Update metadata query (#4350)

* Update adobe-component-login.yaml * Update cold-fusion-cfcache-map.yaml * Update unpatched-coldfusion.yaml * Update coldfusion-debug-xss.yaml * Update CVE-2020-11978.yaml * Update CVE-2020-13927.yaml * Update CVE-2021-38540.yaml * Update CVE-2021-44451.yaml * Update CVE-2022-24288.yaml * Update airflow-debug.yaml * Update airflow-detect.yaml * Update CVE-2010-0219.yaml * Update apache-axis-detect.yaml * Update CVE-2020-11991.yaml * Update apache-cocoon-detect.yaml * Update CVE-2021-21402.yaml * Update jellyfin-detect.yaml * Update CVE-2021-21402.yaml * Update CVE-2021-21402.yaml * Update ecology-arbitrary-file-upload.yaml * Update ecology-v8-sqli.yaml * Update ecology-syncuserinfo-sqli.yaml * Update ecology-filedownload-directory-traversal.yaml * Update CNVD-2021-15822.yaml * Update dedecms-carbuyaction-fileinclude.yaml * Update dedecms-openredirect.yaml * Update tamronos-rce.yaml * Update natshell-path-traversal.yaml
2022-05-12 19:48:36 +05:30 · 2022-05-12 19:48:36 +05:30 · 27a039a70c
parent f24abcdb51
commit 27a039a70c
26 changed files with 67 additions and 2 deletions
--- a/cnvd/2021/CNVD-2021-15822.yaml
+++ b/cnvd/2021/CNVD-2021-15822.yaml
@ -6,6 +6,10 @@ info:
  severity: high
  reference:
    - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
+  metadata:
+    verified: true
+    shodan-query: title:"ShopXO企业级B2C电商系统提供商"
+    fofa-query: app="ShopXO企业级B2C电商系统提供商"
  tags: shopxo,lfi,cnvd,cnvd2021

 requests:
--- a/cves/2010/CVE-2010-0219.yaml
+++ b/cves/2010/CVE-2010-0219.yaml
@ -10,6 +10,8 @@ info:
    - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
  classification:
    cve-id: CVE-2010-0219
+  metadata:
+    shodan-query: http.html:"Apache Axis"
  tags: cve,cve2010,axis,apache,default-login,axis2

 requests:
--- a/cves/2020/CVE-2020-11978.yaml
+++ b/cves/2020/CVE-2020-11978.yaml
@ -16,6 +16,9 @@ info:
    cvss-score: 8.8
    cve-id: CVE-2020-11978
    cwe-id: CWE-77
+  metadata:
+    verified: true
+    shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
  tags: cve,cve2020,apache,airflow,rce

 requests:
--- a/cves/2020/CVE-2020-11991.yaml
+++ b/cves/2020/CVE-2020-11991.yaml
@ -15,6 +15,8 @@ info:
    cve-id: CVE-2020-11991
    cwe-id: CWE-611
  remediation: Upgrade to Apache Cocoon 2.1.13 or later.
+  metadata:
+    shodan-query: http.html:"Apache Cocoon"
  tags: cve,cve2020,apache,xml,cocoon,xxe

 requests:
--- a/cves/2020/CVE-2020-13927.yaml
+++ b/cves/2020/CVE-2020-13927.yaml
@ -14,6 +14,9 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-13927
+  metadata:
+    verified: true
+    shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
  tags: cve,cve2020,apache,airflow,unauth

 requests:
--- a/cves/2021/CVE-2021-21402.yaml
+++ b/cves/2021/CVE-2021-21402.yaml
@ -15,6 +15,10 @@ info:
    cvss-score: 6.5
    cve-id: CVE-2021-21402
    cwe-id: CWE-22
+  metadata:
+    verified: true
+    shodan-query: http.html:"Jellyfin"
+    fofa-query: title="Jellyfin" || body="http://jellyfin.media"
  tags: cve,cve2021,jellyfin,lfi

 requests:
@ -34,4 +38,4 @@ requests:
      - type: regex
        regex:
          - "\\[(font|extension|file)s\\]"
-        part: body
+        part: body
--- a/cves/2021/CVE-2021-38540.yaml
+++ b/cves/2021/CVE-2021-38540.yaml
@ -14,6 +14,7 @@ info:
    cve-id: CVE-2021-38540
    cwe-id: CWE-306
  metadata:
+    verified: true
    shodan-query: title:"Sign In - Airflow"
  tags: cve,cve2021,apache,airflow,rce

--- a/cves/2021/CVE-2021-44451.yaml
+++ b/cves/2021/CVE-2021-44451.yaml
@ -11,6 +11,9 @@ info:
  classification:
    cve-id: CVE-2021-44451
  remediation: Users should upgrade to Apache Superset 1.4.0 or higher.
+  metadata:
+    verified: true
+    shodan-query: title:"Superset"
  tags: cve,cve2021,apache,superset,default-login

 requests:
--- a/cves/2022/CVE-2022-24288.yaml
+++ b/cves/2022/CVE-2022-24288.yaml
@ -15,7 +15,8 @@ info:
    cve-id: CVE-2022-24288
    cwe-id: CWE-78
  metadata:
-    shodan-query: title:"Airflow - DAGs"
+    verified: true
+    shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
  tags: cve,cve2022,airflow,rce

 requests:
--- a/exposed-panels/adobe/adobe-component-login.yaml
+++ b/exposed-panels/adobe/adobe-component-login.yaml
@ -9,6 +9,8 @@ info:
    - https://www.exploit-db.com/ghdb/6846
  classification:
    cwe-id: CWE-200
+  metadata:
+    shodan-query: http.component:"Adobe ColdFusion"
  tags: panel,adobe,coldfusion

 requests:
--- a/exposures/files/cold-fusion-cfcache-map.yaml
+++ b/exposures/files/cold-fusion-cfcache-map.yaml
@ -6,6 +6,8 @@ info:
  severity: low
  reference:
    - https://securiteam.com/windowsntfocus/5bp081f0ac/
+  metadata:
+    shodan-query: http.component:"Adobe ColdFusion"
  tags: exposure,coldfusion,adobe

 requests:
--- a/miscellaneous/unpatched-coldfusion.yaml
+++ b/miscellaneous/unpatched-coldfusion.yaml
@ -7,6 +7,8 @@ info:
  reference:
    - https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
    - https://twitter.com/Daviey/status/1374070630283415558
+  metadata:
+    shodan-query: http.component:"Adobe ColdFusion"
  tags: rce,adobe,misc,coldfusion

 requests:
--- a/misconfiguration/airflow/airflow-debug.yaml
+++ b/misconfiguration/airflow/airflow-debug.yaml
@ -4,6 +4,9 @@ info:
  name: Airflow Debug Trace
  author: pdteam
  severity: low
+  metadata:
+    verified: true
+    shodan-query: title:"Airflow - DAGs"
  tags: apache,airflow,fpd

 requests:
--- a/technologies/apache/airflow-detect.yaml
+++ b/technologies/apache/airflow-detect.yaml
@ -4,6 +4,9 @@ info:
  name: Apache Airflow
  author: pdteam
  severity: info
+  metadata:
+    verified: true
+    shodan-query: http.html:"Apache Airflow"
  tags: tech,apache,airflow

 requests:
--- a/technologies/apache/apache-axis-detect.yaml
+++ b/technologies/apache/apache-axis-detect.yaml
@ -5,6 +5,9 @@ info:
  author: dogasantos
  severity: info
  description: Axis and Axis2 detection
+  metadata:
+    verified: true
+    shodan-query: http.html:"Apache Axis"
  tags: tech,axis2,middleware,apache

 requests:
--- a/technologies/apache/apache-cocoon-detect.yaml
+++ b/technologies/apache/apache-cocoon-detect.yaml
@ -5,6 +5,8 @@ info:
  author: ffffffff0x
  severity: info
  metadata:
+    verified: true
+    shodan-query: http.html:"Apache Cocoon"
    fofa-query: app="APACHE-Cocoon"
  tags: apache,cocoon,tech

--- a/technologies/jellyfin-detect.yaml
+++ b/technologies/jellyfin-detect.yaml
@ -4,6 +4,9 @@ info:
  name: Jellyfin detected
  author: dwisiswant0
  severity: info
+  metadata:
+    verified: true
+    shodan-query: http.html:"Jellyfin"
  tags: tech,jellyfin

 requests:
--- a/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml
+++ b/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  reference:
    - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
+  metadata:
+    fofa-query: app="泛微-协同办公OA"
  tags: ecology,upload,fileupload,intrusive

 requests:
--- a/vulnerabilities/other/coldfusion-debug-xss.yaml
+++ b/vulnerabilities/other/coldfusion-debug-xss.yaml
@ -7,6 +7,8 @@ info:
  description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site.
  reference:
    - https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml
+  metadata:
+    shodan-query: http.component:"Adobe ColdFusion"
  tags: adobe,coldfusion,xss

 requests:
--- a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml
+++ b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml
@ -7,6 +7,9 @@ info:
  description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter.
  reference:
    - https://www.cnblogs.com/milantgh/p/3615986.html
+  metadata:
+    verified: true
+    shodan-query: http.html:"power by dedecms" || title:"dedecms"
  tags: dedecms

 requests:
--- a/vulnerabilities/other/dedecms-openredirect.yaml
+++ b/vulnerabilities/other/dedecms-openredirect.yaml
@ -6,6 +6,9 @@ info:
  severity: low
  reference:
    - https://blog.csdn.net/ystyaoshengting/article/details/82734888
+  metadata:
+    verified: true
+    shodan-query: http.html:"power by dedecms" || title:"dedecms"
  tags: dedecms,redirect

 requests:
--- a/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml
+++ b/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml
@ -4,6 +4,8 @@ info:
  name: Ecology Directory Traversal
  author: princechaddha
  severity: medium
+  metadata:
+    fofa-query: app="泛微-协同办公OA"
  tags: ecology,lfi

 requests:
--- a/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml
+++ b/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  reference:
    - https://www.weaver.com.cn/
+  metadata:
+    fofa-query: app="泛微-协同办公OA"
  tags: ecology,sqli

 requests:
--- a/vulnerabilities/other/ecology-v8-sqli.yaml
+++ b/vulnerabilities/other/ecology-v8-sqli.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
+  metadata:
+    fofa-query: app="泛微-协同办公OA"
  tags: ecology,sqli

 requests:
--- a/vulnerabilities/other/natshell-path-traversal.yaml
+++ b/vulnerabilities/other/natshell-path-traversal.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  reference:
    - https://mp.weixin.qq.com/s/g4YNI6UBqIQcKL0TRkKWlw
+  metadata:
+    fofa-query: title="蓝海卓越计费管理系统"
  tags: natshell,lfi

 requests:
--- a/vulnerabilities/other/tamronos-rce.yaml
+++ b/vulnerabilities/other/tamronos-rce.yaml
@ -6,6 +6,10 @@ info:
  severity: critical
  reference:
    - https://twitter.com/sec715/status/1405336456923471874
+  metadata:
+    verified: true
+    shodan-query: title:"TamronOS IPTV系统"
+    fofa-query: title="TamronOS IPTV系统"
  tags: tamronos,rce

 requests: