daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into netman

patch-1
Muhammad Abdullah 2023-06-13 11:40:03 +05:00 committed by GitHub
parent 954388c2c4 336f9ed875
commit 4b3c6b40a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 165 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.new-additions
View File

@ -1,4 +1,8 @@
http/cves/2008/CVE-2008-1547.yaml
http/cves/2010/CVE-2010-1586.yaml
http/cves/2012/CVE-2012-4982.yaml
http/cves/2019/CVE-2019-1943.yaml
http/cves/2021/CVE-2021-44138.yaml
http/cves/2023/CVE-2023-25157.yaml
http/miscellaneous/crypto-mining-malware.yaml
http/misconfiguration/symfony-fragment.yaml

2
helpers/wordpress/plugins/so-widgets-bundle.txt
View File

@ -1 +1 @@
1.50.0
1.50.1

2
helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt
View File

@ -1 +1 @@
2.6.5
2.6.6

35
http/cves/2008/CVE-2008-1547.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2008-1547
info:
name: Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2008-1547
- https://www.exploit-db.com/exploits/32489
- https://www.securityfocus.com/bid/31765/info
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-1547
cwe-id: CWE-601
cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"Outlook"
tags: cve,cve2008,redirect,owa,exchange,microsoft
http:
- method: GET
path:
- "{{BaseURL}}/exchweb/bin/redir.asp?URL=https://interact.sh"
- "{{BaseURL}}/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttps%3A%2F%2Finteract.sh&reason=0"
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

31
http/cves/2010/CVE-2010-1586.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2010-1586
info:
name: HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586
- https://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2010-1586
cwe-id: CWE-20
cpe: cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
tags: cve,cve2010,redirect,smh,hp
http:
- method: GET
path:
- "{{BaseURL}}/red2301.html?RedirectUrl=http://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

31
http/cves/2012/CVE-2012-4982.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2012-4982
info:
name: Forescout CounterACT 6.3.4.1 - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.
reference:
- https://www.exploit-db.com/exploits/38062
- https://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html
- https://nvd.nist.gov/vuln/detail/CVE-2012-4982
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N
cvss-score: 5.8
cve-id: CVE-2012-4982
cwe-id: CWE-20
cpe: cpe:2.3:a:forescout:counteract:6.3.4.10:*:*:*:*:*:*:*
metadata:
max-request: 1
tags: cve,cve2012,redirect,forescout,counteract
http:
- method: GET
path:
- "{{BaseURL}}/assets/login?a=https://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

2
http/cves/2015/CVE-2015-1880.yaml
View File

@ -15,7 +15,7 @@ info:
cvss-score: 4.3
cve-id: CVE-2015-1880
cwe-id: CWE-79
tags: cve,cve2015,xss,fortigates,ssl
tags: cve,cve2015,xss,fortigates
metadata:
max-request: 1

47
http/cves/2021/CVE-2021-44138.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2021-44138
info:
name: Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
author: carrot2
severity: high
description: |
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
reference:
- https://nvd.nist.gov/vuln/detail/cve-2021-44138
- https://github.com/maybe-why-not/reponame/issues/2
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-44138
cwe-id: CWE-22
metadata:
verified: "true"
shodan-query: html:"Resin"
tags: cve,cve2021,resin,caucho,lfi
http:
- method: GET
path:
- "{{BaseURL}}/;/WEB-INF/web.xml"
- "{{BaseURL}}/resin-doc/;/WEB-INF/resin-web.xml"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "<web-app"
- "</web-app>"
part: body
condition: and
- type: word
part: header
words:
- "text/xml"
- "application/xml"
condition: or
- type: status
status:
- 200

2
http/cves/2023/CVE-2023-1434.yaml
View File

@ -4,6 +4,8 @@ info:
name: Odoo - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.
reference:
- https://www.sonarsource.com/blog/odoo-get-your-content-type-right-or-else
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1434

6
http/osint/dotcards.yaml
View File

@ -30,4 +30,10 @@ http:
words:
- "&#x27;s dot.Profile</title>"
- type: word
part: body
words:
- '"message":"The username does not exist"'
negative: true
# Enhanced by cs 03/17/2023

7
http/vulnerabilities/jenkins/jenkins-script.yaml
View File

@ -2,12 +2,13 @@ id: jenkins-script
info:
name: Jenkins - Remote Code Execution
author: philippedelteil
author: philippedelteil,DhiyaneshDK
severity: critical
description: |
Jenkins is susceptible to a remote code execution vulnerability due to accessible script functionality.
reference:
- https://hackerone.com/reports/403402
- https://medium.com/@gokulsspace/the-30000-bounty-affair-3f025ee6b834
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
@ -20,7 +21,9 @@ http:
- method: GET
path:
- "{{BaseURL}}/script/"
- "{{BaseURL}}/jenkins/script"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
@ -38,5 +41,3 @@ http:
- type: status
status:
- 200
# Enhanced by mp on 2022/05/26

1
http/exposed-panels/c2/cobalt-strike-c2.yaml → ssl/c2/cobalt-strike-c2.yaml
View File

@ -10,6 +10,7 @@ info:
- https://blog.sekoia.io/hunting-and-detecting-cobalt-strike/
metadata:
max-request: 1
verified: "true"
shodan-query: ssl.cert.serial:146473198
tags: ssl,c2,ir,osint

2
http/exposed-panels/c2/metasploit-c2.yaml → ssl/c2/metasploit-c2.yaml
View File

@ -10,7 +10,7 @@ info:
https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
metadata:
max-request: 1
verified: true
verified: "true"
shodan-query: ssl:"MetasploitSelfSignedCA"
tags: c2,ir,osint,metasploit