From 27a039a70cd3e6b299d648da4792f5035bc2e564 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 12 May 2022 19:48:36 +0530 Subject: [PATCH] Update metadata query (#4350) * Update adobe-component-login.yaml * Update cold-fusion-cfcache-map.yaml * Update unpatched-coldfusion.yaml * Update coldfusion-debug-xss.yaml * Update CVE-2020-11978.yaml * Update CVE-2020-13927.yaml * Update CVE-2021-38540.yaml * Update CVE-2021-44451.yaml * Update CVE-2022-24288.yaml * Update airflow-debug.yaml * Update airflow-detect.yaml * Update CVE-2010-0219.yaml * Update apache-axis-detect.yaml * Update CVE-2020-11991.yaml * Update apache-cocoon-detect.yaml * Update CVE-2021-21402.yaml * Update jellyfin-detect.yaml * Update CVE-2021-21402.yaml * Update CVE-2021-21402.yaml * Update ecology-arbitrary-file-upload.yaml * Update ecology-v8-sqli.yaml * Update ecology-syncuserinfo-sqli.yaml * Update ecology-filedownload-directory-traversal.yaml * Update CNVD-2021-15822.yaml * Update dedecms-carbuyaction-fileinclude.yaml * Update dedecms-openredirect.yaml * Update tamronos-rce.yaml * Update natshell-path-traversal.yaml --- cnvd/2021/CNVD-2021-15822.yaml | 4 ++++ cves/2010/CVE-2010-0219.yaml | 2 ++ cves/2020/CVE-2020-11978.yaml | 3 +++ cves/2020/CVE-2020-11991.yaml | 2 ++ cves/2020/CVE-2020-13927.yaml | 3 +++ cves/2021/CVE-2021-21402.yaml | 6 +++++- cves/2021/CVE-2021-38540.yaml | 1 + cves/2021/CVE-2021-44451.yaml | 3 +++ cves/2022/CVE-2022-24288.yaml | 3 ++- exposed-panels/adobe/adobe-component-login.yaml | 2 ++ exposures/files/cold-fusion-cfcache-map.yaml | 2 ++ miscellaneous/unpatched-coldfusion.yaml | 2 ++ misconfiguration/airflow/airflow-debug.yaml | 3 +++ technologies/apache/airflow-detect.yaml | 3 +++ technologies/apache/apache-axis-detect.yaml | 3 +++ technologies/apache/apache-cocoon-detect.yaml | 2 ++ technologies/jellyfin-detect.yaml | 3 +++ vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml | 2 ++ vulnerabilities/other/coldfusion-debug-xss.yaml | 2 ++ vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml | 3 +++ vulnerabilities/other/dedecms-openredirect.yaml | 3 +++ .../other/ecology-filedownload-directory-traversal.yaml | 2 ++ vulnerabilities/other/ecology-syncuserinfo-sqli.yaml | 2 ++ vulnerabilities/other/ecology-v8-sqli.yaml | 2 ++ vulnerabilities/other/natshell-path-traversal.yaml | 2 ++ vulnerabilities/other/tamronos-rce.yaml | 4 ++++ 26 files changed, 67 insertions(+), 2 deletions(-) diff --git a/cnvd/2021/CNVD-2021-15822.yaml b/cnvd/2021/CNVD-2021-15822.yaml index 3b7e2d8d1a..02ff83b22e 100644 --- a/cnvd/2021/CNVD-2021-15822.yaml +++ b/cnvd/2021/CNVD-2021-15822.yaml @@ -6,6 +6,10 @@ info: severity: high reference: - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog + metadata: + verified: true + shodan-query: title:"ShopXO企业级B2C电商系统提供商" + fofa-query: app="ShopXO企业级B2C电商系统提供商" tags: shopxo,lfi,cnvd,cnvd2021 requests: diff --git a/cves/2010/CVE-2010-0219.yaml b/cves/2010/CVE-2010-0219.yaml index 6a9de7c6a1..271add009d 100644 --- a/cves/2010/CVE-2010-0219.yaml +++ b/cves/2010/CVE-2010-0219.yaml @@ -10,6 +10,8 @@ info: - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html classification: cve-id: CVE-2010-0219 + metadata: + shodan-query: http.html:"Apache Axis" tags: cve,cve2010,axis,apache,default-login,axis2 requests: diff --git a/cves/2020/CVE-2020-11978.yaml b/cves/2020/CVE-2020-11978.yaml index f441486273..133d10f1d7 100644 --- a/cves/2020/CVE-2020-11978.yaml +++ b/cves/2020/CVE-2020-11978.yaml @@ -16,6 +16,9 @@ info: cvss-score: 8.8 cve-id: CVE-2020-11978 cwe-id: CWE-77 + metadata: + verified: true + shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs" tags: cve,cve2020,apache,airflow,rce requests: diff --git a/cves/2020/CVE-2020-11991.yaml b/cves/2020/CVE-2020-11991.yaml index b3849d5665..9269ec11d1 100644 --- a/cves/2020/CVE-2020-11991.yaml +++ b/cves/2020/CVE-2020-11991.yaml @@ -15,6 +15,8 @@ info: cve-id: CVE-2020-11991 cwe-id: CWE-611 remediation: Upgrade to Apache Cocoon 2.1.13 or later. + metadata: + shodan-query: http.html:"Apache Cocoon" tags: cve,cve2020,apache,xml,cocoon,xxe requests: diff --git a/cves/2020/CVE-2020-13927.yaml b/cves/2020/CVE-2020-13927.yaml index d1445f9393..a7725bab88 100644 --- a/cves/2020/CVE-2020-13927.yaml +++ b/cves/2020/CVE-2020-13927.yaml @@ -14,6 +14,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13927 + metadata: + verified: true + shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" tags: cve,cve2020,apache,airflow,unauth requests: diff --git a/cves/2021/CVE-2021-21402.yaml b/cves/2021/CVE-2021-21402.yaml index a920a2285e..4070ee9ee1 100644 --- a/cves/2021/CVE-2021-21402.yaml +++ b/cves/2021/CVE-2021-21402.yaml @@ -15,6 +15,10 @@ info: cvss-score: 6.5 cve-id: CVE-2021-21402 cwe-id: CWE-22 + metadata: + verified: true + shodan-query: http.html:"Jellyfin" + fofa-query: title="Jellyfin" || body="http://jellyfin.media" tags: cve,cve2021,jellyfin,lfi requests: @@ -34,4 +38,4 @@ requests: - type: regex regex: - "\\[(font|extension|file)s\\]" - part: body \ No newline at end of file + part: body diff --git a/cves/2021/CVE-2021-38540.yaml b/cves/2021/CVE-2021-38540.yaml index 4d9d7ce135..8677ab8904 100644 --- a/cves/2021/CVE-2021-38540.yaml +++ b/cves/2021/CVE-2021-38540.yaml @@ -14,6 +14,7 @@ info: cve-id: CVE-2021-38540 cwe-id: CWE-306 metadata: + verified: true shodan-query: title:"Sign In - Airflow" tags: cve,cve2021,apache,airflow,rce diff --git a/cves/2021/CVE-2021-44451.yaml b/cves/2021/CVE-2021-44451.yaml index 73771af543..6590c06d92 100644 --- a/cves/2021/CVE-2021-44451.yaml +++ b/cves/2021/CVE-2021-44451.yaml @@ -11,6 +11,9 @@ info: classification: cve-id: CVE-2021-44451 remediation: Users should upgrade to Apache Superset 1.4.0 or higher. + metadata: + verified: true + shodan-query: title:"Superset" tags: cve,cve2021,apache,superset,default-login requests: diff --git a/cves/2022/CVE-2022-24288.yaml b/cves/2022/CVE-2022-24288.yaml index c064aa1d73..c42fd51b97 100644 --- a/cves/2022/CVE-2022-24288.yaml +++ b/cves/2022/CVE-2022-24288.yaml @@ -15,7 +15,8 @@ info: cve-id: CVE-2022-24288 cwe-id: CWE-78 metadata: - shodan-query: title:"Airflow - DAGs" + verified: true + shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" tags: cve,cve2022,airflow,rce requests: diff --git a/exposed-panels/adobe/adobe-component-login.yaml b/exposed-panels/adobe/adobe-component-login.yaml index 9ef09b99d8..1d46e94118 100644 --- a/exposed-panels/adobe/adobe-component-login.yaml +++ b/exposed-panels/adobe/adobe-component-login.yaml @@ -9,6 +9,8 @@ info: - https://www.exploit-db.com/ghdb/6846 classification: cwe-id: CWE-200 + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: panel,adobe,coldfusion requests: diff --git a/exposures/files/cold-fusion-cfcache-map.yaml b/exposures/files/cold-fusion-cfcache-map.yaml index 1839ab4677..4a421602b6 100644 --- a/exposures/files/cold-fusion-cfcache-map.yaml +++ b/exposures/files/cold-fusion-cfcache-map.yaml @@ -6,6 +6,8 @@ info: severity: low reference: - https://securiteam.com/windowsntfocus/5bp081f0ac/ + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: exposure,coldfusion,adobe requests: diff --git a/miscellaneous/unpatched-coldfusion.yaml b/miscellaneous/unpatched-coldfusion.yaml index 8d9c45d578..0c40b8b99c 100644 --- a/miscellaneous/unpatched-coldfusion.yaml +++ b/miscellaneous/unpatched-coldfusion.yaml @@ -7,6 +7,8 @@ info: reference: - https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html - https://twitter.com/Daviey/status/1374070630283415558 + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: rce,adobe,misc,coldfusion requests: diff --git a/misconfiguration/airflow/airflow-debug.yaml b/misconfiguration/airflow/airflow-debug.yaml index dc6f4a4a58..7e88c457d2 100644 --- a/misconfiguration/airflow/airflow-debug.yaml +++ b/misconfiguration/airflow/airflow-debug.yaml @@ -4,6 +4,9 @@ info: name: Airflow Debug Trace author: pdteam severity: low + metadata: + verified: true + shodan-query: title:"Airflow - DAGs" tags: apache,airflow,fpd requests: diff --git a/technologies/apache/airflow-detect.yaml b/technologies/apache/airflow-detect.yaml index 5306691e5b..2d90657154 100644 --- a/technologies/apache/airflow-detect.yaml +++ b/technologies/apache/airflow-detect.yaml @@ -4,6 +4,9 @@ info: name: Apache Airflow author: pdteam severity: info + metadata: + verified: true + shodan-query: http.html:"Apache Airflow" tags: tech,apache,airflow requests: diff --git a/technologies/apache/apache-axis-detect.yaml b/technologies/apache/apache-axis-detect.yaml index b5b574a7b5..6f4d1ee697 100644 --- a/technologies/apache/apache-axis-detect.yaml +++ b/technologies/apache/apache-axis-detect.yaml @@ -5,6 +5,9 @@ info: author: dogasantos severity: info description: Axis and Axis2 detection + metadata: + verified: true + shodan-query: http.html:"Apache Axis" tags: tech,axis2,middleware,apache requests: diff --git a/technologies/apache/apache-cocoon-detect.yaml b/technologies/apache/apache-cocoon-detect.yaml index 36202e3229..d9155b9c2f 100644 --- a/technologies/apache/apache-cocoon-detect.yaml +++ b/technologies/apache/apache-cocoon-detect.yaml @@ -5,6 +5,8 @@ info: author: ffffffff0x severity: info metadata: + verified: true + shodan-query: http.html:"Apache Cocoon" fofa-query: app="APACHE-Cocoon" tags: apache,cocoon,tech diff --git a/technologies/jellyfin-detect.yaml b/technologies/jellyfin-detect.yaml index 9b31eaed43..226bdb95ce 100644 --- a/technologies/jellyfin-detect.yaml +++ b/technologies/jellyfin-detect.yaml @@ -4,6 +4,9 @@ info: name: Jellyfin detected author: dwisiswant0 severity: info + metadata: + verified: true + shodan-query: http.html:"Jellyfin" tags: tech,jellyfin requests: diff --git a/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml b/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml index f941cc707b..1b96e89056 100644 --- a/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml +++ b/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml @@ -6,6 +6,8 @@ info: severity: medium reference: - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,upload,fileupload,intrusive requests: diff --git a/vulnerabilities/other/coldfusion-debug-xss.yaml b/vulnerabilities/other/coldfusion-debug-xss.yaml index ec093ae5c6..4de60288e2 100644 --- a/vulnerabilities/other/coldfusion-debug-xss.yaml +++ b/vulnerabilities/other/coldfusion-debug-xss.yaml @@ -7,6 +7,8 @@ info: description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site. reference: - https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: adobe,coldfusion,xss requests: diff --git a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml index 41e0ebeeb0..72d4198957 100644 --- a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml +++ b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml @@ -7,6 +7,9 @@ info: description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter. reference: - https://www.cnblogs.com/milantgh/p/3615986.html + metadata: + verified: true + shodan-query: http.html:"power by dedecms" || title:"dedecms" tags: dedecms requests: diff --git a/vulnerabilities/other/dedecms-openredirect.yaml b/vulnerabilities/other/dedecms-openredirect.yaml index 08d6f16cb7..689d98efa2 100644 --- a/vulnerabilities/other/dedecms-openredirect.yaml +++ b/vulnerabilities/other/dedecms-openredirect.yaml @@ -6,6 +6,9 @@ info: severity: low reference: - https://blog.csdn.net/ystyaoshengting/article/details/82734888 + metadata: + verified: true + shodan-query: http.html:"power by dedecms" || title:"dedecms" tags: dedecms,redirect requests: diff --git a/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml b/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml index f063f98b29..61101d9fa7 100644 --- a/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml +++ b/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml @@ -4,6 +4,8 @@ info: name: Ecology Directory Traversal author: princechaddha severity: medium + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,lfi requests: diff --git a/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml b/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml index 81aecd13f1..7039f82f5c 100644 --- a/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml +++ b/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml @@ -6,6 +6,8 @@ info: severity: high reference: - https://www.weaver.com.cn/ + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,sqli requests: diff --git a/vulnerabilities/other/ecology-v8-sqli.yaml b/vulnerabilities/other/ecology-v8-sqli.yaml index 4b23314522..5279e14a6f 100644 --- a/vulnerabilities/other/ecology-v8-sqli.yaml +++ b/vulnerabilities/other/ecology-v8-sqli.yaml @@ -6,6 +6,8 @@ info: severity: high reference: - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,sqli requests: diff --git a/vulnerabilities/other/natshell-path-traversal.yaml b/vulnerabilities/other/natshell-path-traversal.yaml index f0e47959f9..629dd6eec9 100644 --- a/vulnerabilities/other/natshell-path-traversal.yaml +++ b/vulnerabilities/other/natshell-path-traversal.yaml @@ -6,6 +6,8 @@ info: severity: high reference: - https://mp.weixin.qq.com/s/g4YNI6UBqIQcKL0TRkKWlw + metadata: + fofa-query: title="蓝海卓越计费管理系统" tags: natshell,lfi requests: diff --git a/vulnerabilities/other/tamronos-rce.yaml b/vulnerabilities/other/tamronos-rce.yaml index 417bbba2a3..2b473e957c 100644 --- a/vulnerabilities/other/tamronos-rce.yaml +++ b/vulnerabilities/other/tamronos-rce.yaml @@ -6,6 +6,10 @@ info: severity: critical reference: - https://twitter.com/sec715/status/1405336456923471874 + metadata: + verified: true + shodan-query: title:"TamronOS IPTV系统" + fofa-query: title="TamronOS IPTV系统" tags: tamronos,rce requests: