revert 9921dfc33c
parent
8a2ae08f84
commit
7fe3be43ea
|
@ -11,7 +11,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: fuzz,adminer,login,panel
|
||||
tags: fuzz,adminer,login
|
||||
|
||||
# <= 4.2.4 can have unauthenticated RCE via SQLite driver
|
||||
# <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
|
||||
|
|
|
@ -14,7 +14,7 @@ info:
|
|||
verified: true
|
||||
shodan-query: http.favicon.hash:-1961736892
|
||||
fofa-query: title="dzzoffice"
|
||||
tags: dzzoffice,install,panel
|
||||
tags: dzzoffice,install
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -12,7 +12,7 @@ info:
|
|||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Gryphon"
|
||||
tags: gryphon,router,panel
|
||||
tags: gryphon,router
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: laravel,filemanager,fileupload,panel
|
||||
tags: laravel,filemanager,fileupload
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: login,panel
|
||||
tags: login
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: openbmcs,detect,panel
|
||||
tags: openbmcs,detect
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: opencpu,oss,panel
|
||||
tags: opencpu,oss
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: title:"Login - SAP SuccessFactors"
|
||||
tags: sap,detect,panel
|
||||
tags: sap,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,idera,edb
|
||||
tags: paneil,idera,edb
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: ampps,softaculous,misconfig
|
||||
tags: panel,ampps,softaculous,misconfig
|
||||
metadata:
|
||||
max-request: 3
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference: https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
|
||||
tags: tomcat,apache,misconfig
|
||||
tags: panel,tomcat,apache,misconfig
|
||||
metadata:
|
||||
max-request: 6
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: title:"Dashboard - Bootstrap Admin Template"
|
||||
tags: bootstrap,misconfig
|
||||
tags: bootstrap,panel,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.html:"Command API Explorer"
|
||||
tags: misconfig
|
||||
tags: panel,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-284
|
||||
tags: openview,disclosure,misconfig
|
||||
tags: openview,disclosure,panel,misconfig
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ info:
|
|||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Dgraph Ratel Dashboard"
|
||||
tags: unauth,misconfig
|
||||
tags: unauth,panel,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56
|
||||
- https://github.com/leo-hildegarde/SnowDownKB/
|
||||
tags: servicenow,misconfig
|
||||
tags: servicenow
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ info:
|
|||
verified: true
|
||||
shodan-query: http.title:"AVideo"
|
||||
fofa-query: "AVideo"
|
||||
tags: install,avideo,misconfig
|
||||
tags: panel,install,avideo,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: title:"- setup" html:"Modem setup"
|
||||
tags: scada,circontrol,circarlife,setup,installer,misconfig
|
||||
tags: scada,circontrol,circarlife,setup,panel,installer,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.title:"mcloud-installer-web"
|
||||
tags: mcloud,misconfig
|
||||
tags: panel,mcloud,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: title:"OpenShift Assisted Installer"
|
||||
tags: openshift,cluster,misconfig
|
||||
tags: panel,openshift,cluster,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 4
|
||||
verified: true
|
||||
shodan-query: title:"Zenphoto install"
|
||||
tags: zenphoto,setup,installer,misconfig
|
||||
tags: panel,zenphoto,setup,installer
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -14,7 +14,7 @@ info:
|
|||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: http.title:"IoT vDME Simulator"
|
||||
tags: misconfig
|
||||
tags: misconfig,panel
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: A Docker container misconfiguration was discovered. The Docker daemon can listen for Docker Engine API requests via three different types of Socket - unix, tcp, and fd. With tcp enabled, the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon. It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon.
|
||||
reference:
|
||||
- https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/attacking-docker-containers/misconfiguration.html
|
||||
tags: docker,unauth,devops,misconfig
|
||||
tags: docker,unauth,devops
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
tags: nomad,devops,hashicorp,misconfig
|
||||
tags: nomad,devops,hashicorp,panel,misconfig
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.title:"OneinStack"
|
||||
tags: misconfig,oneinstack
|
||||
tags: misconfig,panel,oneinstack
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: title:"PgHero"
|
||||
tags: pghero,misconfig
|
||||
tags: panel,pghero,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -8,7 +8,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-1373456171
|
||||
tags: setup,github,misconfig
|
||||
tags: panel,setup,github,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: html:"Struts Problem Report"
|
||||
tags: apache,struts,ognl,misconfig
|
||||
tags: apache,struts,ognl,panel,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/
|
||||
- https://www.bamsoftware.com/computers/sniproxy/
|
||||
tags: ssrf,oast,tls,sni,proxy,misconfig
|
||||
tags: ssrf,oast,tls,sni,proxy
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-1117549627
|
||||
tags: fastvue,unauth,misconfig
|
||||
tags: panel,fastvue,unauth,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: qlkwej
|
||||
severity: medium
|
||||
description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive information disclosure
|
||||
tags: unauth,misconfig
|
||||
tags: unauth
|
||||
metadata:
|
||||
max-request: 4
|
||||
|
||||
|
|
Loading…
Reference in New Issue