Merge pull request #231 from dwisiswant0/fix-false-positives

Fix from False-positive Results
2020-07-11 03:33:19 +05:30 · 2020-07-11 03:33:19 +05:30 · 292197f823
parent de35ddc8a5 d634b2710c
commit 292197f823
5 changed files with 30 additions and 12 deletions
--- a/cves/CVE-2018-19439.yaml
+++ b/cves/CVE-2018-19439.yaml
@ -2,7 +2,7 @@ id: CVE-2018-19439

 info:
  name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
-  author: madrobot
+  author: madrobot & dwisiswant0
  severity: high

 requests:
@ -12,5 +12,5 @@ requests:
    matchers:
      - type: word
        words:
-          - "<script>alert(1337)</script>"
+          - "<script>alert(1337)</script><!--</TITLE>"
        part: body
--- a/cves/CVE-2018-5230.yaml
+++ b/cves/CVE-2018-5230.yaml
@ -16,5 +16,5 @@ requests:
          - 200
      - type: word
        words:
-          - "javascript:alert(1337)"
+          - "SRC=\"javascript:alert(1337)\">"
        part: body
--- a/cves/CVE-2020-8512.yaml
+++ b/cves/CVE-2020-8512.yaml
@ -2,7 +2,7 @@ id: CVE-2020-8512

 info:
  name: IceWarp WebMail XSS
-  author: pdnuclei
+  author: pdnuclei & dwisiswant0
  severity: medium

 # source:- https://www.exploit-db.com/exploits/47988
@ -13,9 +13,12 @@ requests:
    path:
      - '{{BaseURL}}/webmail/?color="><svg/onload=alert(document.domain)>"'
      - '{{BaseURL}}:32000/webmail/?color="><svg/onload=alert(document.domain)>"'
-
+    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "<svg/onload=alert(document.domain)>"
+          - "<svg/onload=alert(document.domain)>\"\">"
        part: body
+      - type: status
+        status:
+          - 200
--- a/files/jolokia.yaml
+++ b/files/jolokia.yaml
@ -1,8 +1,8 @@
-id: jolokia instance
+id: jolokia-instance

 info:
  name: Jolokia Version Disclosure
-  author: mavericknerd
+  author: mavericknerd & dwisiswant0
  severity: low

 requests:
@ -14,7 +14,10 @@ requests:
    matchers:
      - type: word
        words:
+          - '"timestamp":'
+          - '"protocol":'
          - '"agent":'
+        condition: and
      - type: status
        status:
          - 200
--- a/panels/docker-api.yaml
+++ b/panels/docker-api.yaml
@ -2,16 +2,28 @@ id: exposed-docker-api

 info:
  name: Exposed Docker API
-  author: furkansenan
+  author: furkansenan & dwisiswant0
  severity: informative

 requests:
  - method: GET
    path:
-      - '{{BaseURL}}:2376/version'
+      - "http://{{Hostname}}/version"
+      - "http://{{Hostname}}:2376/version"
+      - "http://{{Hostname}}/v1.24/version"
+      - "http://{{Hostname}}:2376/v1.24/version"
+    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "Version"
-          - "Docker"
+          - "application/json"
+        part: header
+      - type: word
+        words:
+          - "KernelVersion"
+          - "BuildTime"
+        condition: and
        part: body
+      - type: status
+        status:
+          - 200