daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into Add-Tengine

patch-1
Ritik Chaddha 2023-01-23 14:30:10 +05:30 committed by GitHub
parent e48a8f2e1c 304e7115a7
commit 891cd9193b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 145 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/auto_assign.yml vendored
View File

@ -9,7 +9,6 @@ reviewers:
- ritikchaddha
- DhiyaneshGeek
- pussycat0x
- princechaddha
# A number of reviewers added to the pull request
# Set 0 to add all the reviewers (default: 0)
@ -17,9 +16,9 @@ numberOfReviewers: 1
# A list of assignees, overrides reviewers if set
assignees:
- ritikchaddha
- DhiyaneshGeek
- pussycat0x
- ritikchaddha
# A number of assignees to add to the pull request
# Set to 0 to add all of the assignees.

65
.new-additions
View File

@ -1,62 +1,3 @@
.github/scripts/yaml2json.go
cves/2010/CVE-2010-1429.yaml
cves/2017/CVE-2017-11165.yaml
cves/2018/CVE-2018-11227.yaml
cves/2018/CVE-2018-11473.yaml
cves/2018/CVE-2018-16979.yaml
cves/2020/CVE-2020-23697.yaml
cves/2022/CVE-2022-0234.yaml
cves/2022/CVE-2022-21587.yaml
cves/2022/CVE-2022-28117.yaml
cves/2022/CVE-2022-29153.yaml
cves/2022/CVE-2022-36537.yaml
cves/2022/CVE-2022-44877.yaml
cves/2022/CVE-2022-47945.yaml
cves/2022/CVE-2022-47966.yaml
default-logins/empire/empirec2-default-login.yaml
exposed-panels/episerver-panel.yaml
exposed-panels/freepbx-administration-panel.yaml
exposed-panels/ldap-account-manager-panel.yaml
exposed-panels/machform-admin-panel.yaml
exposed-panels/modoboa-panel.yaml
exposed-panels/monstra-admin-panel.yaml
exposed-panels/mylittleadmin-panel.yaml
exposed-panels/mylittlebackup-panel.yaml
exposed-panels/saltgui-panel.yaml
exposed-panels/sap-cloud-analytics.yaml
exposed-panels/sap-successfactors-detect.yaml
exposed-panels/storybook-panel.yaml
exposed-panels/tooljet-panel.yaml
exposures/backups/froxlor-database-backup.yaml
exposures/configs/ovpn-config-exposed.yaml
exposures/tokens/amazon/aws-access-secret-key.yaml
file/keys/stackhawk-api-key.yaml
iot/snapdrop-detect.yaml
misconfiguration/aem/aem-childrenlist-xss.yaml
misconfiguration/apache/kafka-manager-unauth.yaml
misconfiguration/installer/impresspages-installer.yaml
misconfiguration/installer/monstra-installer.yaml
misconfiguration/installer/orangehrm-installer.yaml
misconfiguration/installer/pmm-installer.yaml
misconfiguration/mobiproxy-dashboard.yaml
misconfiguration/ntopng-traffic-dashboard.yaml
misconfiguration/phpcli-stack-trace.yaml
misconfiguration/springboot/spring-eureka.yaml
misconfiguration/unauth-ldap-account-manager.yaml
misconfiguration/webdav-enabled.yaml
technologies/citrix-hypervisor-page.yaml
technologies/dash-panel-detect.yaml
technologies/default-cakephp-page.yaml
technologies/default-runcloud-page.yaml
technologies/default-symfony-page.yaml
technologies/default-tengine-page.yaml
technologies/lucy-admin-panel.yaml
technologies/monstracms-detect.yaml
technologies/ntop-detect.yaml
technologies/rsshub-detect.yaml
technologies/wordpress/plugins/otter-blocks.yaml
technologies/wordpress/plugins/webp-express.yaml
technologies/xerox-workcentre-detect.yaml
token-spray/api-ipdata.yaml
token-spray/api-ipinfo.yaml
vulnerabilities/froxlor-xss.yaml
cves/2022/CVE-2022-1168.yaml
vulnerabilities/other/sound4-file-disclosure.yaml
"\342\200\216\342\200\216misconfiguration/sound4-directory-listing.yaml"

2
cves/2017/CVE-2017-7615.yaml
View File

@ -18,7 +18,7 @@ info:
- http://www.openwall.com/lists/oss-security/2017/04/16/2
- https://nvd.nist.gov/vuln/detail/CVE-2017-7615
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2017-7615
cwe-id: CWE-640

2
cves/2018/CVE-2018-17431.yaml
View File

@ -11,7 +11,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2018-17431
- https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-17431
cwe-id: CWE-287

6
cves/2018/CVE-2018-19365.yaml
View File

@ -3,15 +3,15 @@ id: CVE-2018-19365
info:
name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
author: 0x_Akoko
severity: high
severity: critical
description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.
reference:
- https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html
- https://www.cvedetails.com/cve/CVE-2018-19365
- https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
cvss-score: 9.1
cve-id: CVE-2018-19365
cwe-id: CWE-22
tags: cve,cve2018,wowza,lfi

13
cves/2019/CVE-2019-15501.yaml
View File

@ -2,9 +2,10 @@ id: CVE-2019-15501
info:
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
author: LogicalHunter
author: LogicalHunter,arafatansari
severity: medium
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
description: |
L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
reference:
- https://www.exploit-db.com/exploits/47302
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
@ -14,6 +15,9 @@ info:
cvss-score: 6.1
cve-id: CVE-2019-15501
cwe-id: CWE-79
metadata:
shodan-query: http.html:"LISTSERV"
verified: "true"
tags: cve,cve2019,xss,listserv,edb
requests:
@ -24,9 +28,12 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- '</script><script>alert(document.domain)</script>'
part: body
- 'LISTSERV'
condition: and
case-insensitive: true
- type: word
part: header

44
cves/2022/CVE-2022-1168.yaml Normal file
View File

@ -0,0 +1,44 @@
id: CVE-2022-1168
info:
name: JobSearch < 1.5.1 - Cross-Site Scripting
author: Akincibor
severity: medium
description: |
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.
reference:
- https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490
- https://nvd.nist.gov/vuln/detail/CVE-2022-1168
- https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1168
cwe-id: CWE-79
metadata:
google-dork: inurl:"wp-content/plugins/wp-jobsearch"
verified: "true"
tags: wp-jobsearch",wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss
requests:
- method: GET
path:
- '{{BaseURL}}/plugins/jobsearch/?search_title=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28domain%29%3E&ajax_filter=true&posted=all&sort-by=recent'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<img src=x onerror=alert(domain)>"
- "wp-jobsearch"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 404

2
helpers/wordpress/plugins/redirection.txt
View File

@ -1 +1 @@
5.3.6
5.3.8

2
helpers/wordpress/plugins/wp-user-avatar.txt
View File

@ -1 +1 @@
4.5.4
4.5.5

6
technologies/fingerprinthub-web-fingerprints.yaml
View File

@ -15102,4 +15102,10 @@ requests:
words:
- "Server: OpenBSD httpd"
- type: word
name: Hunchentoot
part: header
words:
- "Server: Hunchentoot"
# Enhanced by cs on 2022/02/08

12
technologies/tech-detect.yaml
View File

@ -3681,3 +3681,15 @@ requests:
part: server
words:
- "Tengine"
- type: word
name: tornado
part: header
words:
- "TornadoServer/"
- type: word
name: uvicorn
part: server
words:
- "uvicorn"

30
vulnerabilities/other/sound4-file-disclosure.yaml Normal file
View File

@ -0,0 +1,30 @@
id: sound4-file-disclosure
info:
name: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure
author: arafatansari
severity: medium
description: |
The application suffers from an unauthenticated file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
reference:
- https://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.html
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.php
metadata:
shodan-query: http.html:"SOUND4"
verified: "true"
tags: packetstorm,lfi,sound4,unauth,disclosure
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/loghandler.php?ajax=251&file=/mnt/old-root/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

32
‎‎misconfiguration/sound4-directory-listing.yaml Normal file
View File

@ -0,0 +1,32 @@
id: sound4-directory-listing
info:
name: SOUND4 Impact/Pulse/First/Eco <=2.x - Information Disclosure
author: arafatansari
severity: medium
description: |
The application is vulnerable to sensitive directory indexing / information disclosure vulnerability. An unauthenticated attacker can visit the log directory and disclose the server's log files containing sensitive and system information.
reference:
- https://packetstormsecurity.com/files/170259/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Information-Disclosure.html
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5732.php
metadata:
verified: true
shodan-query: http.html:"SOUND4"
tags: misconfig,listing,sound4,disclosure,packetstorm
requests:
- method: GET
path:
- "{{BaseURL}}/log/"
matchers-condition: and
matchers:
- type: word
words:
- "<title>Index of /log</title>"
- "Parent Directory"
condition: and
- type: status
status:
- 200