daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#4927) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-07-27 16:17:31 -04:00 committed by GitHub
parent 4f987317c6
commit 690da7dd94
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 179 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
exposed-panels/qnap/qnap-qts-panel.yaml
View File

@ -1,16 +1,20 @@
id: qnap-qts-panel
info:
name: QNAP QTS Panel
name: QNAP - QTS Panel Discovery
author: idealphase
severity: info
description: |
Simple, Secure, Scalable & Reliable, Based on Linux, QTS 4 is designed to deliver high-performance applications and services fulfilling your needs in file sharing, storage management, backup, virtual environments, multimedia, surveillance and more.
QNAP QTS Panel was discovered.
reference:
- https://www.qnap.com/en/qts4/con_show.php?op=showone&cid=1
- https://www.qnap.com/en?ref=header_logo
metadata:
verified: true
shodan-query: product:"QNAP"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,qnap,qts
requests:
@ -28,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

11
exposures/configs/git-config-nginxoffbyslash.yaml
View File

@ -1,13 +1,18 @@
id: git-config-nginxoffbyslash
info:
name: Nginx off-by-slash exposes Git config
name: Nginx - Git Configuration Exposure
author: organiccrap
severity: medium
description: Nginx off-by-slash vulnerability exposes Git configuration.
description: Nginx is vulnerable to git configuration exposure.
reference:
- https://beaglesecurity.com/blog/vulnerability/nginx-off-by-slash-exposes-git-config.html
- https://twitter.com/Random_Robbie/status/1262676628167110656
- https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
tags: config,exposure,nginx
requests:
@ -29,3 +34,5 @@ requests:
- type: word
words:
- '[core]'
# Enhanced by mp on 2022/07/26

10
vulnerabilities/other/elFinder-path-traversal.yaml
View File

@ -1,16 +1,20 @@
id: elFinder-path-traversal
info:
name: elFinder - Path Traversal
name: elFinder <=2.1.12 - Local File Inclusion
author: ritikchaddha
severity: high
description: |
Connector.minimal.php in std42 elFinder through 2.1.12 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
elFinder through 2.1.12 is vulnerable to local file inclusion via Connector.minimal.php in std42. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
reference:
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
metadata:
verified: true
shodan-query: title:"elfinder"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,elfinder
requests:
@ -29,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/26

10
vulnerabilities/other/ewebs-arbitrary-file-reading.yaml
View File

@ -1,12 +1,16 @@
id: ewebs-arbitrary-file-reading
info:
name: EWEBS casmain.xgi arbitrary file reading vulnerability
name: EWEBS - Local File Inclusion
author: pikpikcu
severity: high
description: A vulnerability in EWEBS's 'casmain.xgi' endpoint allows remote attackers to disclose the content of locally stored files via the 'Language_S' parameter.
description: EWEBS is vulnerable to local file inclusion and allows remote attackers to disclose the content of locally stored files via the 'Language_S' parameter supplied to the 'casmain.xgi' endpoint.
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%9E%81%E9%80%9AEWEBS/%E6%9E%81%E9%80%9AEWEBS%20casmain.xgi%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ewebs,lfi
requests:
@ -30,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/feifeicms-lfr.yaml
View File

@ -1,12 +1,17 @@
id: feifeicms-lfr
info:
name: FeiFeiCms Local File Read
name: FeiFeiCms - Local File Inclusion
author: princechaddha
severity: high
description: FeiFeiCms is vulnerable to local file inclusion.
reference:
- https://www.cnblogs.com/jinqi520/p/10202615.html
- https://gitee.com/daicuo/feifeicms
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: feifeicms,lfi
requests:
@ -28,3 +33,5 @@ requests:
- "db_host"
condition: and
part: body
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/finereport-path-traversal.yaml
View File

@ -1,11 +1,16 @@
id: finereport-path-traversal
info:
name: FineReport 8.0 Path Traversal
name: FineReport 8.0 - Local File Inclusion
author: pikpikcu
severity: medium
description: FIneReport 8.0 is vulnerable to local file inclusion.
reference:
- http://foreversong.cn/archives/1378
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: finereport,lfi
requests:
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/flir-path-traversal.yaml
View File

@ -1,11 +1,16 @@
id: flir-path-traversal
info:
name: Flir Path Traversal
name: Flir - Local File Inclusion
author: pikpikcu
severity: high
description: Flir is vulnerable to local file inclusion.
reference:
- https://juejin.cn/post/6961370156484263972
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: flir,lfi
requests:
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

10
vulnerabilities/other/geovision-geowebserver-lfi.yaml
View File

@ -1,12 +1,16 @@
id: geowebserver-lfi
info:
name: GeoVision Geowebserver 5.3.3 - LFI
name: GeoVision Geowebserver 5.3.3 - Local File Inclusion
author: madrobot
severity: high
description: A vulnerability in GeoVision Geowebserver allows remote unauthenticated attackers to disclose the content of locally stored files.
description: GeoVision Geowebserver 5.3.3 allows remote unauthenticated attackers to disclose the content of locally stored files via local file inclusion.
reference:
- https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: geowebserver,lfi
requests:
@ -29,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

10
vulnerabilities/other/geovision-geowebserver-xss.yaml
View File

@ -1,12 +1,16 @@
id: geowebserver-xss
info:
name: GeoVision Geowebserver 5.3.3 - XSS
name: GeoVision Geowebserver 5.3.3 - Cross-Site Scripting
author: madrobot
severity: medium
description: GEOVISION GEOWEBSERVER =< 5.3.3 are vulnerable to several XSS / HTML Injection / Local File Include / XML Injection / Code execution vectors. The application fails to properly sanitize user requests.
description: GeoVision Geowebserver 5.3.3 and prior versions are vulnerable to several cross-site scripting / HTML injection / local file inclusion / XML injection / code execution vectors because the application fails to properly sanitize user requests.
reference:
- https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: geowebserver,xss
requests:
@ -32,3 +36,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/global-domains-lfi.yaml
View File

@ -1,12 +1,17 @@
id: global-domains-lfi
info:
name: Global Domains International Directory traversal Vulnerability
name: Global Domains International - Local File Inclusion
author: 0x_Akoko
severity: high
description: Global Domains International is vulnerable to local file inclusion.
reference:
- https://cxsecurity.com/issue/WLB-2018020247
- http://www.nic.ws
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: globaldomains,lfi,traversal
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/goip-1-lfi.yaml
View File

@ -4,12 +4,15 @@ info:
name: GoIP-1 GSM - Local File Inclusion
author: gy741
severity: high
description: Input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker
to read arbitrary files on the affected system.
description: GoIP-1 GSM is vulnerable to local file inclusion because input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
reference:
- https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
- http://www.hybertone.com/uploadfile/download/20140304125509964.pdf
- http://en.dbltek.com/latestfirmwares.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: gsm,goip,lfi,iot
requests:
@ -22,3 +25,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/groupoffice-lfi.yaml
View File

@ -1,12 +1,17 @@
id: groupoffice-lfi
info:
name: Groupoffice 3.4.21 Directory Traversal Vulnerability
name: Groupoffice 3.4.21 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Groupoffice 3.4.21 is vulnerable to local file inclusion.
reference:
- https://cxsecurity.com/issue/WLB-2018020249
- http://www.group-office.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: groupoffice,lfi,traversal
requests:
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/gsoap-lfi.yaml
View File

@ -1,11 +1,16 @@
id: gsoap-lfi
info:
name: gSOAP 2.8 - Directory Traversal
name: gSOAP 2.8 - Local File Inclusion
author: 0x_Akoko
description: gSOAP 2.8 is vulnerable to local file inclusion.
severity: high
reference:
- https://www.exploit-db.com/exploits/47653
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: gsoap,lfi
requests:
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/hanming-lfr.yaml
View File

@ -1,11 +1,16 @@
id: hanming-lfr
info:
name: Hanming Video Conferencing File Read
name: Hanming Video Conferencing - Local File Inclusion
author: ritikchaddha
severity: high
description: Hanming Video Conferencing is vulnerable to local file inclusion.
reference:
- https://mp.weixin.qq.com/s/F-M21PT0xn9QOuwoC8llKA
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfr,hanming,lfi
requests:
@ -28,3 +33,5 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0:"
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml
View File

@ -1,11 +1,16 @@
id: hjtcloud-arbitrary-file-read
info:
name: HJTcloud Arbitrary File Read
name: HJTcloud - Local File Inclusion
author: pikpikcu
severity: high
description: HJTcloud is vulnerable to local file inclusion.
reference:
- https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: hjtcloud,lfi
requests:
@ -38,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

3
vulnerabilities/other/laravel-filemanager-lfi.yaml
View File

@ -4,6 +4,7 @@ info:
name: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
author: hackerarpan
severity: high
description: UniSharp Larevel File Manager 2.0.0 is vulnerable to arbitrary file read.
reference:
- https://www.exploit-db.com/exploits/48166
- https://github.com/UniSharp/laravel-filemanager
@ -27,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

13
vulnerabilities/other/mcafee-epo-rce.yaml
View File

@ -1,19 +1,14 @@
id: mcafee-epo-rce
info:
name: McAfee ePolicy Orchestrator RCE
name: McAfee ePolicy Orchestrator - Arbitrary File Upload
author: dwisiswant0
severity: high
description: |
A ZipSlip vulnerability in McAfee ePolicy Orchestrator (ePO)
is a type of Path Traversal occurring when archives are unpacked
if the names of the packed files are not properly sanitized.
An attacker can create archives with files containing "../" in their names,
making it possible to upload arbitrary files
to arbitrary directories or overwrite existing ones during archive extraction.
McAfee ePolicy Orchestrator (ePO) is vulnerable to a ZipSlip vulnerability which allows arbitrary file upload when archives are unpacked if the names of the packed files are not properly sanitized. An attacker can create archives with files containing "../" in their names, making it possible to upload arbitrary files to arbitrary directories or overwrite existing ones during archive extraction.
reference:
- https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
tags: mcafee,rce
tags: mcafee,rce,
requests:
- method: GET
@ -32,3 +27,5 @@ requests:
regex:
- "Volume (in drive [A-Z]|Serial Number) is"
part: body
# Enhanced by mp on 2022/07/27

10
vulnerabilities/other/metinfo-lfi.yaml
View File

@ -1,12 +1,16 @@
id: metinfo-lfi
info:
name: MetInfo 6.0.0/6.1.0 LFI
name: MetInfo <=6.1.0 - Local File Inclusion
author: pikpikcu
severity: high
description: A vulnerability in MetInfo allows remote unauthenticated attackers access to locally stored files and their content.
description: MetInfo 6.0.0 through 6.1.0 is vulnerable to local file inclusion and allows remote unauthenticated attackers access to locally stored files and their content.
reference:
- https://paper.seebug.org/676/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: metinfo,lfi
requests:
@ -30,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

10
vulnerabilities/other/minimouse-lfi.yaml
View File

@ -1,12 +1,16 @@
id: minimouse-lfi
info:
name: Mini Mouse 9.2.0 - Path Traversal
name: Mini Mouse 9.2.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: A vulnerability in Mini Mouse allows remote unauthenticated attackers to include and disclose the content of locally stored files via the 'file' parameter.
description: Mini Mouse 9.2.0 is vulnerable to local file inclusion because it allows remote unauthenticated attackers to include and disclose the content of locally stored files via the 'file' parameter.
reference:
- https://www.exploit-db.com/exploits/49744
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: minimouse,lfi
requests:
@ -27,3 +31,5 @@ requests:
- "extensions"
condition: and
part: body
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/mpsec-lfi.yaml
View File

@ -1,11 +1,16 @@
id: mpsec-lfi
info:
name: MPSec ISG1000 Local File Read
name: MPSec ISG1000 - Local File Inclusion
author: pikpikcu
severity: high
description: MPSec ISG1000 is vulnerable to local file inclusion.
reference:
- https://twitter.com/sec715/status/1402884871173795842
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: mpsec,lfi
requests:
@ -31,3 +36,5 @@ requests:
words:
- "text/plain"
part: header
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/myucms-lfr.yaml
View File

@ -1,11 +1,16 @@
id: myucms-lfr
info:
name: MyuCMS Local File Read
name: MyuCMS - Local File Inclusion
author: princechaddha
severity: high
description: MyuCMS is vulnerable to local file inclusion.
reference:
- https://blog.csdn.net/yalecaltech/article/details/104908257
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: myucms,lfi
requests:
@ -16,3 +21,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/07/27

9
vulnerabilities/other/natshell-path-traversal.yaml
View File

@ -1,11 +1,16 @@
id: natshell-path-traversal
info:
name: NatShell Path Traversal
name: NatShell - Local File Inclusion
author: pikpikcu
severity: high
description: NatShell is vulnerable to local file inclusion.
reference:
- https://mp.weixin.qq.com/s/g4YNI6UBqIQcKL0TRkKWlw
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
fofa-query: title="蓝海卓越计费管理系统"
tags: natshell,lfi
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27

10
vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
View File

@ -1,13 +1,17 @@
id: nginx-merge-slashes-path-traversal
info:
name: Nginx Merge Slashes Path Traversal
name: Nginx Server - Local File Inclusion
author: dhiyaneshDk
severity: medium
description: A vulnerability in the remote Nginx server could cause the server to merge slashslash together causing what should have protected the web site from a directory traversal vulnerability into a vulnerable server.
description: Nginx server is vulnerable to local file inclusion.
reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json
- https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: exposure,config,lfi,nginx
requests:
@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/07/27