Merge branch 'master' into dashboard
commit
7f119d5268
|
@ -15,8 +15,10 @@ exposed-panels/teamcity-login-panel.yaml
|
||||||
misconfiguration/teamcity/teamcity-guest-login-enabled.yaml
|
misconfiguration/teamcity/teamcity-guest-login-enabled.yaml
|
||||||
misconfiguration/teamcity/teamcity-registration-enabled.yaml
|
misconfiguration/teamcity/teamcity-registration-enabled.yaml
|
||||||
misconfiguration/wp-registration-enabled.yaml
|
misconfiguration/wp-registration-enabled.yaml
|
||||||
|
technologies/intercom.yaml
|
||||||
token-spray/api-digitalocean.yaml
|
token-spray/api-digitalocean.yaml
|
||||||
token-spray/api-segment.yaml
|
token-spray/api-segment.yaml
|
||||||
vulnerabilities/other/royalevent/royalevent-management-xss.yaml
|
vulnerabilities/other/royalevent/royalevent-management-xss.yaml
|
||||||
vulnerabilities/other/royalevent/royalevent-stored-xss.yaml
|
vulnerabilities/other/royalevent/royalevent-stored-xss.yaml
|
||||||
|
vulnerabilities/wordpress/new-user-approve-xss.yaml
|
||||||
vulnerabilities/wordpress/sym404.yaml
|
vulnerabilities/wordpress/sym404.yaml
|
||||||
|
|
|
@ -3,6 +3,11 @@
|
||||||
#
|
#
|
||||||
# This is default list of tags and files to excluded from default nuclei scan.
|
# This is default list of tags and files to excluded from default nuclei scan.
|
||||||
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
||||||
|
#
|
||||||
|
# ============ DO NOT EDIT ============
|
||||||
|
# Automatically updated by nuclei on execution from nuclei-templates
|
||||||
|
# User changes should be in nuclei config file
|
||||||
|
# ============ DO NOT EDIT ============
|
||||||
|
|
||||||
# tags is a list of tags to ignore execution for
|
# tags is a list of tags to ignore execution for
|
||||||
# unless asked for by the user.
|
# unless asked for by the user.
|
||||||
|
|
|
@ -12,13 +12,14 @@ info:
|
||||||
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
|
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2005-3344
|
cve-id: CVE-2005-3344
|
||||||
tags: horde,unauth
|
tags: cve,cve2005,horde,unauth
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/horde/admin/user.php"
|
- "{{BaseURL}}/horde/admin/user.php"
|
||||||
- "{{BaseURL}}/admin/user.php"
|
- "{{BaseURL}}/admin/user.php"
|
||||||
|
|
||||||
headers:
|
headers:
|
||||||
Content-Type: text/html
|
Content-Type: text/html
|
||||||
|
|
||||||
|
@ -28,7 +29,6 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<title>Horde :: User Administration</title>"
|
- "<title>Horde :: User Administration</title>"
|
||||||
condition: and
|
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
@ -14,7 +14,7 @@ info:
|
||||||
cve-id: CVE-2008-5587
|
cve-id: CVE-2008-5587
|
||||||
metadata:
|
metadata:
|
||||||
shodan-query: http.title:"phpPgAdmin"
|
shodan-query: http.title:"phpPgAdmin"
|
||||||
tags: cve2008,lfi,phppgadmin
|
tags: cve,cve2008,lfi,phppgadmin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2009-5020
|
cve-id: CVE-2009-5020
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
tags: cve,cve2020,redirect,awstats
|
tags: cve,cve2009,redirect,awstats
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -12,7 +12,7 @@ info:
|
||||||
- http://openwall.com/lists/oss-security/2012/10/29/7
|
- http://openwall.com/lists/oss-security/2012/10/29/7
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2012-4547
|
cve-id: CVE-2012-4547
|
||||||
tags: cve,cve2020,xss,awstats
|
tags: cve,cve2012,xss,awstats
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2014-9614
|
cve-id: CVE-2014-9614
|
||||||
cwe-id: CWE-798
|
cwe-id: CWE-798
|
||||||
tags: cve,cve2021,netsweeper,default-login
|
tags: cve,cve2014,netsweeper,default-login
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -16,7 +16,7 @@ info:
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2016-10924
|
cve-id: CVE-2016-10924
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2021,wp-plugin,lfi,wordpress,ebook,wp
|
tags: cve,cve2016,wp-plugin,lfi,wordpress,ebook,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -15,7 +15,7 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2016-1555
|
cve-id: CVE-2016-1555
|
||||||
cwe-id: CWE-77
|
cwe-id: CWE-77
|
||||||
tags: netgear,rce,oast,router
|
tags: cve,cve2016,netgear,rce,oast,router
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -14,15 +14,19 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2018-13379
|
cve-id: CVE-2018-13379
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2018,fortios,cisa
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: http.html:"/remote/login" "xxxxxxxx"
|
||||||
|
tags: cve,cve2018,fortios,cisa,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
|
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- "var fgt_lang"
|
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- '^var fgt_lang ='
|
||||||
# Enhanced by mp on 2022/05/12
|
# Enhanced by mp on 2022/05/12
|
||||||
|
|
|
@ -18,7 +18,7 @@ info:
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: "true"
|
||||||
tags: wp-plugin,wordpress,wp,xss,unauth
|
tags: cve,cve2019,wp-plugin,wordpress,wp,xss,unauth
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -15,7 +15,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2020-11529
|
cve-id: CVE-2020-11529
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
tags: cve,cve2019,redirect,grav,getgrav
|
tags: cve,cve2020,redirect,grav,getgrav
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: shadoweb wdja v1.5.1 - Cross-Site Scripting
|
name: shadoweb wdja v1.5.1 - Cross-Site Scripting
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: critical
|
||||||
description: "shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php."
|
description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/shadoweb/wdja/issues/1
|
- https://github.com/shadoweb/wdja/issues/1
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-20982
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-20982
|
||||||
|
@ -34,4 +34,8 @@ requests:
|
||||||
words:
|
words:
|
||||||
- 'text/html'
|
- 'text/html'
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
# Enhanced by mp on 2022/04/27
|
# Enhanced by mp on 2022/04/27
|
||||||
|
|
|
@ -15,7 +15,7 @@ info:
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2020-26876
|
cve-id: CVE-2020-26876
|
||||||
cwe-id: CWE-306
|
cwe-id: CWE-306
|
||||||
tags: wordpress,plugin
|
tags: cve,cve2020,wordpress,wp-plugin,exposure
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -25,16 +25,16 @@ requests:
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- "rest_post_invalid_id"
|
- "rest_post_invalid_id"
|
||||||
- "\"(guid|title|content|excerpt)\":{\"rendered\":"
|
- "\"(guid|title|content|excerpt)\":{\"rendered\":"
|
||||||
condition: or
|
condition: or
|
||||||
part: body
|
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
part: header
|
||||||
words:
|
words:
|
||||||
- "application/json"
|
- "application/json"
|
||||||
part: header
|
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
id: elementorpage-open-redirect
|
id: CVE-2021-24358
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
|
name: Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
|
||||||
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2021-24358
|
cve-id: CVE-2021-24358
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
tags: wordpress,redirect,wp-plugin,elementor,wp
|
tags: cve,cve2021,wordpress,redirect,wp-plugin,elementor,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
id: noptin-open-redirect
|
id: CVE-2021-25033
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Noptin < 1.6.5 - Open Redirect
|
name: Noptin < 1.6.5 - Open Redirect
|
||||||
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2021-25033
|
cve-id: CVE-2021-25033
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
tags: wordpress,redirect,wp-plugin,noptin,wp
|
tags: cve,cve2021,wordpress,redirect,wp-plugin,noptin,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -12,7 +12,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2021-25063
|
cve-id: CVE-2021-25063
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
tags: cve,cve2021wordpress,wp-plugin,xss,contactform,authenticated
|
tags: cve,cve2021,wordpress,wp-plugin,xss,contactform,authenticated
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2021-25120
|
cve-id: CVE-2021-25120
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
tags: wordpress,wp-plugin,xss,authenticated
|
tags: cve,cve2021,wordpress,wp-plugin,xss,authenticated
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -18,7 +18,7 @@ info:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: title:"Node-RED"
|
shodan-query: title:"Node-RED"
|
||||||
fofa-query: title="Node-RED"
|
fofa-query: title="Node-RED"
|
||||||
tags: cve,cve2020,node-red-dashboard,lfi
|
tags: cve,cve2021,node-red-dashboard,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2021-42071
|
cve-id: CVE-2021-42071
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
tags: visualtools,rce,oast,injection
|
tags: cve,cve2021,visualtools,rce,oast,injection
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
id: intercom
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Intercom widget detection
|
||||||
|
author: tess
|
||||||
|
severity: info
|
||||||
|
tags: intercom,tech
|
||||||
|
reference: https://www.intercom.com
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
redirects: true
|
||||||
|
max-redirects: 3
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'intercom'
|
|
@ -39,6 +39,7 @@ requests:
|
||||||
- '//\tinteract.sh/'
|
- '//\tinteract.sh/'
|
||||||
- '//interact.sh/%2F..'
|
- '//interact.sh/%2F..'
|
||||||
- '//interact.sh//'
|
- '//interact.sh//'
|
||||||
|
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
|
||||||
- '//interact.sh@//'
|
- '//interact.sh@//'
|
||||||
- '//interact.sh\tinteract.sh/'
|
- '//interact.sh\tinteract.sh/'
|
||||||
- '//https://interact.sh@//'
|
- '//https://interact.sh@//'
|
||||||
|
@ -119,4 +120,4 @@ requests:
|
||||||
- 302
|
- 302
|
||||||
- 307
|
- 307
|
||||||
- 308
|
- 308
|
||||||
condition: or
|
condition: or
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
id: new-user-approve-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: New User Approve < 2.4.1 - Reflected Cross-Site Scripting
|
||||||
|
author: Akincibor
|
||||||
|
severity: medium
|
||||||
|
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||||
|
reference:
|
||||||
|
- https://wpscan.com/vulnerability/17f99601-f5c9-4300-9b4a-6d75fa7ab94a
|
||||||
|
- https://wordpress.org/plugins/new-user-approve
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
tags: wp,wordpress,xss,authenticated,wp-plugin
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /wp-login.php HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Origin: {{RootURL}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
Cookie: wordpress_test_cookie=WP%20Cookie%20check
|
||||||
|
|
||||||
|
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /wp-admin/index.php?a%22%3E%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
cookie-reuse: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '?a"><script>alert(1)</script>&new-user-approve-settings'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- text/html
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: High
|
severity: High
|
||||||
description: Searches for sensitive directories present in the sym404.
|
description: Searches for sensitive directories present in the sym404.
|
||||||
|
reference:
|
||||||
|
- https://twitter.com/momika233/status/1540325055280070656
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
google-dork: inurl:"/wp-includes/sym404/"
|
google-dork: inurl:"/wp-includes/sym404/"
|
||||||
|
|
Loading…
Reference in New Issue