diff --git a/cves/2019/CVE-2019-1010287.yaml b/cves/2019/CVE-2019-1010287.yaml index 93c87f6f1b..02fb5c9607 100644 --- a/cves/2019/CVE-2019-1010287.yaml +++ b/cves/2019/CVE-2019-1010287.yaml @@ -4,21 +4,21 @@ info: name: Timesheet 1.5.3 - Cross Site Scripting author: pikpikcu severity: medium + description: "Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url." reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-1010287 - http://www.mdh-tz.info/ # demo tags: cve,cve2019,timesheet,xss - additional-fields: - google-dork: inurl:"/timesheet/login.php" classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 cve-id: CVE-2019-1010287 cwe-id: CWE-79 - description: "Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url." + metadata: + google-dork: inurl:"/timesheet/login.php" requests: - - raw: # Metod POST From login.php + - raw: - | POST /timesheet/login.php HTTP/1.1 Host: {{Hostname}} diff --git a/cves/2019/CVE-2019-12593.yaml b/cves/2019/CVE-2019-12593.yaml index 2c649f6e12..d0cadf98c8 100644 --- a/cves/2019/CVE-2019-12593.yaml +++ b/cves/2019/CVE-2019-12593.yaml @@ -11,13 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-12593 - http://www.icewarp.com # vendor homepage - https://www.icewarp.com/downloads/trial/ # software link - additional-fields: - google-dork: Powered By IceWarp 10.4.4 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 cve-id: CVE-2019-12593 cwe-id: CWE-22 + metadata: + google-dork: Powered By IceWarp 10.4.4 requests: - method: GET diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml index be49883637..789f25b5ee 100644 --- a/cves/2020/CVE-2020-13167.yaml +++ b/cves/2020/CVE-2020-13167.yaml @@ -9,13 +9,13 @@ info: reference: - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says - additional-fields: - hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out' classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2020-13167 cwe-id: CWE-78 + metadata: + hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out' requests: - method: GET diff --git a/cves/2020/CVE-2020-14864.yaml b/cves/2020/CVE-2020-14864.yaml index f46615666a..e2e0206f06 100644 --- a/cves/2020/CVE-2020-14864.yaml +++ b/cves/2020/CVE-2020-14864.yaml @@ -8,8 +8,6 @@ info: reference: - http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html - https://www.oracle.com/security-alerts/cpuoct2020.html - additional-fields: - cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N' classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index fa1a549e53..b973c0720d 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -14,7 +14,7 @@ info: cvss-score: 9.80 cve-id: CVE-2021-26295 cwe-id: CWE-502 - additional-fields: + metadata: ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex' requests: diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml index 6852d161cb..60bdbd942f 100644 --- a/default-logins/abb/cs141-default-login.yaml +++ b/default-logins/abb/cs141-default-login.yaml @@ -6,7 +6,7 @@ info: severity: medium reference: https://www.generex.de/media/pages/packages/documents/manuals/f65348d5b6-1628841637/manual_CS141_en.pdf tags: hiawatha,iot,default-login - additional-fields: + metadata: shodan-dork: https://www.shodan.io/search?query=html%3A%22CS141%22 requests: diff --git a/dns/elasticbeantalk-takeover.yaml b/dns/elasticbeantalk-takeover.yaml index 8a06147859..d8b6ddfc4f 100644 --- a/dns/elasticbeantalk-takeover.yaml +++ b/dns/elasticbeantalk-takeover.yaml @@ -9,7 +9,7 @@ info: - https://twitter.com/payloadartist/status/1362035009863880711 - https://www.youtube.com/watch?v=srKIqhj_ki8 tags: dns,takeover,aws - additional-fields: + metadata: comments: | Only CNAMEs with region specification are hijackable. You need to claim the CNAME in AWS portal (https://aws.amazon.com/) or via AWS CLI to confirm the takeover. diff --git a/technologies/abyss-web-server.yaml b/technologies/abyss-web-server.yaml index a760447d4b..21b392d066 100644 --- a/technologies/abyss-web-server.yaml +++ b/technologies/abyss-web-server.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: info tags: tech - additional-fields: + metadata: fofa-dork: 'app="Abyss-Web-Server"' requests: diff --git a/technologies/iplanet-web-server.yaml b/technologies/iplanet-web-server.yaml index 1b3b79c375..bd470068d7 100644 --- a/technologies/iplanet-web-server.yaml +++ b/technologies/iplanet-web-server.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: info tags: tech - additional-fields: + metadata: fofa-dork: 'app="iPlanet-Web-Server,-Enterprise-Edition-4.1"' requests: diff --git a/technologies/kubernetes/kubernetes-enterprise-manager.yaml b/technologies/kubernetes/kubernetes-enterprise-manager.yaml index 137e4062a7..57a51341a8 100644 --- a/technologies/kubernetes/kubernetes-enterprise-manager.yaml +++ b/technologies/kubernetes/kubernetes-enterprise-manager.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: info tags: tech,kubernetes - additional-fields: + metadata: fofa-dork: 'app="Kubernetes-Enterprise-Manager"' requests: diff --git a/technologies/kubernetes/kubernetes-mirantis.yaml b/technologies/kubernetes/kubernetes-mirantis.yaml index f823c86fb8..b6cdbff813 100644 --- a/technologies/kubernetes/kubernetes-mirantis.yaml +++ b/technologies/kubernetes/kubernetes-mirantis.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: info tags: tech,kubernetes - additional-fields: + metadata: fofa-dork: 'app="Mirantis-Kubernetes-Engine"' requests: diff --git a/technologies/oracle/oracle-iplanet-web-server.yaml b/technologies/oracle/oracle-iplanet-web-server.yaml index adea754704..07d74c7cac 100644 --- a/technologies/oracle/oracle-iplanet-web-server.yaml +++ b/technologies/oracle/oracle-iplanet-web-server.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: info tags: tech,oracle - additional-fields: + metadata: fofa-dork: 'app="Oracle-iPlanet-Web-Server' requests: diff --git a/vulnerabilities/generic/top-xss-params.yaml b/vulnerabilities/generic/top-xss-params.yaml index d243903673..bcee1a4694 100644 --- a/vulnerabilities/generic/top-xss-params.yaml +++ b/vulnerabilities/generic/top-xss-params.yaml @@ -6,7 +6,7 @@ info: severity: medium description: Searches for reflected XSS in the server response via GET-requests. tags: xss,generic - additional-fields: + metadata: parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p requests: diff --git a/vulnerabilities/other/bullwark-momentum-lfi.yaml b/vulnerabilities/other/bullwark-momentum-lfi.yaml index a6424a4b88..abe45ac827 100644 --- a/vulnerabilities/other/bullwark-momentum-lfi.yaml +++ b/vulnerabilities/other/bullwark-momentum-lfi.yaml @@ -8,7 +8,7 @@ info: - https://www.exploit-db.com/exploits/47773 - http://www.bullwark.net/ # vendor homepage - http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # software link - additional-fields: + metadata: version: Bullwark Momentum Series Web Server JAWS/1.0 shodan-dork: https://www.shodan.io/search?query=Bullwark&page=1 fofa-dork: https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D diff --git a/vulnerabilities/other/sick-beard-xss.yaml b/vulnerabilities/other/sick-beard-xss.yaml index 51b5a3253c..564e9bb618 100644 --- a/vulnerabilities/other/sick-beard-xss.yaml +++ b/vulnerabilities/other/sick-beard-xss.yaml @@ -8,7 +8,7 @@ info: reference: - https://sickbeard.com/ # vendor homepage - https://github.com/midgetspy/Sick-Beard # software link - additional-fields: + metadata: shodan-dork: sickbeard requests: