daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] 🤖

patch-1
GitHub Action 2024-01-29 11:58:34 +00:00
parent 5a763c043e
commit 5c4a72935f
115 changed files with 149 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cloud/enum/azure-vm-cloud-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Azure virtual machines via their registered DNS names.
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,azure,fuzz,enum
self-contained: true

1
cloud/enum/azure-website-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Azure websites that are registered and responding.
metadata:
verified: true
max-request: 1
tags: cloud,enum,azure
self-contained: true

1
cloud/enum/gcp-app-engine-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for App Engine Apps in GCP.
metadata:
verified: true
max-request: 1
tags: enum,cloud,cloud-enum,gcp
self-contained: true

1
cloud/enum/gcp-bucket-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for open and protected buckets in GCP.
metadata:
verified: true
max-request: 1
tags: cloud,enum,cloud-enum,gcp
self-contained: true

1
cloud/enum/gcp-firebase-app-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Firebase Apps in GCP.
metadata:
verified: true
max-request: 1
tags: enum,cloud,cloud-enum,gcp
self-contained: true

1
cloud/enum/gcp-firebase-rtdb-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Firebase Realtime Databases in GCP.
metadata:
verified: true
max-request: 1
tags: enum,cloud,cloud-enum,gcp
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-aa-exec.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/aa-exec/
metadata:
verified: true
max-request: 3
tags: code,linux,aa-exec,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-ash.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ash/
metadata:
verified: true
max-request: 3
tags: code,linux,ash,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-awk.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/awk/
metadata:
verified: true
max-request: 3
tags: code,linux,awk,privesc
self-contained: true

3
code/privilege-escalation/linux/binary/privesc-bash.yaml
View File

@ -5,11 +5,12 @@ info:
author: daffainfo
severity: high
description: |
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again.
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again.
reference:
- https://gtfobins.github.io/gtfobins/bash/
metadata:
verified: true
max-request: 3
tags: code,linux,bash,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-cdist.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/cdist/
metadata:
verified: true
max-request: 3
tags: code,linux,cdist,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-choom.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/choom/
metadata:
max-request: 3
verified: true
tags: code,linux,choom,privesc

1
code/privilege-escalation/linux/binary/privesc-cpulimit.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/cpulimit/
metadata:
verified: true
max-request: 3
tags: code,linux,cpulimit,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-csh.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/csh/
metadata:
verified: true
max-request: 3
tags: code,linux,csh,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-csvtool.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/csvtool/
metadata:
verified: true
max-request: 3
tags: code,linux,csvtool,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-dash.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/dash/
metadata:
verified: true
max-request: 3
tags: code,linux,dash,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-dc.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/dc/
metadata:
verified: true
max-request: 3
tags: code,linux,dc,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-distcc.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/distcc/
metadata:
verified: true
max-request: 3
tags: code,linux,distcc,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-elvish.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/elvish/
metadata:
verified: true
max-request: 3
tags: code,linux,elvish,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-enscript.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/enscript/
metadata:
verified: true
max-request: 3
tags: code,linux,enscript,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-env.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/env/
metadata:
verified: true
max-request: 3
tags: code,linux,env,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-expect.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/expect/
metadata:
verified: true
max-request: 3
tags: code,linux,expect,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-find.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/find/
metadata:
max-request: 3
verified: true
tags: code,linux,find,privesc

1
code/privilege-escalation/linux/binary/privesc-fish.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/fish/
metadata:
verified: true
max-request: 3
tags: code,linux,fish,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-flock.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/flock/
metadata:
verified: true
max-request: 3
tags: code,linux,flock,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-gawk.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/gawk/
metadata:
verified: true
max-request: 3
tags: code,linux,gawk,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-grc.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/grc/
metadata:
verified: true
max-request: 3
tags: code,linux,grc,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-ionice.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ionice/
metadata:
verified: true
max-request: 3
tags: code,linux,ionice,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-julia.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/julia/
metadata:
verified: true
max-request: 3
tags: code,linux,julia,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-lftp.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/lftp/
metadata:
verified: true
max-request: 3
tags: code,linux,lftp,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-ltrace.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ltrace/
metadata:
verified: true
max-request: 3
tags: code,linux,ltrace,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-lua.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/lua/
metadata:
max-request: 3
verified: true
tags: code,linux,lua,privesc

1
code/privilege-escalation/linux/binary/privesc-mawk.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/mawk/
metadata:
verified: true
max-request: 3
tags: code,linux,mawk,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-multitime.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/multitime/
metadata:
verified: true
max-request: 3
tags: code,linux,multitime,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-mysql.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/mysql/
metadata:
max-request: 3
verified: true
tags: code,linux,mysql,privesc

1
code/privilege-escalation/linux/binary/privesc-nawk.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/nawk/
metadata:
verified: true
max-request: 3
tags: code,linux,nawk,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-nice.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/nice/
metadata:
verified: true
max-request: 3
tags: code,linux,nice,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-node.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/node/
metadata:
max-request: 4
verified: true
tags: code,linux,node,privesc

1
code/privilege-escalation/linux/binary/privesc-nsenter.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/nsenter/
metadata:
verified: true
max-request: 3
tags: code,linux,nsenter,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-perl.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/perl/
metadata:
verified: true
max-request: 4
tags: code,linux,perl,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-pexec.yaml
View File

@ -10,6 +10,7 @@ info:
https://gtfobins.github.io/gtfobins/pexec/
metadata:
verified: true
max-request: 3
tags: code,linux,pexec,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-php.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/php/
metadata:
verified: true
max-request: 4
tags: code,linux,php,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-posh.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/posh/
metadata:
verified: true
max-request: 3
tags: code,linux,posh,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-python.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/python/
metadata:
verified: true
max-request: 4
tags: code,linux,php,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-rake.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rake/
metadata:
verified: true
max-request: 3
tags: code,linux,rake,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-rc.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/rc/
metadata:
max-request: 3
verified: true
tags: code,linux,rc,privesc

1
code/privilege-escalation/linux/binary/privesc-rlwrap.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rlwrap/
metadata:
verified: true
max-request: 3
tags: code,linux,rlwrap,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-rpm.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rpm/
metadata:
verified: true
max-request: 3
tags: code,linux,rpm,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-rpmdb.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rpmdb/
metadata:
verified: true
max-request: 3
tags: code,linux,rpmdb,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-rpmverify.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rpmverify/
metadata:
verified: true
max-request: 3
tags: code,linux,rpmverify,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-ruby.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ruby/
metadata:
verified: true
max-request: 4
tags: code,linux,ruby,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-run-parts.yaml
View File

@ -8,6 +8,7 @@ info:
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
reference: https://gtfobins.github.io/gtfobins/run-parts/
metadata:
max-request: 3
verified: true
tags: code,linux,run-parts,privesc

1
code/privilege-escalation/linux/binary/privesc-sash.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/sash/
metadata:
verified: true
max-request: 3
tags: code,linux,sash,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-slsh.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/slsh/
metadata:
verified: true
max-request: 3
tags: code,linux,slsh,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-socat.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/socat/
metadata:
verified: true
max-request: 3
tags: code,linux,socat,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-softlimit.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/softlimit/
metadata:
verified: true
max-request: 3
tags: code,linux,softlimit,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-sqlite3.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/sqlite3/
metadata:
verified: true
max-request: 3
tags: code,linux,sqlite3,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-ssh-agent.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ssh-agent/
metadata:
verified: true
max-request: 3
tags: code,linux,ssh-agent,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-sshpass.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/sshpass/
metadata:
verified: true
max-request: 3
tags: code,linux,sshpass,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-stdbuf.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/stdbuf/
metadata:
verified: true
max-request: 3
tags: code,linux,stdbuf,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-strace.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/strace/
metadata:
max-request: 3
verified: true
tags: code,linux,strace,privesc

1
code/privilege-escalation/linux/binary/privesc-tar.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/tar/
metadata:
verified: true
max-request: 3
tags: code,linux,tar,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-tcsh.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/tcsh/
metadata:
verified: true
max-request: 3
tags: code,linux,tcsh,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-time.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/time/
metadata:
verified: true
max-request: 3
tags: code,linux,time,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-timeout.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/timeout/
metadata:
verified: true
max-request: 3
tags: code,linux,timeout,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-tmate.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/tmate/
metadata:
verified: true
max-request: 3
tags: code,linux,tmate,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-torify.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/torify/
metadata:
max-request: 3
verified: true
tags: code,linux,torify,privesc

1
code/privilege-escalation/linux/binary/privesc-torsocks.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/torsocks/
metadata:
verified: true
max-request: 3
tags: code,linux,torsocks,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-unshare.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/unshare/
metadata:
verified: true
max-request: 3
tags: code,linux,unshare,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-vi.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/vi/
metadata:
verified: true
max-request: 3
tags: code,linux,vi,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-view.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/view/
metadata:
max-request: 3
verified: true
tags: code,linux,view,privesc

1
code/privilege-escalation/linux/binary/privesc-vim.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/vim/
metadata:
verified: true
max-request: 3
tags: code,linux,vim,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-xargs.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/xargs/
metadata:
max-request: 3
verified: true
tags: code,linux,xargs,privesc

1
code/privilege-escalation/linux/binary/privesc-xdg-user-dir.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/xdg-user-dir/
metadata:
verified: true
max-request: 3
tags: code,linux,xdg-user-dir,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-yash.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/yash/
metadata:
verified: true
max-request: 3
tags: code,linux,yash,privesc
self-contained: true

1
code/privilege-escalation/linux/binary/privesc-zsh.yaml
View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/zsh/
metadata:
verified: true
max-request: 3
tags: code,linux,zsh,privesc
self-contained: true

1
code/privilege-escalation/linux/rw-shadow.yaml
View File

@ -7,6 +7,7 @@ info:
reference:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
metadata:
max-request: 2
verified: true
tags: code,linux,privesc

1
code/privilege-escalation/linux/rw-sudoers.yaml
View File

@ -8,6 +8,7 @@ info:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#etc-sudoers-etc-sudoers.d
metadata:
verified: true
max-request: 2
tags: code,linux,privesc
self-contained: true

1
dns/dns-rebinding.yaml
View File

@ -16,6 +16,7 @@ info:
cwe-id: CWE-350
metadata:
verified: true
max-request: 2
tags: redirect,dns,network
dns:

2
http/cves/2018/CVE-2018-10942.yaml
View File

@ -13,7 +13,7 @@ info:
classification:
cve-id: CVE-2018-10942
metadata:
max-request: 2
max-request: 8
tags: prestashop,attributewizardpro,intrusive,file-upload
variables:

11
http/cves/2020/CVE-2020-27838.yaml
View File

@ -6,25 +6,26 @@ info:
severity: medium
description: |
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
reference:
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
impact: |
The vulnerability allows an attacker to gain sensitive information from the KeyCloak server.
remediation: |
Apply the latest security patches or updates provided by the KeyCloak vendor.
reference:
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2020-27838
cwe-id: CWE-287
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
epss-score: 0.00154
epss-percentile: 0.5163
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
metadata:
vendor: redhat
product: keycloak
shodan-query: title:"keycloak"
shodan-query: "title:\"keycloak\""
max-request: 1
tags: cve,cve2020,keyclock,exposure
http:

9
http/cves/2022/CVE-2022-47501.yaml
View File

@ -17,14 +17,15 @@ info:
cvss-score: 7.5
cve-id: CVE-2022-47501
cwe-id: CWE-22
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
epss-score: 0.00183
epss-percentile: 0.55601
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata:
vendor: apache
product: ofbiz
shodan-query: html:"OFBiz"
fofa-query: app="Apache_OFBiz"
shodan-query: "html:\"OFBiz\""
fofa-query: "app=\"Apache_OFBiz\""
max-request: 2
vendor: apache
tags: cve,cve2022,apache,ofbiz,lfi
http:

5
http/cves/2023/CVE-2023-46805.yaml
View File

@ -16,8 +16,9 @@ info:
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
metadata:
vendor: ivanti
product: connect_secure
shodan-query: html:"welcome.cgi?p=logo"
product: "connect_secure"
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 1
tags: cve,cve2023,kev,auth-bypass,ivanti
http:

8
http/cves/2023/CVE-2023-47211.yaml
View File

@ -14,12 +14,12 @@ info:
cvss-score: 8.6
cve-id: CVE-2023-47211
cwe-id: CWE-22
epss-score: 0.000610000
epss-percentile: 0.238320000
cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*
epss-score: 0.00061
epss-percentile: 0.23832
metadata:
max-request: 1
shodan-query: http.title:"OpManager Plus"
max-request: 3
shodan-query: "http.title:\"OpManager Plus\""
tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi
http:

9
http/cves/2023/CVE-2023-50290.yaml
View File

@ -7,15 +7,16 @@ info:
description: |
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
impact: |
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
reference:
- https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
- https://x.com/sirifu4k1/status/1746755165066236216?s=20
- https://nvd.nist.gov/vuln/detail/CVE-2023-50290
impact: |
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
metadata:
shodan-query: title:"Apache Solr"
shodan-query: "title:\"Apache Solr\""
max-request: 1
tags: cve,cve2023,apache,solr,exposure
http:

2
http/cves/2023/CVE-2023-6875.yaml
View File

@ -18,7 +18,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2023-6875
metadata:
max-request: 1
max-request: 3
verified: true
publicwww-query: "/wp-content/plugins/post-smtp"
tags: cve,cve2023,wp,wp-plugin,wordpress,smtp,mailer,auth-bypass

5
http/cves/2024/CVE-2024-21887.yaml
View File

@ -14,9 +14,10 @@ info:
cwe-id: CWE-77
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
metadata:
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 1
vendor: ivanti
product: connect_secure
shodan-query: html:"welcome.cgi?p=logo"
product: "connect_secure"
tags: cve,cve2024,kev,rce,ivanti
http:

4
http/default-logins/node-red/nodered-default-login.yaml
View File

@ -5,12 +5,12 @@ info:
author: savik
severity: critical
description: |
Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials.
Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials.
reference:
- https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
metadata:
max-request: 1
verified: true
max-request: 1
shodan-query: http.favicon.hash:321591353
tags: default-login,node-red,dashboard

4
http/default-logins/powershell/powershell-default-login.yaml
View File

@ -9,9 +9,9 @@ info:
reference:
- https://ironmansoftware.com/powershell-universal
metadata:
max-request: 1
shodan-query: html:"PowerShell Universal"
verified: true
max-request: 3
shodan-query: "html:\"PowerShell Universal\""
tags: default-login,powershell-universal
http:

2
http/exposed-panels/autoset-detect.yaml
View File

@ -7,8 +7,8 @@ info:
reference:
- http://autoset.net/xe/
metadata:
max-request: 1
verified: true
max-request: 1
shodan-query: title:"AutoSet"
tags: tech,php,autoset,apache

3
http/exposed-panels/compalex-panel-detect.yaml
View File

@ -8,7 +8,8 @@ info:
- http://compalex.net/
metadata:
verified: true
shodan-query: title:"COMPALEX"
max-request: 15
shodan-query: "title:\"COMPALEX\""
tags: tech,php,compalex,sql
http:

2
http/exposed-panels/doris-panel.yaml
View File

@ -6,8 +6,8 @@ info:
severity: info
description: Doris panel detection template.
metadata:
max-request: 1
verified: true
max-request: 1
shodan-query: http.favicon.hash:24048806
tags: doris,panel,login,detect

2
http/exposed-panels/goodjob-dashboard.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://github.com/bensheldon/good_job
metadata:
max-request: 2
verified: true
max-request: 2
tags: unauth,panel,goodjob
http:

2
http/exposed-panels/lomnido-panel.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://lomnido.com/
metadata:
max-request: 1
verified: true
max-request: 1
shodan-query: http.title:"Lomnido Login"
tags: lomnido,panel,login,detect

5
http/exposed-panels/securenvoy-panel.yaml
View File

@ -9,11 +9,10 @@ info:
- https://securenvoy.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
max-request: 1
shodan-query: http.title:"securenvoy"
max-request: 4
shodan-query: "http.title:\"securenvoy\""
tags: panel,securenvoy
http:

2
http/exposed-panels/vault-panel.yaml
View File

@ -10,8 +10,8 @@ info:
cvss-score: 0
cwe-id: CWE-200
metadata:
max-request: 2
verified: true
max-request: 2
shodan-query: http.favicon.hash:-919788577
tags: panel,vault,detect

2
http/exposures/backups/php-backup-files.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: PHP Source File is disclosed to external users.
metadata:
max-request: 1222
max-request: 1512
tags: exposure,backup,php,disclosure,fuzz
http:

2
http/exposures/backups/settings-php-files.yaml
View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 6
max-request: 7
tags: exposure,backup
http:

2
http/exposures/backups/sql-dump.yaml
View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 20
max-request: 21
tags: exposure,backup,mysql
http:

2
http/exposures/backups/zip-backup-files.yaml
View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 650
max-request: 1440
tags: exposure,backup
http:

Some files were not shown because too many files have changed in this diff Show More