misc updates

2021-11-11 22:59:29 +05:30 · 2021-11-11 22:59:29 +05:30 · 65ce478c0e
parent d58d0d472f
commit 65ce478c0e
4 changed files with 11 additions and 10 deletions
--- a/cves/2017/CVE-2017-15944.yaml
+++ b/cves/2017/CVE-2017-15944.yaml
@ -8,11 +8,11 @@ info:
    - https://www.exploit-db.com/exploits/43342
    - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
  severity: critical
-  tags: cve,cve2017,rce,vpn,paloalto,globalprotect
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2017-15944
+  tags: cve,cve2017,rce,vpn,panos,globalprotect

 requests:
  - raw:
@ -24,9 +24,9 @@ requests:
    matchers-condition: and
    matchers:
      - type: word
+        part: body
        words:
          - "@start@Success@end@"
-        part: body

      - type: status
        status:
--- a/cves/2018/CVE-2018-10141.yaml
+++ b/cves/2018/CVE-2018-10141.yaml
@ -2,16 +2,16 @@ id: CVE-2018-10141

 info:
  name: GlobalProtect Login page XSS
+  severity: medium
  author: dhiyaneshDk
  description: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
-  severity: medium
  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10141
-  tags: globalprotect,xss,cve,cve2018,vpn
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2018-10141
    cwe-id: CWE-79
+  tags: cve,cve2018,panos,vpn,globalprotect,xss

 requests:
  - method: GET
@ -21,14 +21,14 @@ requests:
    matchers-condition: and
    matchers:
      - type: word
+        part: body
        words:
          - 'var valueUser = "j";-alert(1)-"x";'
-        part: body

      - type: word
+        part: header
        words:
          - "text/html"
-        part: header

      - type: status
        status:
--- a/default-logins/paloalto/panos-default-login.yaml
+++ b/default-logins/paloalto/panos-default-login.yaml
@ -6,7 +6,7 @@ info:
  severity: high
  description: Default Login of admin:admin on Palo Alto Networks PAN-OS application.
  reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks.
-  tags: paloalto,panos,default-login
+  tags: panos,default-login

 requests:
  - raw:
@ -17,19 +17,19 @@ requests:

        user={{username}}&passwd={{password}}&challengePwd=&ok=Login

+    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin
-    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: word
+        part: header
        words:
          - "Set-Cookie: PHPSESSID"
-        part: header

      - type: word
        words:
--- a/exposed-panels/globalprotect-panel.yaml
+++ b/exposed-panels/globalprotect-panel.yaml
@ -4,7 +4,7 @@ info:
  name: PaloAlto Networks GlobalProtect Panel
  author: organiccrap
  severity: info
-  tags: panel
+  tags: panel,panos

 requests:
  - method: GET
@ -12,6 +12,7 @@ requests:
      - "{{BaseURL}}/global-protect/login.esp"
      - "{{BaseURL}}/sslmgr"

+    stop-at-first-match: true
    matchers:
      - type: word
        words: