:"index of" "WebServers.xml"
@@ -41,3 +45,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposures/files/redmine-config.yaml b/exposures/files/redmine-config.yaml
index 9982f94e25..0e724571e8 100644
--- a/exposures/files/redmine-config.yaml
+++ b/exposures/files/redmine-config.yaml
@@ -1,11 +1,16 @@
id: redmine-config
info:
- name: Redmine Configuration
+ name: Redmine Configuration File - Detect
author: DhiyaneshDK
severity: high
+ description: Redmine configuration file was detected.
reference:
- https://www.exploit-db.com/ghdb/5803
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
metadata:
verified: true
google-query: intitle:"index of" configuration.yml
@@ -40,3 +45,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposures/files/sensitive-storage-exposure.yaml b/exposures/files/sensitive-storage-exposure.yaml
index d09ef5ede8..2a7fe1bef9 100644
--- a/exposures/files/sensitive-storage-exposure.yaml
+++ b/exposures/files/sensitive-storage-exposure.yaml
@@ -1,12 +1,16 @@
id: sensitive-storage-data-expose
info:
- name: Sensitive Storage Data Exposed
+ name: Sensitive Storage Data - Detect
author: pussycat0x
severity: medium
- description: Searches for sensitive keys file,logs,debugbar,app.
+ description: A generic search for 'storage' in sensitive key files, file names, logs, etc., returned a match.
reference:
- https://www.exploit-db.com/ghdb/6304
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: expose,listing,config,logs,storage,edb,files
requests:
@@ -32,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposures/logs/fastcgi-echo.yaml b/exposures/logs/fastcgi-echo.yaml
index 157728e6a3..b578f56bc7 100644
--- a/exposures/logs/fastcgi-echo.yaml
+++ b/exposures/logs/fastcgi-echo.yaml
@@ -1,11 +1,12 @@
id: fastcgi-echo
info:
- name: Fastcgi Echo Endpoint Exposure
+ name: FastCGI Echo Endpoint Script - Detect
author: powerexploit
severity: info
description: |
- FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2) should be always removed or disabled in all Oracle Application Servers implementations as they can provide information at an attacker
+ FastCGI echo endpoint script was detected, which lists several kinds of sensitive information such as port numbers, server software versions, port numbers, and IP addresses.
+ remediation: Remove or disable FastCGI module delivered with the Apache httpd server which is incorporated into the Oracle Application Server.FastCGI echo programs (echo and echo2).
reference:
- https://www.exploit-db.com/ghdb/183
- https://www.integrigy.com/oracle-application-server-fastcgi-echo-vulnerability-reports
@@ -34,3 +35,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/exposures/logs/struts-problem-report.yaml b/exposures/logs/struts-problem-report.yaml
index 02ebea4e0f..56fc5debd2 100644
--- a/exposures/logs/struts-problem-report.yaml
+++ b/exposures/logs/struts-problem-report.yaml
@@ -1,9 +1,10 @@
id: struts-problem-report
info:
- name: Apache Struts in Dev Mode
+ name: Apache Struts Dev Mode - Detect
author: dhiyaneshDK
severity: low
+ description: Multiple Apache Struts applications were detected in dev-mode.
reference:
- https://www.exploit-db.com/ghdb/4278
tags: struts,debug,edb,exposure,apache
@@ -22,3 +23,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/07
diff --git a/fuzzing/iis-shortname.yaml b/fuzzing/iis-shortname.yaml
index 2d3752e7ec..c8707edc85 100644
--- a/fuzzing/iis-shortname.yaml
+++ b/fuzzing/iis-shortname.yaml
@@ -1,13 +1,18 @@
id: iis-shortname
info:
- name: iis-shortname
+ name: IIS - Short Name Detect
author: nodauf
severity: info
- description: When IIS uses an old .Net Framework it's possible to enumeration folder with the symbol ~.
+ description: A website running via IIS on an old .net framework contains a get request vulnerability. Using the the tilde character "~" in the request, an attacker can locate short names of files and folders not normally visible.
reference:
- https://github.com/lijiejie/IIS_shortname_Scanner
- https://www.exploit-db.com/exploits/19525
+ - http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: fuzz,edb
requests:
@@ -41,3 +46,5 @@ requests:
- type: dsl
dsl:
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
+
+# Enhanced by md on 2023/03/08
diff --git a/fuzzing/linux-lfi-fuzzing.yaml b/fuzzing/linux-lfi-fuzzing.yaml
index 9441661aa1..0b2831a98a 100644
--- a/fuzzing/linux-lfi-fuzzing.yaml
+++ b/fuzzing/linux-lfi-fuzzing.yaml
@@ -1,10 +1,14 @@
id: linux-lfi-fuzzing
info:
- name: Linux based LFI Fuzzing
+ name: Linux - Local File Inclusion Fuzzing
author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley
severity: high
- description: Fuzzes for /etc/passwd on passed URLs
+ description: Multiple fuzzes for /etc/passwd on passed URLs were conducted, leading to multiple instances of local file inclusion vulnerability.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
tags: linux,lfi,fuzz
requests:
@@ -38,3 +42,5 @@ requests:
regex:
- "root:.*:0:0:"
part: body
+
+# Enhanced by md on 2023/03/08
diff --git a/fuzzing/mdb-database-file.yaml b/fuzzing/mdb-database-file.yaml
index dbb0337b2f..a973311822 100644
--- a/fuzzing/mdb-database-file.yaml
+++ b/fuzzing/mdb-database-file.yaml
@@ -1,11 +1,16 @@
id: mdb-database-file
info:
- name: MDB database file leakage
+ name: Microsoft Access Database File - Detect
author: pdteam
severity: medium
+ description: Microsoft Access database file was detected.
reference:
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: fuzz,mdb,asp
requests:
@@ -37,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/headless/headless-open-redirect.yaml b/headless/headless-open-redirect.yaml
index f0a0803bb7..c1d1593659 100644
--- a/headless/headless-open-redirect.yaml
+++ b/headless/headless-open-redirect.yaml
@@ -1,14 +1,17 @@
id: headless-open-redirect
info:
- name: Open Redirect - Detection
+ name: Open Redirect - Detect
author: theamanrawat
- severity: low
+ severity: medium
description: |
- An open redirect vulnerability was detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+ An open redirect was detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cwe-id: CWE-601
tags: redirect,generic,headless
-
headless:
- steps:
- args:
@@ -119,3 +122,5 @@ headless:
- "evil.com"
- "Evil.Com - We get it...Daily."
condition: and
+
+# Enhanced by cs on 2023/03/10
diff --git a/iot/automation-direct.yaml b/iot/automation-direct.yaml
index ed148f02e8..75252aab0a 100644
--- a/iot/automation-direct.yaml
+++ b/iot/automation-direct.yaml
@@ -1,11 +1,16 @@
id: automation-direct
info:
- name: Automation Direct
+ name: AutomationDirect Panel - Detect
author: DhiyaneshDK
severity: info
+ description: AutomationDirect panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7295
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: http.title:"C-more -- the best HMI presented by AutomationDirect"
google-query: intitle:"C-more -- the best HMI presented by AutomationDirect"
@@ -32,3 +37,5 @@ requests:
group: 1
regex:
- '<P align="right">([A-Za-z. 0-9]+)<\/P>'
+
+# Enhanced by md on 2023/03/10
diff --git a/iot/codian-mcu-login.yaml b/iot/codian-mcu-login.yaml
index a4182c7a17..a64a2d41ec 100644
--- a/iot/codian-mcu-login.yaml
+++ b/iot/codian-mcu-login.yaml
@@ -1,11 +1,16 @@
id: codian-mcu-login
info:
- name: Codian MCU Login
+ name: Codian MCU Login Panel - Detect
author: dhiyaneshDK
severity: info
+ description: Codian MCU login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7404
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: http.title:"Codian MCU - Home page"
tags: iot,edb
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/iot/contacam.yaml b/iot/contacam.yaml
index e619a2c1f6..cefa193fc9 100644
--- a/iot/contacam.yaml
+++ b/iot/contacam.yaml
@@ -1,11 +1,16 @@
id: contacam
info:
- name: ContaCam
+ name: ContaCam Snapshot Images - Detect
author: dhiyaneshDk
- severity: low
+ severity: medium
+ description: ContaCam snapshot images were detected.
reference:
- https://www.exploit-db.com/ghdb/6831
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: edb,iot
requests:
@@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/iot/envision-gateway.yaml b/iot/envision-gateway.yaml
index f485d64668..3d8093ebe0 100644
--- a/iot/envision-gateway.yaml
+++ b/iot/envision-gateway.yaml
@@ -1,11 +1,16 @@
id: envision-gateway
info:
- name: EnvisionGateway
+ name: EnvisionGateway Scheduler Panel - Detect
author: dhiyaneshDK
- severity: low
+ severity: medium
+ description: EnvisionGateway scheduler panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7315
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: http.title:"EnvisionGateway"
tags: iot,edb
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/iot/heatmiser-wifi-thermostat.yaml b/iot/heatmiser-wifi-thermostat.yaml
index f3e08e52b8..4a4d6a927c 100644
--- a/iot/heatmiser-wifi-thermostat.yaml
+++ b/iot/heatmiser-wifi-thermostat.yaml
@@ -1,11 +1,16 @@
id: heatmiser-wifi-thermostat
info:
- name: Heatmiser Wifi Thermostat
+ name: Heatmiser Wifi Thermostat Panel - Detect
author: dhiyaneshDK
severity: info
+ description: Heatmiser Wifi Thermostat panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7445
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: http.title:"Heatmiser Wifi Thermostat"
tags: iot,edb
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/iot/hp-laserjet-detect.yaml b/iot/hp-laserjet-detect.yaml
index 7f25f1c30d..392fda7f99 100644
--- a/iot/hp-laserjet-detect.yaml
+++ b/iot/hp-laserjet-detect.yaml
@@ -1,9 +1,14 @@
id: hp-laserjet-detect
info:
- name: HP LaserJet
+ name: HP LaserJet Professional Panel - Detect
author: dhiyaneshDk
- severity: low
+ severity: info
+ description: HP LaserJet Professional panel was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
reference:
- https://www.exploit-db.com/ghdb/6459
tags: iot,edb
@@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/iot/internet-service.yaml b/iot/internet-service.yaml
index 98535dd837..fdbbfc97ab 100644
--- a/iot/internet-service.yaml
+++ b/iot/internet-service.yaml
@@ -1,12 +1,18 @@
id: internet-service
info:
- name: Internet Services
+ name: Fuji Xerox Internet Services Panel - Detect
author: dhiyaneshDK
- severity: low
+ severity: info
+ description: Fuji Xerox Internet Services panel was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
reference:
- https://www.exploit-db.com/ghdb/5948
- tags: iot,edb
+ - https://www.support.xerox.com/en-us/article/en/1852141
+ tags: iot,edb,panel
requests:
- method: GET
@@ -21,3 +27,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/iot/liveview-axis-camera.yaml b/iot/liveview-axis-camera.yaml
index adcd2e81fd..254c55f916 100644
--- a/iot/liveview-axis-camera.yaml
+++ b/iot/liveview-axis-camera.yaml
@@ -1,11 +1,16 @@
id: liveview-axis-camera
info:
- name: Live View AXIS Network Camera
+ name: AXIS Network Camera Live View - Detect
author: dhiyaneshDK,f1she3
severity: info
+ description: AXIS Network Camera live view was detected.
reference:
- https://www.exploit-db.com/ghdb/6843
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: axis,network,edb,iot
requests:
@@ -39,3 +44,5 @@ requests:
group: 1
regex:
- 'AXIS (.*) Network Camera'
+
+# Enhanced by md on 2023/03/08
diff --git a/iot/mobotix-guest-camera.yaml b/iot/mobotix-guest-camera.yaml
index f08fc3d0a2..8a946c9c52 100644
--- a/iot/mobotix-guest-camera.yaml
+++ b/iot/mobotix-guest-camera.yaml
@@ -1,11 +1,16 @@
id: mobotix-guest-camera
info:
- name: MOBOTIX Guest Camera
+ name: MOBOTIX Guest Camera Live View - Detect
author: dhiyaneshDK
severity: info
+ description: MOBOTIX Guest Camera live view was detected.
reference:
- https://www.exploit-db.com/ghdb/6848
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: iot,edb
requests:
@@ -20,3 +25,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/iot/netsurveillance-web.yaml b/iot/netsurveillance-web.yaml
index 91a96b646b..c70d3e443d 100644
--- a/iot/netsurveillance-web.yaml
+++ b/iot/netsurveillance-web.yaml
@@ -1,11 +1,16 @@
id: netsurveillance-web
info:
- name: NETSurveillance WEB
+ name: NETSurveillance Web Panel - Detect
author: DhiyaneshDK
severity: info
+ description: NETSurveillance Web panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7288
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: http.title:"NETSurveillance WEB"
google-query: intitle:"NETSurveillance WEB"
@@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/iot/panasonic-network-management.yaml b/iot/panasonic-network-management.yaml
index 148bed407d..943f069171 100644
--- a/iot/panasonic-network-management.yaml
+++ b/iot/panasonic-network-management.yaml
@@ -1,11 +1,16 @@
id: panasonic-network-management
info:
- name: Panasonic Network Camera Management System
+ name: Panasonic Network Camera Management System - Detect
author: dhiyaneshDk
severity: medium
+ description: Panasonic Network Camera Management System page with live views was detected.
reference:
- https://www.exploit-db.com/ghdb/6487
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: iot,camera,panasonic,edb
requests:
@@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/iot/webcamxp-5.yaml b/iot/webcamxp-5.yaml
index 689f299d7e..b680f77927 100644
--- a/iot/webcamxp-5.yaml
+++ b/iot/webcamxp-5.yaml
@@ -1,11 +1,16 @@
id: webcamxp-5
info:
- name: webcamXP 5
+ name: WebcamXP 5 Login Panel - Detect
author: dhiyaneshDK
severity: info
+ description: WebcamXP 5 login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7448
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
shodan-query: http.title:"webcamXP 5"
tags: iot,edb
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/misconfiguration/ace-admin-dashboard.yaml b/misconfiguration/ace-admin-dashboard.yaml
index 1e63d1d541..5dcad3fd04 100644
--- a/misconfiguration/ace-admin-dashboard.yaml
+++ b/misconfiguration/ace-admin-dashboard.yaml
@@ -1,9 +1,14 @@
id: ace-admin-dashboard
info:
- name: Ace Admin Dashboard Exposure
+ name: Ace Admin Dashboard - Detect
author: tess
severity: medium
+ description: Ace Admin dashboard page was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Dashboard - Ace Admin"
@@ -20,7 +25,7 @@ requests:
part: body
words:
- "Dashboard - Ace Admin"
- - "overview & stats"
+ - "overview & stats"
condition: and
- type: word
@@ -31,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/misconfiguration/aem/aem-childrenlist-xss.yaml b/misconfiguration/aem/aem-childrenlist-xss.yaml
index efbb28a5c9..f3b6f59bbd 100644
--- a/misconfiguration/aem/aem-childrenlist-xss.yaml
+++ b/misconfiguration/aem/aem-childrenlist-xss.yaml
@@ -1,11 +1,15 @@
id: aem-xss-childlist
info:
- name: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting
+ name: Adobe Experience Manager Childlist Selector - Cross-Site Scripting
author: theabhinavgaur
severity: medium
description: |
- Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser.
+ Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the childlist selector when a dispatcher does not respect the content type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 5.4
+ cwe-id: CWE-80
metadata:
verified: true
shodan-query:
@@ -13,7 +17,6 @@ info:
- http.component:"Adobe Experience Manager"
tags: xss,aem,adobe
-
requests:
- method: GET
path:
@@ -43,3 +46,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml b/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml
index 2eeded9ef0..ffcddd742e 100644
--- a/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml
+++ b/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml
@@ -1,12 +1,17 @@
id: akamai-s3-cache-poisoning
info:
- name: Akamai / S3 Cache Poisoning - Stored Cross-Site Scripting
+ name: Akamai/Amazon S3 - Cache Poisoning
author: DhiyaneshDk
- severity: high
+ severity: medium
+ description: Akamai/Amazon S3 expose a stored cross-site scripting vulnerability generated by cache poisoning capability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can further allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://web.archive.org/web/20230101082612/https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/
- https://owasp.org/www-community/attacks/Cache_Poisoning
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
+ cvss-score: 7.1
+ cwe-id: CWE-44
metadata:
verified: "true"
tags: cache,poisoning,generic,xss,akamai,s3
@@ -62,3 +67,5 @@ requests:
- 'contains(body_2, "alert(document.domain)")'
- 'status_code_2 == 200'
condition: and
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/aws-s3-explorer.yaml b/misconfiguration/aws-s3-explorer.yaml
index 0f14918cbb..fcad88ba55 100644
--- a/misconfiguration/aws-s3-explorer.yaml
+++ b/misconfiguration/aws-s3-explorer.yaml
@@ -1,11 +1,16 @@
id: aws-s3-explorer
info:
- name: AWS S3 Explorer
+ name: Amazon Web Services S3 Explorer - Detect
author: DhiyaneshDk
- severity: low
+ severity: medium
+ description: Amazon Web Services S3 Explorer page was detected. Page contains links to sensitive information.
reference:
- https://www.exploit-db.com/ghdb/7967
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
google-query: inurl:s3.amazonaws.com intitle:"AWS S3 Explorer"
@@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/cadvisor-exposure.yaml b/misconfiguration/cadvisor-exposure.yaml
index 3192e57d88..1043646feb 100644
--- a/misconfiguration/cadvisor-exposure.yaml
+++ b/misconfiguration/cadvisor-exposure.yaml
@@ -1,9 +1,14 @@
id: cadvisor-exposure
info:
- name: cAdvisor Exposure
+ name: cAdvisor - Detect
author: DhiyaneshDk
severity: medium
+ description: cAdvisor page was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"cAdvisor"
@@ -29,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/misconfiguration/exposed-jquery-file-upload.yaml b/misconfiguration/exposed-jquery-file-upload.yaml
index 3fd6eef982..59eb5341c6 100644
--- a/misconfiguration/exposed-jquery-file-upload.yaml
+++ b/misconfiguration/exposed-jquery-file-upload.yaml
@@ -1,11 +1,17 @@
id: exposed-jquery-file-upload
info:
- name: Exposed jQuery File Upload
+ name: BlueImp jQuery-File-Upload - Arbitrary File Upload
author: dhiyaneshDk
- severity: medium
+ severity: critical
+ description: BlueImp jQuery-File-Upload does not require validation to upload files to the server and does not exclude file types, which can lead to a remote code execution vulnerability.
reference:
- https://www.exploit-db.com/exploits/45584
+ - https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cwe-id: CWE-434
tags: exposure,jquery,edb
requests:
@@ -23,3 +29,5 @@ requests:
words:
- "text/plain"
part: header
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/ganglia-cluster-dashboard.yaml b/misconfiguration/ganglia-cluster-dashboard.yaml
index d54f368ca8..fb1d53ee3e 100644
--- a/misconfiguration/ganglia-cluster-dashboard.yaml
+++ b/misconfiguration/ganglia-cluster-dashboard.yaml
@@ -1,11 +1,11 @@
id: ganglia-cluster-dashboard
info:
- name: Ganglia Cluster Dashboard - Exposure
+ name: Ganglia Cluster Dashboard - Detect
author: ritikchaddha
severity: low
description: |
- It exposes the Ganglia cluster dashboard to the unauth users.
+ Ganglia Cluster dashboard was detected.
metadata:
verified: true
shodan-query: html:"ganglia_form.submit()"
@@ -28,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/08
diff --git a/misconfiguration/haproxy-status.yaml b/misconfiguration/haproxy-status.yaml
index 8b1e87464f..38edffb9c0 100644
--- a/misconfiguration/haproxy-status.yaml
+++ b/misconfiguration/haproxy-status.yaml
@@ -1,11 +1,16 @@
id: haproxy-status
info:
- name: HA Proxy Statistics
+ name: HAProxy Statistics Page - Detect
author: dhiyaneshDK
severity: medium
+ description: HAProxy statistics page was detected.
reference:
- https://www.exploit-db.com/ghdb/4191
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
tags: logs,haproxy,edb
requests:
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/10
diff --git a/misconfiguration/iot-vdme-simulator.yaml b/misconfiguration/iot-vdme-simulator.yaml
index 93e0a96f87..38921c9283 100644
--- a/misconfiguration/iot-vdme-simulator.yaml
+++ b/misconfiguration/iot-vdme-simulator.yaml
@@ -3,12 +3,12 @@ id: iot-vdme-simulator
info:
name: IoT vDME Simulator Panel - Detect
author: tess
- severity: low
+ severity: medium
description: |
loT vDME Simulator panel was detected. Exposure IoT vDME Simulator panel allows anonymous access to create new Items.
classification:
- cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
diff --git a/misconfiguration/jboss-status.yaml b/misconfiguration/jboss-status.yaml
index 8c6dd4ac44..baffd0d607 100644
--- a/misconfiguration/jboss-status.yaml
+++ b/misconfiguration/jboss-status.yaml
@@ -1,17 +1,27 @@
id: jboss-web-console
info:
- name: JBoss Management Console Server Information
+ name: JBoss Management Console Server Information Page - Detect
author: dhiyaneshDK
- severity: low
+ severity: info
+ description: JBoss Management Console server information page was detected.
reference:
- https://www.exploit-db.com/ghdb/5215
+ - https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/administration_and_configuration_guide/sect-the_management_console
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
+ metadata:
+ verified: true
+ google-query: inurl:/web-console/ServerInfo.jsp | inurl:/status?full=true
tags: jboss,unauth,edb
requests:
- method: GET
path:
- "{{BaseURL}}/web-console/ServerInfo.jsp"
+
matchers-condition: and
matchers:
- type: word
@@ -23,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/mobiproxy-dashboard.yaml b/misconfiguration/mobiproxy-dashboard.yaml
index a94e96097c..ad558c2cdb 100644
--- a/misconfiguration/mobiproxy-dashboard.yaml
+++ b/misconfiguration/mobiproxy-dashboard.yaml
@@ -1,9 +1,14 @@
id: mobiproxy-dashboard
info:
- name: MobiProxy Dashboard Exposure
+ name: MobiProxy Dashboard - Detect
author: tess
severity: medium
+ description: MobiProxy dashboard was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"MobiProxy"
@@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/10
diff --git a/misconfiguration/mongodb-exporter-metrics.yaml b/misconfiguration/mongodb-exporter-metrics.yaml
index 71da517b90..03f7315bdd 100644
--- a/misconfiguration/mongodb-exporter-metrics.yaml
+++ b/misconfiguration/mongodb-exporter-metrics.yaml
@@ -1,12 +1,19 @@
id: mongodb-exporter-metrics
info:
- name: Detect MongoDB Exporter
+ name: MongoDB Exporter - Detect
author: pussycat0x
- severity: low
+ severity: medium
+ description: MongoDB exporter was detected.
metadata:
verified: "true"
shodan-query: title:"MongoDB exporter"
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
+ reference:
+ - https://github.com/percona/mongodb_exporter
tags: mongodb,exposure,debug
requests:
@@ -31,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/ntopng-traffic-dashboard.yaml b/misconfiguration/ntopng-traffic-dashboard.yaml
index d90ad4f46d..e1a1785c69 100644
--- a/misconfiguration/ntopng-traffic-dashboard.yaml
+++ b/misconfiguration/ntopng-traffic-dashboard.yaml
@@ -1,9 +1,14 @@
id: ntopng-traffic-dashboard
info:
- name: ntopng - Traffic Dashboard
+ name: Ntopng Traffic Dashboard - Detect
author: theamanrawat
- severity: low
+ severity: medium
+ description: Ntopng traffic dashboard was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"ntopng - Traffic Dashboard"
@@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/oneinstack-control-center.yaml b/misconfiguration/oneinstack-control-center.yaml
index f58b8018b9..ce1a9feb6a 100644
--- a/misconfiguration/oneinstack-control-center.yaml
+++ b/misconfiguration/oneinstack-control-center.yaml
@@ -1,18 +1,22 @@
id: oneinstack-control-center
info:
- name: OneinStack Control Center Dashboard
+ name: OneinStack Control Center Dashboard - Detect
author: theabhinavgaur
- severity: low
+ severity: medium
description: |
- OneinStack is an open source project to setup web environment for the development of PHP/JAVA applications on CentOS, Ubuntu, RedHat.
+ OneinStack Control Center dashboard was detected.
reference:
- https://github.com/oneinstack/oneinstack
- https://oneinstack.com/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: "true"
shodan-query: http.title:"OneinStack"
- tags: misconfig,exposure,dashboard,oneinstack
+ tags: misconfig,exposure,panel,oneinstack
requests:
- method: GET
@@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml b/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml
index d9df6909f2..4bdbf15caa 100644
--- a/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml
+++ b/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml
@@ -1,12 +1,16 @@
id: openbmcs-secret-disclosure
info:
- name: OpenBMCS 2.4 Secrets Disclosure
+ name: OpenBMCS 2.4 - Information Disclosure
author: dhiyaneshDK
severity: high
- description: The application allows directory listing and information disclosure of some sensitive files that can allow an attacker to leverage the disclosed information and gain full BMS access
+ description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
reference:
- https://www.exploit-db.com/exploits/50671
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
metadata:
shodan-query: http.favicon.hash:1550906681
tags: misconfig,edb,openbmcs
@@ -27,3 +31,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/10
diff --git a/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml b/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml
index 8f8c9c25a8..54242c3a7f 100644
--- a/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml
+++ b/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml
@@ -1,10 +1,14 @@
id: pma-server-import
info:
- name: PhpMyAdmin Server Import
+ name: PhpMyAdmin Server Import Page - Detect
author: Cristi vlad (@cristivlad25)
severity: high
- description: Finds Unauthenticated PhpMyAdmin Server Import Pages.
+ description: Multiple phpMyAdmin server import pages were detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-200
tags: phpmyadmin,misconfig
requests:
@@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/10
diff --git a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
index c265d7b346..ca9327aa06 100644
--- a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
+++ b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
@@ -1,9 +1,14 @@
id: phpmyadmin-setup
info:
- name: Publicly Accessible Phpmyadmin Setup
+ name: PhpMyAdmin Setup File - Detect
author: sheikhrishad,thevillagehacker,Kr1shna4garwal,ArjunChandarana
severity: medium
+ description: Multiple phpMyAdmin setup files were detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"phpMyAdmin"
@@ -38,3 +43,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/10
diff --git a/misconfiguration/puppetdb-dashboard.yaml b/misconfiguration/puppetdb-dashboard.yaml
index f734d94756..4eb83cbd4c 100644
--- a/misconfiguration/puppetdb-dashboard.yaml
+++ b/misconfiguration/puppetdb-dashboard.yaml
@@ -1,9 +1,14 @@
id: puppetdb-dashboard
info:
- name: PuppetDB Dashboard Exposure
+ name: PuppetDB Dashboard - Detect
author: DhiyaneshDk
- severity: low
+ severity: info
+ description: PuppetDB dashboard was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: 'title:"PuppetDB: Dashboard"'
@@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/questdb-console.yaml b/misconfiguration/questdb-console.yaml
index 5102f7b70a..bcb8accdd6 100644
--- a/misconfiguration/questdb-console.yaml
+++ b/misconfiguration/questdb-console.yaml
@@ -1,9 +1,16 @@
id: questdb-console
info:
- name: QuestDB Console Exposure
+ name: QuestDB Console - Detect
author: tess
- severity: low
+ severity: medium
+ description: QuestDB console was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
+ reference:
+ - https://questdb.io/docs/develop/web-console/
metadata:
verified: true
shodan-query: title:"QuestDB ยท Console"
@@ -33,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/10
diff --git a/misconfiguration/rethinkdb-admin-console.yaml b/misconfiguration/rethinkdb-admin-console.yaml
index 1d6fd3d0e3..48a7a1faa5 100644
--- a/misconfiguration/rethinkdb-admin-console.yaml
+++ b/misconfiguration/rethinkdb-admin-console.yaml
@@ -1,9 +1,16 @@
id: rethinkdb-admin-console
info:
- name: RethinkDB Administration Console
+ name: RethinkDB Administration Console - Detect
author: tess
severity: medium
+ description: RethinkDB Administration Console was detected.
+ reference:
+ - https://rethinkdb.com/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:969374472
@@ -24,3 +31,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2023/03/14
diff --git a/misconfiguration/slurm-hpc-dashboard.yaml b/misconfiguration/slurm-hpc-dashboard.yaml
index d8ee687040..079351176d 100644
--- a/misconfiguration/slurm-hpc-dashboard.yaml
+++ b/misconfiguration/slurm-hpc-dashboard.yaml
@@ -3,9 +3,15 @@ id: slurm-hpc-dashboard
info:
name: Slurm HPC Dashboard - Detect
author: ritikchaddha
- severity: low
+ severity: medium
description: |
- It exposes the Slurm HPC dashboard to the unauth users.
+ Slurm HPC Dashboard was detected.
+ reference:
+ - https://grafana.com/grafana/dashboards/4323-slurm-dashboard/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Slurm HPC Dashboard"
@@ -27,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/17
diff --git a/misconfiguration/tcpconfig.yaml b/misconfiguration/tcpconfig.yaml
index 3ea0544410..f0e4790b43 100644
--- a/misconfiguration/tcpconfig.yaml
+++ b/misconfiguration/tcpconfig.yaml
@@ -1,10 +1,16 @@
id: tcpconfig
info:
- name: TCP Config Information Exposed
+ name: Rockwell Automation TCP/IP Configuration Information - Detect
author: dhiyaneshDK
- severity: low
+ severity: medium
+ description: TCP/IP configuration information was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
reference:
+ - https://www.rockwellautomation.com/
- https://www.exploit-db.com/ghdb/6782
tags: config,edb,logs
@@ -22,3 +28,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/17
diff --git a/misconfiguration/transmission-dashboard.yaml b/misconfiguration/transmission-dashboard.yaml
index f36ee8134b..64cc379f88 100644
--- a/misconfiguration/transmission-dashboard.yaml
+++ b/misconfiguration/transmission-dashboard.yaml
@@ -1,11 +1,16 @@
id: transmission-dashboard
info:
- name: Transmission Dashboard Exposure
+ name: Transmission Dashboard - Detect
author: fabaff
severity: medium
+ description: Transmission dashboard was detected.
reference:
- https://transmissionbt.com/
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Transmission Web Interface"
@@ -31,3 +36,5 @@ requests:
part: server
words:
- 'Transmission'
+
+# Enhanced by md on 2023/03/15
diff --git a/misconfiguration/ups-status.yaml b/misconfiguration/ups-status.yaml
index c4bf139637..3247f1525b 100644
--- a/misconfiguration/ups-status.yaml
+++ b/misconfiguration/ups-status.yaml
@@ -1,11 +1,17 @@
id: ups-status
info:
- name: Multimon UPS status page
+ name: APC UPC Multimon Status Page - Detect
author: dhiyaneshDK
- severity: low
+ severity: info
+ description: Multimon UPS status page was detected.
reference:
+ - http://www.apcupsd.org/
- https://www.exploit-db.com/ghdb/752
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: logs,status,edb
requests:
@@ -23,3 +29,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2023/03/17
diff --git a/network/cves/2011/CVE-2011-2523.yaml b/network/cves/2011/CVE-2011-2523.yaml
index 4e5b945a52..f577745605 100644
--- a/network/cves/2011/CVE-2011-2523.yaml
+++ b/network/cves/2011/CVE-2011-2523.yaml
@@ -19,7 +19,7 @@ info:
tags: cve,cve2011,network,vsftpd,ftp,backdoor
variables:
- cmd: "cat /etc/passwd" #shows the the user and group names and numeric IDs
+ cmd: "cat /etc/passwd" # shows the the user and group names and numeric IDs
network:
diff --git a/network/detection/mysql-detect.yaml b/network/detection/mysql-detect.yaml
index b3d4b26aa7..9d9b23b7d7 100644
--- a/network/detection/mysql-detect.yaml
+++ b/network/detection/mysql-detect.yaml
@@ -1,27 +1,33 @@
-id: mysql-detect
-
-info:
- name: Mysql Detection
- author: pussycat0x
- severity: info
- description: |
- MySQL is a tool used to manage databases and servers, so while it's not a database, it's widely used in relation to managing and organising data in databases.
- metadata:
- verified: true
- shodan-query: product:"MySQL"
- tags: network,mysql,db
-
-network:
- - inputs:
- - data: "\n"
-
- host:
- - "{{Hostname}}"
- - "{{Host}}:3306"
-
- matchers:
- - type: word
- part: body
- words:
- - "mysql"
- case-insensitive: true
+id: mysql-detect
+
+info:
+ name: MySQL - Detect
+ author: pussycat0x
+ severity: info
+ description: |
+ MySQL instance was detected.
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
+ metadata:
+ verified: true
+ shodan-query: product:"MySQL"
+ tags: network,mysql,db
+
+network:
+ - inputs:
+ - data: "\n"
+
+ host:
+ - "{{Hostname}}"
+ - "{{Host}}:3306"
+
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "mysql"
+ case-insensitive: true
+
+# Enhanced by md on 2023/03/15
diff --git a/network/detection/pgsql-detect.yaml b/network/detection/pgsql-detect.yaml
index b3b377e0b6..209287080c 100644
--- a/network/detection/pgsql-detect.yaml
+++ b/network/detection/pgsql-detect.yaml
@@ -1,39 +1,45 @@
-id: pgsql-detect
-
-info:
- name: Postgresql Detection
- author: nybble04
- severity: info
- description: |
- PostgreSQL, also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
- reference:
- - https://www.postgresql.org/docs/current/errcodes-appendix.html
- - https://www.postgresql.org/docs/current/client-authentication-problems.html
- metadata:
- verified: true
- shodan-query: port:5432 product:"PostgreSQL"
- tags: network,postgresql,db
-
-network:
- - inputs:
- - data: "000000500003000075736572006e75636c6569006461746162617365006e75636c6569006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000"
- type: hex
- - data: "7000000036534352414d2d5348412d32353600000000206e2c2c6e3d2c723d000000000000000000000000000000000000000000000000"
- type: hex
-
- host:
- - "{{Hostname}}"
- - "{{Host}}:5432"
- read-size: 2048
-
- matchers:
- - type: word
- part: body
- words:
- - "28000" # Error code for invalid_authorization_specification
- - "28P01" # Error code for invalid_password
- - "SCRAM-SHA-256" # Authentication prompt
- - "pg_hba.conf" # Client authentication config file
- - "user \"nuclei\"" # The user nuclei (sent in request) doesn't exist
- - "database \"nuclei\"" # The db nuclei (sent in request) doesn't exist"
- condition: or
+id: pgsql-detect
+
+info:
+ name: PostgreSQL Authentication - Detect
+ author: nybble04
+ severity: info
+ description: |
+ PostgreSQL authentication error messages which could reveal information useful in formulating further attacks were detected.
+ reference:
+ - https://www.postgresql.org/docs/current/errcodes-appendix.html
+ - https://www.postgresql.org/docs/current/client-authentication-problems.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
+ metadata:
+ verified: true
+ shodan-query: port:5432 product:"PostgreSQL"
+ tags: network,postgresql,db
+
+network:
+ - inputs:
+ - data: "000000500003000075736572006e75636c6569006461746162617365006e75636c6569006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000"
+ type: hex
+ - data: "7000000036534352414d2d5348412d32353600000000206e2c2c6e3d2c723d000000000000000000000000000000000000000000000000"
+ type: hex
+
+ host:
+ - "{{Hostname}}"
+ - "{{Host}}:5432"
+ read-size: 2048
+
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "28000" # Error code for invalid_authorization_specification
+ - "28P01" # Error code for invalid_password
+ - "SCRAM-SHA-256" # Authentication prompt
+ - "pg_hba.conf" # Client authentication config file
+ - "user \"nuclei\"" # The user nuclei (sent in request) doesn't exist
+ - "database \"nuclei\"" # The db nuclei (sent in request) doesn't exist"
+ condition: or
+
+# Enhanced by md on 2023/03/15
diff --git a/network/enumeration/mongodb-info-enum.yaml b/network/enumeration/mongodb-info-enum.yaml
index 7e9a050b36..6b8e2d52ab 100644
--- a/network/enumeration/mongodb-info-enum.yaml
+++ b/network/enumeration/mongodb-info-enum.yaml
@@ -1,13 +1,17 @@
id: mongodb-info-enum
info:
- name: MongoDB Information Enumeration
+ name: MongoDB Information - Detect
author: pussycat0x
severity: info
description: |
- MongoDB is an open source NoSQL database management program. NoSQL is used as an alternative to traditional relational databases.
+ MongoDB build and server information was detected.
reference:
- https://nmap.org/nsedoc/scripts/mongodb-info.html
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
metadata:
verified: "true"
shodan-query: mongodb server information
@@ -35,3 +39,5 @@ network:
- type: regex
regex:
- "([A-Za-z:0-9.]+)"
+
+# Enhanced by md on 2023/03/15
diff --git a/osint/flipboard.yaml b/osint/flipboard.yaml
index b78e2eba14..dfc87d600c 100644
--- a/osint/flipboard.yaml
+++ b/osint/flipboard.yaml
@@ -3,8 +3,8 @@ id: flipboard
info:
name: Flipboard User Name Information - Detect
author: dwisiswant0
- description: Flipboard user name information check was conducted.
severity: info
+ description: Flipboard user name information check was conducted.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
@@ -27,3 +27,5 @@ requests:
part: body
words:
- ") on Flipboard"
+
+# Enhanced by md on 2023/03/15
diff --git a/osint/mod-db.yaml b/osint/mod-db.yaml
index d4b6a131be..1c56ae9360 100644
--- a/osint/mod-db.yaml
+++ b/osint/mod-db.yaml
@@ -3,8 +3,8 @@ id: mod-db
info:
name: Mod DB User Name Information - Detect
author: dwisiswant0
- description: Mod DB user name information check was conducted.
severity: info
+ description: Mod DB user name information check was conducted.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
@@ -27,3 +27,5 @@ requests:
part: body
words:
- "joined