From 33badb66d116333fcce3ef9115ce4e4803e96f5c Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 19 Oct 2021 02:10:26 +0530 Subject: [PATCH] oob tags update --- cves/2014/CVE-2014-4210.yaml | 2 +- cves/2015/CVE-2015-7450.yaml | 2 +- cves/2015/CVE-2015-8813.yaml | 2 +- cves/2017/CVE-2017-10271.yaml | 2 +- cves/2017/CVE-2017-12629.yaml | 2 +- cves/2017/CVE-2017-18638.yaml | 2 +- cves/2017/CVE-2017-3506.yaml | 2 +- cves/2017/CVE-2017-9506.yaml | 2 +- cves/2018/CVE-2018-1000600.yaml | 2 +- cves/2018/CVE-2018-10818.yaml | 2 +- cves/2018/CVE-2018-15517.yaml | 2 +- cves/2018/CVE-2018-16167.yaml | 2 +- cves/2019/CVE-2019-0193.yaml | 2 +- cves/2019/CVE-2019-17558.yaml | 2 +- cves/2019/CVE-2019-18394.yaml | 2 +- cves/2019/CVE-2019-2616.yaml | 2 +- cves/2019/CVE-2019-2767.yaml | 2 +- cves/2019/CVE-2019-8451.yaml | 2 +- cves/2020/CVE-2020-10770.yaml | 2 +- cves/2020/CVE-2020-13117.yaml | 2 +- cves/2020/CVE-2020-25223.yaml | 2 +- cves/2020/CVE-2020-25506.yaml | 2 +- cves/2020/CVE-2020-26919.yaml | 2 +- cves/2020/CVE-2020-28188.yaml | 2 +- cves/2020/CVE-2020-28871.yaml | 2 +- cves/2020/CVE-2020-28976.yaml | 2 +- cves/2020/CVE-2020-35713.yaml | 2 +- cves/2020/CVE-2020-6308.yaml | 2 +- cves/2020/CVE-2020-7247.yaml | 2 +- cves/2020/CVE-2020-7796.yaml | 2 +- cves/2020/CVE-2020-8813.yaml | 2 +- cves/2021/CVE-2021-1497.yaml | 2 +- cves/2021/CVE-2021-1498.yaml | 2 +- cves/2021/CVE-2021-21287.yaml | 2 +- cves/2021/CVE-2021-22214.yaml | 2 +- cves/2021/CVE-2021-24472.yaml | 2 +- cves/2021/CVE-2021-26855.yaml | 2 +- cves/2021/CVE-2021-31755.yaml | 2 +- cves/2021/CVE-2021-32305.yaml | 2 +- cves/2021/CVE-2021-32819.yaml | 2 +- cves/2021/CVE-2021-33357.yaml | 2 +- cves/2021/CVE-2021-33544.yaml | 2 +- cves/2021/CVE-2021-3577.yaml | 2 +- cves/2021/CVE-2021-36380.yaml | 2 +- cves/2021/CVE-2021-40438.yaml | 2 +- iot/targa-camera-ssrf.yaml | 2 +- misconfiguration/cloudflare-image-ssrf.yaml | 2 +- misconfiguration/linkerd-ssrf-detect.yaml | 2 +- misconfiguration/ssrf-via-oauth-misconfig.yaml | 2 +- vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml | 2 +- vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml | 2 +- vulnerabilities/generic/oob-header-based-interaction.yaml | 2 +- vulnerabilities/generic/oob-param-based-interaction.yaml | 2 +- vulnerabilities/generic/request-based-interaction.yaml | 2 +- vulnerabilities/other/hashicorp-consul-rce.yaml | 2 +- vulnerabilities/other/mirai-unknown-rce.yaml | 2 +- vulnerabilities/other/netgear-wnap320-rce.yaml | 2 +- vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml | 2 +- vulnerabilities/other/sar2html-rce.yaml | 2 +- vulnerabilities/other/visual-tools-dvr-rce.yaml | 2 +- vulnerabilities/other/zimbra-preauth-ssrf.yaml | 2 +- vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml | 2 +- 69 files changed, 69 insertions(+), 69 deletions(-) diff --git a/cves/2014/CVE-2014-4210.yaml b/cves/2014/CVE-2014-4210.yaml index df8ec6f136..96c90f1486 100644 --- a/cves/2014/CVE-2014-4210.yaml +++ b/cves/2014/CVE-2014-4210.yaml @@ -4,7 +4,7 @@ info: name: Weblogic SSRF in SearchPublicRegistries.jsp author: princechaddha severity: medium - tags: cve,cve2014,weblogic,oracle,ssrf,oob + tags: cve,cve2014,weblogic,oracle,ssrf,oast reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml index 04918de4f0..8f542a5c14 100644 --- a/cves/2015/CVE-2015-7450.yaml +++ b/cves/2015/CVE-2015-7450.yaml @@ -9,7 +9,7 @@ info: - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - tags: cve,cve2015,websphere,deserialization,rce,oob + tags: cve,cve2015,websphere,deserialization,rce,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2015/CVE-2015-8813.yaml b/cves/2015/CVE-2015-8813.yaml index d9b0c56e21..2651aa807d 100644 --- a/cves/2015/CVE-2015-8813.yaml +++ b/cves/2015/CVE-2015-8813.yaml @@ -8,7 +8,7 @@ info: reference: - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 - tags: cve,cve2015,ssrf,oob + tags: cve,cve2015,ssrf,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N cvss-score: 8.20 diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml index 16be3163ce..86a37f5d34 100644 --- a/cves/2017/CVE-2017-10271.yaml +++ b/cves/2017/CVE-2017-10271.yaml @@ -8,7 +8,7 @@ info: reference: - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - tags: cve,cve2017,rce,oracle,weblogic,oob + tags: cve,cve2017,rce,oracle,weblogic,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.50 diff --git a/cves/2017/CVE-2017-12629.yaml b/cves/2017/CVE-2017-12629.yaml index 653122ae26..bcfeceeb5f 100644 --- a/cves/2017/CVE-2017-12629.yaml +++ b/cves/2017/CVE-2017-12629.yaml @@ -4,7 +4,7 @@ info: name: Apache Solr <= 7.1 XML entity injection author: dwisiswant0 severity: critical - tags: cve,cve2017,solr,apache,oob,xxe + tags: cve,cve2017,solr,apache,oast,xxe reference: - https://nvd.nist.gov/vuln/detail/CVE-2017-12629 - https://twitter.com/honoki/status/1298636315613974532 diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml index 8c240d1426..47bbe28842 100644 --- a/cves/2017/CVE-2017-18638.yaml +++ b/cves/2017/CVE-2017-18638.yaml @@ -10,7 +10,7 @@ info: - https://github.com/graphite-project/graphite-web/issues/2008 - https://github.com/advisories/GHSA-vfj6-275q-4pvm - https://nvd.nist.gov/vuln/detail/CVE-2017-18638 - tags: cve,cve2017,graphite,ssrf,oob + tags: cve,cve2017,graphite,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 diff --git a/cves/2017/CVE-2017-3506.yaml b/cves/2017/CVE-2017-3506.yaml index 0e0bff68e3..b19b9142da 100644 --- a/cves/2017/CVE-2017-3506.yaml +++ b/cves/2017/CVE-2017-3506.yaml @@ -5,7 +5,7 @@ info: author: pdteam description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. severity: high - tags: cve,cve2017,weblogic,oracle,rce,oob + tags: cve,cve2017,weblogic,oracle,rce,oast reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 diff --git a/cves/2017/CVE-2017-9506.yaml b/cves/2017/CVE-2017-9506.yaml index d97ed4f5c8..a76d387e75 100644 --- a/cves/2017/CVE-2017-9506.yaml +++ b/cves/2017/CVE-2017-9506.yaml @@ -9,7 +9,7 @@ info: - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - https://ecosystem.atlassian.net/browse/OAUTH-344 - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 - tags: cve,cve2017,atlassian,jira,ssrf,oob + tags: cve,cve2017,atlassian,jira,ssrf,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 diff --git a/cves/2018/CVE-2018-1000600.yaml b/cves/2018/CVE-2018-1000600.yaml index b244248f80..e87764fc8b 100644 --- a/cves/2018/CVE-2018-1000600.yaml +++ b/cves/2018/CVE-2018-1000600.yaml @@ -8,7 +8,7 @@ info: - https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/ author: geeknik severity: high - tags: cve,cve2018,jenkins,ssrf,oob + tags: cve,cve2018,jenkins,ssrf,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.80 diff --git a/cves/2018/CVE-2018-10818.yaml b/cves/2018/CVE-2018-10818.yaml index f134dc0cba..154d5bc397 100644 --- a/cves/2018/CVE-2018-10818.yaml +++ b/cves/2018/CVE-2018-10818.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247 - tags: cve,cve2018,lg-nas,rce,oob + tags: cve,cve2018,lg-nas,rce,oast requests: - raw: diff --git a/cves/2018/CVE-2018-15517.yaml b/cves/2018/CVE-2018-15517.yaml index ffe7f7ad24..a6c7089cc6 100644 --- a/cves/2018/CVE-2018-15517.yaml +++ b/cves/2018/CVE-2018-15517.yaml @@ -7,7 +7,7 @@ info: - http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt author: gy741 severity: high - tags: cve,cve2018,dlink,ssrf,oob + tags: cve,cve2018,dlink,ssrf,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N cvss-score: 8.60 diff --git a/cves/2018/CVE-2018-16167.yaml b/cves/2018/CVE-2018-16167.yaml index da711614f9..905c2aa927 100644 --- a/cves/2018/CVE-2018-16167.yaml +++ b/cves/2018/CVE-2018-16167.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.exploit-db.com/exploits/49918 - https://nvd.nist.gov/vuln/detail/CVE-2018-16167 - tags: cve,cve2018,logontracer,rce,oob + tags: cve,cve2018,logontracer,rce,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2019/CVE-2019-0193.yaml b/cves/2019/CVE-2019-0193.yaml index 84af6836bc..9290b55d0a 100644 --- a/cves/2019/CVE-2019-0193.yaml +++ b/cves/2019/CVE-2019-0193.yaml @@ -9,7 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-0193 - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193 - https://paper.seebug.org/1009/ - tags: cve,cve2019,apache,rce,solr,oob + tags: cve,cve2019,apache,rce,solr,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.20 diff --git a/cves/2019/CVE-2019-17558.yaml b/cves/2019/CVE-2019-17558.yaml index dc6c7b9786..836b3efbdf 100644 --- a/cves/2019/CVE-2019-17558.yaml +++ b/cves/2019/CVE-2019-17558.yaml @@ -4,7 +4,7 @@ info: author: pikpikcu,madrobot severity: high reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17558 - tags: cve,cve2019,apache,rce,solr,oob + tags: cve,cve2019,apache,rce,solr,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.50 diff --git a/cves/2019/CVE-2019-18394.yaml b/cves/2019/CVE-2019-18394.yaml index 3c50ca751a..c50b26350b 100644 --- a/cves/2019/CVE-2019-18394.yaml +++ b/cves/2019/CVE-2019-18394.yaml @@ -8,7 +8,7 @@ info: reference: - https://swarm.ptsecurity.com/openfire-admin-console/ - https://github.com/igniterealtime/Openfire/pull/1497 - tags: cve,cve2019,ssrf,openfire,oob + tags: cve,cve2019,ssrf,openfire,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2019/CVE-2019-2616.yaml b/cves/2019/CVE-2019-2616.yaml index e8c42482e2..cc8c1eda41 100644 --- a/cves/2019/CVE-2019-2616.yaml +++ b/cves/2019/CVE-2019-2616.yaml @@ -8,7 +8,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-2616 - https://www.exploit-db.com/exploits/46729 - tags: cve,cve2019,oracle,xxe,oob + tags: cve,cve2019,oracle,xxe,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.20 diff --git a/cves/2019/CVE-2019-2767.yaml b/cves/2019/CVE-2019-2767.yaml index 48d47fda95..bf1dcb703f 100644 --- a/cves/2019/CVE-2019-2767.yaml +++ b/cves/2019/CVE-2019-2767.yaml @@ -8,7 +8,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-2767 - https://www.exploit-db.com/exploits/46729 - tags: cve,cve2019,oracle,xxe,oob + tags: cve,cve2019,oracle,xxe,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.20 diff --git a/cves/2019/CVE-2019-8451.yaml b/cves/2019/CVE-2019-8451.yaml index 7fe324b099..9233fe022b 100644 --- a/cves/2019/CVE-2019-8451.yaml +++ b/cves/2019/CVE-2019-8451.yaml @@ -9,7 +9,7 @@ info: - https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in - https://jira.atlassian.com/browse/JRASERVER-69793 - https://hackerone.com/reports/713900 - tags: cve,cve2019,atlassian,jira,ssrf,oob + tags: cve,cve2019,atlassian,jira,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.50 diff --git a/cves/2020/CVE-2020-10770.yaml b/cves/2020/CVE-2020-10770.yaml index f43f476f60..6e92956a36 100644 --- a/cves/2020/CVE-2020-10770.yaml +++ b/cves/2020/CVE-2020-10770.yaml @@ -14,7 +14,7 @@ info: cvss-score: 5.30 cve-id: CVE-2020-10770 cwe-id: CWE-601 - tags: keycloak,ssrf,oob,cve,cve2020 + tags: keycloak,ssrf,oast,cve,cve2020 requests: - method: GET diff --git a/cves/2020/CVE-2020-13117.yaml b/cves/2020/CVE-2020-13117.yaml index 481f68259a..98efc7ace5 100644 --- a/cves/2020/CVE-2020-13117.yaml +++ b/cves/2020/CVE-2020-13117.yaml @@ -7,7 +7,7 @@ info: description: Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected. reference: - https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html - tags: cve,cve2020,wavlink,rce,oob + tags: cve,cve2020,wavlink,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-25223.yaml b/cves/2020/CVE-2020-25223.yaml index adcb65ac0a..3e1e320fe2 100644 --- a/cves/2020/CVE-2020-25223.yaml +++ b/cves/2020/CVE-2020-25223.yaml @@ -7,7 +7,7 @@ info: description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 reference: - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223 - tags: cve,cve2020,sophos,rce,oob + tags: cve,cve2020,sophos,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml index 2ee12a9f60..d70e43e555 100644 --- a/cves/2020/CVE-2020-25506.yaml +++ b/cves/2020/CVE-2020-25506.yaml @@ -8,7 +8,7 @@ info: reference: - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - tags: cve,cve2020,dlink,rce,oob + tags: cve,cve2020,dlink,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index 18174b37ea..a57eaa9237 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -8,7 +8,7 @@ info: reference: - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - tags: cve,cve2020,netgear,rce,oob + tags: cve,cve2020,netgear,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-28188.yaml b/cves/2020/CVE-2020-28188.yaml index 45c1ee460a..e0b08965cd 100644 --- a/cves/2020/CVE-2020-28188.yaml +++ b/cves/2020/CVE-2020-28188.yaml @@ -9,7 +9,7 @@ info: - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ - tags: cve,cve2020,terramaster,rce,oob + tags: cve,cve2020,terramaster,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-28871.yaml b/cves/2020/CVE-2020-28871.yaml index d8708d874c..8520809f13 100644 --- a/cves/2020/CVE-2020-28871.yaml +++ b/cves/2020/CVE-2020-28871.yaml @@ -9,7 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-28871 - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - https://www.exploit-db.com/exploits/48980 - tags: cve,cve2020,monitorr,rce,oob + tags: cve,cve2020,monitorr,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml index a271437130..4e6105c4ea 100644 --- a/cves/2020/CVE-2020-28976.yaml +++ b/cves/2020/CVE-2020-28976.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.exploit-db.com/exploits/49189 - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 - tags: cve,cve2020,ssrf,wordpress,wp-plugin,oob + tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.30 diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml index fd466fe1a3..36714819c0 100644 --- a/cves/2020/CVE-2020-35713.yaml +++ b/cves/2020/CVE-2020-35713.yaml @@ -6,7 +6,7 @@ info: severity: critical reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. - tags: cve,cve2020,linksys,rce,oob,router + tags: cve,cve2020,linksys,rce,oast,router classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-6308.yaml b/cves/2020/CVE-2020-6308.yaml index 7ff8dd8f94..bb51b3b39a 100644 --- a/cves/2020/CVE-2020-6308.yaml +++ b/cves/2020/CVE-2020-6308.yaml @@ -5,7 +5,7 @@ info: author: madrobot severity: medium reference: https://github.com/InitRoot/CVE-2020-6308-PoC - tags: cve,cve2020,sap,ssrf,oob + tags: cve,cve2020,sap,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.30 diff --git a/cves/2020/CVE-2020-7247.yaml b/cves/2020/CVE-2020-7247.yaml index f570b6ab86..28d754aeab 100644 --- a/cves/2020/CVE-2020-7247.yaml +++ b/cves/2020/CVE-2020-7247.yaml @@ -4,7 +4,7 @@ info: author: princechaddha severity: critical reference: https://www.openwall.com/lists/oss-security/2020/01/28/3 - tags: cve,cve2020,smtp,opensmtpd,network,rce,oob + tags: cve,cve2020,smtp,opensmtpd,network,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-7796.yaml b/cves/2020/CVE-2020-7796.yaml index 3c7e70486f..bf0dae4846 100644 --- a/cves/2020/CVE-2020-7796.yaml +++ b/cves/2020/CVE-2020-7796.yaml @@ -7,7 +7,7 @@ info: description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. reference: - https://www.adminxe.com/2183.html - tags: cve,cve2020,zimbra,ssrf,oob + tags: cve,cve2020,zimbra,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2020/CVE-2020-8813.yaml b/cves/2020/CVE-2020-8813.yaml index 988906da9e..d8ab5f4114 100644 --- a/cves/2020/CVE-2020-8813.yaml +++ b/cves/2020/CVE-2020-8813.yaml @@ -7,7 +7,7 @@ info: description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability reference: - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ - tags: cve,cve2020,cacti,rce,oob + tags: cve,cve2020,cacti,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.80 diff --git a/cves/2021/CVE-2021-1497.yaml b/cves/2021/CVE-2021-1497.yaml index 229fe664bb..d7e5339d49 100644 --- a/cves/2021/CVE-2021-1497.yaml +++ b/cves/2021/CVE-2021-1497.yaml @@ -13,7 +13,7 @@ info: - https://twitter.com/ptswarm/status/1390300625129201664 - https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution - https://github.com/EdgeSecurityTeam/Vulnerability/blob/c0af411de9adb82826303c5b05a0d766fb553f28/Cisco%20HyperFlex%20HX%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-1497-CVE-2021-1498%EF%BC%89.md - tags: cve,cve2021,cisco,rce,oob + tags: cve,cve2021,cisco,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-1498.yaml b/cves/2021/CVE-2021-1498.yaml index f10fa4fa4c..52551ed30c 100644 --- a/cves/2021/CVE-2021-1498.yaml +++ b/cves/2021/CVE-2021-1498.yaml @@ -13,7 +13,7 @@ info: - https://twitter.com/ptswarm/status/1390300625129201664 - https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution - https://github.com/EdgeSecurityTeam/Vulnerability/blob/c0af411de9adb82826303c5b05a0d766fb553f28/Cisco%20HyperFlex%20HX%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-1497-CVE-2021-1498%EF%BC%89.md - tags: cve,cve2021,cisco,rce,oob + tags: cve,cve2021,cisco,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml index 0758519bac..0a31bb7afe 100644 --- a/cves/2021/CVE-2021-21287.yaml +++ b/cves/2021/CVE-2021-21287.yaml @@ -9,7 +9,7 @@ info: - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html - https://nvd.nist.gov/vuln/detail/CVE-2021-21287 - tags: cve,cve2021,minio,ssrf,oob + tags: cve,cve2021,minio,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N cvss-score: 7.70 diff --git a/cves/2021/CVE-2021-22214.yaml b/cves/2021/CVE-2021-22214.yaml index f1fcc89ba3..7560be89b8 100644 --- a/cves/2021/CVE-2021-22214.yaml +++ b/cves/2021/CVE-2021-22214.yaml @@ -9,7 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-22214 - https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html - https://docs.gitlab.com/ee/api/lint.html - tags: cve,cve2021,gitlab,ssrf,oob + tags: cve,cve2021,gitlab,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.60 diff --git a/cves/2021/CVE-2021-24472.yaml b/cves/2021/CVE-2021-24472.yaml index 634ca3ad27..de4805ad65 100644 --- a/cves/2021/CVE-2021-24472.yaml +++ b/cves/2021/CVE-2021-24472.yaml @@ -6,7 +6,7 @@ info: description: The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. severity: critical reference: https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a - tags: cve,cve2021,wordpress,lfi,ssrf,oob + tags: cve,cve2021,wordpress,lfi,ssrf,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml index f2b5e87856..657ae33b97 100644 --- a/cves/2021/CVE-2021-26855.yaml +++ b/cves/2021/CVE-2021-26855.yaml @@ -6,7 +6,7 @@ info: severity: critical description: | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. - tags: cve,cve2021,ssrf,rce,exchange,oob,microsoft + tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft reference: - https://proxylogon.com/#timeline - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml index 66ef428473..016d7dfa7b 100644 --- a/cves/2021/CVE-2021-31755.yaml +++ b/cves/2021/CVE-2021-31755.yaml @@ -8,7 +8,7 @@ info: reference: - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai - tags: cve,cve2021,tenda,rce,oob + tags: cve,cve2021,tenda,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-32305.yaml b/cves/2021/CVE-2021-32305.yaml index c85b8eac3a..abf78bb0bb 100644 --- a/cves/2021/CVE-2021-32305.yaml +++ b/cves/2021/CVE-2021-32305.yaml @@ -8,7 +8,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-32305 - https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html - tags: cve,cve2021,websvn,rce,oob + tags: cve,cve2021,websvn,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-32819.yaml b/cves/2021/CVE-2021-32819.yaml index 455e65993d..46ba6e1c2d 100644 --- a/cves/2021/CVE-2021-32819.yaml +++ b/cves/2021/CVE-2021-32819.yaml @@ -12,7 +12,7 @@ info: - https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/ - https://www.linuxlz.com/aqld/2331.html - https://blog.diefunction.io/vulnerabilities/ghsl-2021-023 - tags: cve,cve2021,nodejs,rce,oob + tags: cve,cve2021,nodejs,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.80 diff --git a/cves/2021/CVE-2021-33357.yaml b/cves/2021/CVE-2021-33357.yaml index 6a55383739..962a422282 100644 --- a/cves/2021/CVE-2021-33357.yaml +++ b/cves/2021/CVE-2021-33357.yaml @@ -10,7 +10,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-33357 - https://github.com/RaspAP/raspap-webgui description: RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. - tags: cve,cve2021,rce,raspap,oob + tags: cve,cve2021,rce,raspap,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-33544.yaml b/cves/2021/CVE-2021-33544.yaml index 6337242a45..07f4a2f151 100644 --- a/cves/2021/CVE-2021-33544.yaml +++ b/cves/2021/CVE-2021-33544.yaml @@ -7,7 +7,7 @@ info: severity: high reference: - https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/ - tags: cve,cve2021,geutebruck,rce,oob + tags: cve,cve2021,geutebruck,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.20 diff --git a/cves/2021/CVE-2021-3577.yaml b/cves/2021/CVE-2021-3577.yaml index df563b47c3..17f750ee26 100644 --- a/cves/2021/CVE-2021-3577.yaml +++ b/cves/2021/CVE-2021-3577.yaml @@ -13,7 +13,7 @@ info: cvss-score: 9.80 cve-id: CVE-2021-3577 cwe-id: CWE-78 - tags: cve,cve2021,rce,oob,motorola,iot + tags: cve,cve2021,rce,oast,motorola,iot requests: - raw: diff --git a/cves/2021/CVE-2021-36380.yaml b/cves/2021/CVE-2021-36380.yaml index afdeff9e10..25a1785fc2 100644 --- a/cves/2021/CVE-2021-36380.yaml +++ b/cves/2021/CVE-2021-36380.yaml @@ -7,7 +7,7 @@ info: severity: critical reference: - https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/ - tags: cve,cve2021,sureline,rce,oob + tags: cve,cve2021,sureline,rce,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2021/CVE-2021-40438.yaml b/cves/2021/CVE-2021-40438.yaml index 8c7d545c22..51d98bbad2 100644 --- a/cves/2021/CVE-2021-40438.yaml +++ b/cves/2021/CVE-2021-40438.yaml @@ -9,7 +9,7 @@ info: - https://firzen.de/building-a-poc-for-cve-2021-40438 - https://httpd.apache.org/security/vulnerabilities_24.html - https://nvd.nist.gov/vuln/detail/CVE-2021-40438 - tags: cve,cve2021,ssrf,apache,mod-proxy,oob + tags: cve,cve2021,ssrf,apache,mod-proxy,oast classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.00 diff --git a/iot/targa-camera-ssrf.yaml b/iot/targa-camera-ssrf.yaml index 774cf2a690..994b19128d 100644 --- a/iot/targa-camera-ssrf.yaml +++ b/iot/targa-camera-ssrf.yaml @@ -6,7 +6,7 @@ info: severity: high description: Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php - tags: targa,ssrf,oob,iot + tags: targa,ssrf,oast,iot requests: - raw: diff --git a/misconfiguration/cloudflare-image-ssrf.yaml b/misconfiguration/cloudflare-image-ssrf.yaml index 8ab2ad1a4c..2674cd7f60 100644 --- a/misconfiguration/cloudflare-image-ssrf.yaml +++ b/misconfiguration/cloudflare-image-ssrf.yaml @@ -6,7 +6,7 @@ info: severity: info description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin. reference: https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684 - tags: cloudflare,misconfig,oob + tags: cloudflare,misconfig,oast requests: - raw: diff --git a/misconfiguration/linkerd-ssrf-detect.yaml b/misconfiguration/linkerd-ssrf-detect.yaml index 2eff47e123..5daa74204e 100644 --- a/misconfiguration/linkerd-ssrf-detect.yaml +++ b/misconfiguration/linkerd-ssrf-detect.yaml @@ -4,7 +4,7 @@ info: name: Linkerd SSRF detection author: dudez severity: high - tags: ssrf,linkerd,oob + tags: ssrf,linkerd,oast reference: https://twitter.com/nirvana_msu/status/1084144955034165248 requests: diff --git a/misconfiguration/ssrf-via-oauth-misconfig.yaml b/misconfiguration/ssrf-via-oauth-misconfig.yaml index c4c61ac7c2..d9b4e75556 100644 --- a/misconfiguration/ssrf-via-oauth-misconfig.yaml +++ b/misconfiguration/ssrf-via-oauth-misconfig.yaml @@ -5,7 +5,7 @@ info: author: KabirSuda severity: medium description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters. - tags: misconfig,oob,oauth + tags: misconfig,oast,oauth reference: https://portswigger.net/research/hidden-oauth-attack-vectors requests: diff --git a/vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml b/vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml index 780055a6d9..ea4569fc8a 100644 --- a/vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml +++ b/vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml @@ -8,7 +8,7 @@ info: reference: - https://bitbucket.org/atlassian/confluence-business-blueprints/pull-requests/144/issue-60-conf-45342-ssrf-in-sharelinks - https://github.com/assetnote/blind-ssrf-chains#confluence - tags: confluence,atlassian,ssrf,jira,oob + tags: confluence,atlassian,ssrf,jira,oast requests: - method: GET diff --git a/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml index 864e73e8dd..b914c4b0e3 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml @@ -8,7 +8,7 @@ info: - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.24-rce - https://www.freebuf.com/vuls/208339.html - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml index d0e75c825e..84843c7c35 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml index 9fb159c5ff..a6146589d3 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml index ea9499ce58..98c915edeb 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml index e8428e5e15..1c8990b146 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml @@ -9,7 +9,7 @@ info: - https://www.freebuf.com/vuls/208339.html - https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955 - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml index 8afbf260fd..236712a7b8 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml index 28f6c5d5cd..326f2fb9ff 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml index 49ef2c1de0..64d91e3be9 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson - https://github.com/wyzxxz/fastjson_rce_tool - tags: fastjson,rce,deserialization,oob + tags: fastjson,rce,deserialization,oast requests: - raw: diff --git a/vulnerabilities/generic/oob-header-based-interaction.yaml b/vulnerabilities/generic/oob-header-based-interaction.yaml index b4404a4f0c..332914d8d0 100644 --- a/vulnerabilities/generic/oob-header-based-interaction.yaml +++ b/vulnerabilities/generic/oob-header-based-interaction.yaml @@ -6,7 +6,7 @@ info: severity: info description: The remote server fetched a spoofed URL from the request headers. reference: https://github.com/PortSwigger/collaborator-everywhere - tags: oob,ssrf,generic + tags: oast,ssrf,generic requests: - method: GET diff --git a/vulnerabilities/generic/oob-param-based-interaction.yaml b/vulnerabilities/generic/oob-param-based-interaction.yaml index 3c3dbce5db..69955c6ee2 100644 --- a/vulnerabilities/generic/oob-param-based-interaction.yaml +++ b/vulnerabilities/generic/oob-param-based-interaction.yaml @@ -6,7 +6,7 @@ info: severity: info description: The remote server fetched a spoofed URL from the request parameters. reference: https://github.com/PortSwigger/collaborator-everywhere - tags: oob,ssrf,generic + tags: oast,ssrf,generic requests: - method: GET diff --git a/vulnerabilities/generic/request-based-interaction.yaml b/vulnerabilities/generic/request-based-interaction.yaml index e532b15dde..dfa1de5d96 100644 --- a/vulnerabilities/generic/request-based-interaction.yaml +++ b/vulnerabilities/generic/request-based-interaction.yaml @@ -6,7 +6,7 @@ info: severity: info description: The remote server fetched a spoofed DNS Name from the request. reference: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface - tags: oob,ssrf,generic + tags: oast,ssrf,generic requests: - raw: diff --git a/vulnerabilities/other/hashicorp-consul-rce.yaml b/vulnerabilities/other/hashicorp-consul-rce.yaml index fc90bf1e5d..47a2da9817 100644 --- a/vulnerabilities/other/hashicorp-consul-rce.yaml +++ b/vulnerabilities/other/hashicorp-consul-rce.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: critical reference: https://www.exploit-db.com/exploits/46074 - tags: hashicorp,rce,oob,intrusive + tags: hashicorp,rce,oast,intrusive requests: - raw: diff --git a/vulnerabilities/other/mirai-unknown-rce.yaml b/vulnerabilities/other/mirai-unknown-rce.yaml index 88176d592c..f0aa5c374c 100644 --- a/vulnerabilities/other/mirai-unknown-rce.yaml +++ b/vulnerabilities/other/mirai-unknown-rce.yaml @@ -7,7 +7,7 @@ info: description: The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection. reference: - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai - tags: mirai,rce,oob + tags: mirai,rce,oast requests: - raw: diff --git a/vulnerabilities/other/netgear-wnap320-rce.yaml b/vulnerabilities/other/netgear-wnap320-rce.yaml index 9b4442dcd8..3fb5459ca4 100644 --- a/vulnerabilities/other/netgear-wnap320-rce.yaml +++ b/vulnerabilities/other/netgear-wnap320-rce.yaml @@ -7,7 +7,7 @@ info: description: vulnerabilities in the web-based management interface of NETGEAR WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device. reference: - https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE - tags: netgear,rce,oob,router + tags: netgear,rce,oast,router requests: - raw: diff --git a/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml b/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml index f79ef39c18..7b87b1527b 100644 --- a/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml +++ b/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml @@ -8,7 +8,7 @@ info: reference: - https://packetstormsecurity.com/files/162993/OptiLink-ONT1GEW-GPON-2.1.11_X101-Remote-Code-Execution.html - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai - tags: optiLink,rce,oob + tags: optiLink,rce,oast requests: - raw: diff --git a/vulnerabilities/other/sar2html-rce.yaml b/vulnerabilities/other/sar2html-rce.yaml index 902279b7f8..24a127592a 100644 --- a/vulnerabilities/other/sar2html-rce.yaml +++ b/vulnerabilities/other/sar2html-rce.yaml @@ -6,7 +6,7 @@ info: severity: critical description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. reference: https://www.exploit-db.com/exploits/49344 - tags: sar2html,rce,oob + tags: sar2html,rce,oast requests: - raw: diff --git a/vulnerabilities/other/visual-tools-dvr-rce.yaml b/vulnerabilities/other/visual-tools-dvr-rce.yaml index b2c31e9384..8b0edcd260 100644 --- a/vulnerabilities/other/visual-tools-dvr-rce.yaml +++ b/vulnerabilities/other/visual-tools-dvr-rce.yaml @@ -7,7 +7,7 @@ info: description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device. reference: - https://www.exploit-db.com/exploits/50098 - tags: visualtools,rce,oob + tags: visualtools,rce,oast requests: - raw: diff --git a/vulnerabilities/other/zimbra-preauth-ssrf.yaml b/vulnerabilities/other/zimbra-preauth-ssrf.yaml index f8e73a2cf6..d1deffe075 100644 --- a/vulnerabilities/other/zimbra-preauth-ssrf.yaml +++ b/vulnerabilities/other/zimbra-preauth-ssrf.yaml @@ -6,7 +6,7 @@ info: severity: critical reference: - https://www.adminxe.com/2183.html - tags: zimbra,ssrf,oob + tags: zimbra,ssrf,oast requests: - raw: diff --git a/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml b/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml index da1277e0fb..c81a051e5d 100644 --- a/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml +++ b/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml @@ -4,7 +4,7 @@ info: name: Wordpress XMLRPC Pingback detection author: pdteam severity: info - tags: wordpress,ssrf,oob + tags: wordpress,ssrf,oast reference: - https://github.com/dorkerdevil/rpckiller - https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32