From 8c3f98c767ebdeaa47a9251d7e478d093b4f0460 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 30 Oct 2021 16:47:35 +0530 Subject: [PATCH] fixed invalid template syntax --- cves/2018/CVE-2018-10818.yaml | 2 +- cves/2018/CVE-2018-9845.yaml | 2 +- cves/2021/CVE-2021-35336.yaml | 2 +- exposures/configs/exposed-authentication-asmx.yaml | 2 +- file/electron/electron-version-detect.yaml | 2 +- takeovers/wix-takeover.yaml | 1 + ...fault-asp.net-page.yaml => default-asp-net-page.yaml} | 5 +++-- ...fastjson-1.2.24-rce.yaml => fastjson-1-2-24-rce.yaml} | 2 +- ...fastjson-1.2.41-rce.yaml => fastjson-1-2-41-rce.yaml} | 2 +- ...fastjson-1.2.42-rce.yaml => fastjson-1-2-42-rce.yaml} | 2 +- ...fastjson-1.2.43-rce.yaml => fastjson-1-2-43-rce.yaml} | 2 +- ...fastjson-1.2.47-rce.yaml => fastjson-1-2-47-rce.yaml} | 2 +- ...fastjson-1.2.62-rce.yaml => fastjson-1-2-62-rce.yaml} | 2 +- ...fastjson-1.2.67-rce.yaml => fastjson-1-2-67-rce.yaml} | 2 +- ...fastjson-1.2.68-rce.yaml => fastjson-1-2-68-rce.yaml} | 2 +- vulnerabilities/other/nuuo-file-inclusion.yaml | 9 ++++++--- vulnerabilities/other/spark-webui-unauth.yaml | 2 +- 17 files changed, 24 insertions(+), 19 deletions(-) rename technologies/{default-asp.net-page.yaml => default-asp-net-page.yaml} (93%) rename vulnerabilities/fastjson/{fastjson-1.2.24-rce.yaml => fastjson-1-2-24-rce.yaml} (96%) rename vulnerabilities/fastjson/{fastjson-1.2.41-rce.yaml => fastjson-1-2-41-rce.yaml} (95%) rename vulnerabilities/fastjson/{fastjson-1.2.42-rce.yaml => fastjson-1-2-42-rce.yaml} (95%) rename vulnerabilities/fastjson/{fastjson-1.2.43-rce.yaml => fastjson-1-2-43-rce.yaml} (95%) rename vulnerabilities/fastjson/{fastjson-1.2.47-rce.yaml => fastjson-1-2-47-rce.yaml} (96%) rename vulnerabilities/fastjson/{fastjson-1.2.62-rce.yaml => fastjson-1-2-62-rce.yaml} (95%) rename vulnerabilities/fastjson/{fastjson-1.2.67-rce.yaml => fastjson-1-2-67-rce.yaml} (95%) rename vulnerabilities/fastjson/{fastjson-1.2.68-rce.yaml => fastjson-1-2-68-rce.yaml} (97%) diff --git a/cves/2018/CVE-2018-10818.yaml b/cves/2018/CVE-2018-10818.yaml index 154d5bc397..f4982c8731 100644 --- a/cves/2018/CVE-2018-10818.yaml +++ b/cves/2018/CVE-2018-10818.yaml @@ -1,4 +1,4 @@ -id: CVE-2018–10818 +id: CVE-2018-10818 info: name: LG NAS Devices - Remote Code Execution (Unauthenticated) diff --git a/cves/2018/CVE-2018-9845.yaml b/cves/2018/CVE-2018-9845.yaml index 9b9b600503..3aff165b1f 100644 --- a/cves/2018/CVE-2018-9845.yaml +++ b/cves/2018/CVE-2018-9845.yaml @@ -1,4 +1,4 @@ -id: CVE-2018–9845 +id: CVE-2018-9845 info: name: Etherpad Lite before 1.6.4 is exploitable for admin access. diff --git a/cves/2021/CVE-2021-35336.yaml b/cves/2021/CVE-2021-35336.yaml index 6fdac1d2be..e7d6aa88bd 100644 --- a/cves/2021/CVE-2021-35336.yaml +++ b/cves/2021/CVE-2021-35336.yaml @@ -1,4 +1,4 @@ -id: CVE-2021–35336 +id: CVE-2021-35336 info: name: Unauthorised Remote Access of Internal Panel diff --git a/exposures/configs/exposed-authentication-asmx.yaml b/exposures/configs/exposed-authentication-asmx.yaml index 74d554612b..768f731057 100644 --- a/exposures/configs/exposed-authentication-asmx.yaml +++ b/exposures/configs/exposed-authentication-asmx.yaml @@ -1,4 +1,4 @@ -id: exposed-authentication.asmx +id: exposed-authentication-asmx info: name: Exposed Authentication.asmx diff --git a/file/electron/electron-version-detect.yaml b/file/electron/electron-version-detect.yaml index d5276b5cc7..26392dc930 100644 --- a/file/electron/electron-version-detect.yaml +++ b/file/electron/electron-version-detect.yaml @@ -1,4 +1,4 @@ -id: electron-version-detect.yaml +id: electron-version-detect info: name: Electron Version Detect diff --git a/takeovers/wix-takeover.yaml b/takeovers/wix-takeover.yaml index 854916610d..d5f320f4f6 100644 --- a/takeovers/wix-takeover.yaml +++ b/takeovers/wix-takeover.yaml @@ -1,6 +1,7 @@ id: wix-takeover info: + name: Wix Takeover Detection author: harshinsecurity,philippedelteil description: This subdomain take over would only work on an edge case when the account was deleted. You will need a premium account (~ US$7) to test the take over. severity: high diff --git a/technologies/default-asp.net-page.yaml b/technologies/default-asp-net-page.yaml similarity index 93% rename from technologies/default-asp.net-page.yaml rename to technologies/default-asp-net-page.yaml index 8aaa46e76f..9a0ff60ee2 100644 --- a/technologies/default-asp.net-page.yaml +++ b/technologies/default-asp-net-page.yaml @@ -1,4 +1,4 @@ -id: default-asp.net-page +id: default-asp-net-page info: name: ASP.Net Test Page @@ -11,8 +11,9 @@ requests: - method: GET path: - '{{BaseURL}}' + matchers: - type: word + part: body words: - "Home Page - My ASP.NET Application" - part: body diff --git a/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-24-rce.yaml similarity index 96% rename from vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-24-rce.yaml index b914c4b0e3..9a4ba92243 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-24-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.24-rce +id: fastjson-1-2-24-rce info: name: Fastjson 1.2.24 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-41-rce.yaml similarity index 95% rename from vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-41-rce.yaml index 84843c7c35..3564ca14eb 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-41-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.41-rce +id: fastjson-1-2-41-rce info: name: Fastjson 1.2.41 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-42-rce.yaml similarity index 95% rename from vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-42-rce.yaml index a6146589d3..6ea56f483d 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-42-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.42-rce +id: fastjson-1-2-42-rce info: name: Fastjson 1.2.42 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-43-rce.yaml similarity index 95% rename from vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-43-rce.yaml index 98c915edeb..4a30340ea2 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-43-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.43-rce +id: fastjson-1-2-43-rce info: name: Fastjson 1.2.43 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-47-rce.yaml similarity index 96% rename from vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-47-rce.yaml index 1c8990b146..3336b0ec72 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-47-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.47-rce +id: fastjson-1-2-47-rce info: name: Fastjson 1.2.47 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-62-rce.yaml similarity index 95% rename from vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-62-rce.yaml index 236712a7b8..7f16ccb998 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-62-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.62-rce +id: fastjson-1-2-62-rce info: name: Fastjson 1.2.62 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-67-rce.yaml similarity index 95% rename from vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-67-rce.yaml index 326f2fb9ff..0720680d36 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-67-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.67-rce +id: fastjson-1-2-67-rce info: name: Fastjson 1.2.67 Deserialization RCE diff --git a/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml b/vulnerabilities/fastjson/fastjson-1-2-68-rce.yaml similarity index 97% rename from vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml rename to vulnerabilities/fastjson/fastjson-1-2-68-rce.yaml index 64d91e3be9..0779215459 100644 --- a/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml +++ b/vulnerabilities/fastjson/fastjson-1-2-68-rce.yaml @@ -1,4 +1,4 @@ -id: fastjson-1.2.68-rce +id: fastjson-1-2-68-rce info: name: Fastjson 1.2.68 Deserialization RCE diff --git a/vulnerabilities/other/nuuo-file-inclusion.yaml b/vulnerabilities/other/nuuo-file-inclusion.yaml index 65c7e3c5cf..0cfcc394fe 100644 --- a/vulnerabilities/other/nuuo-file-inclusion.yaml +++ b/vulnerabilities/other/nuuo-file-inclusion.yaml @@ -1,4 +1,5 @@ -id: nuuo-file-inclusion.yaml +id: nuuo-file-inclusion + info: name: NUUO NVRmini 2 3.0.8 Local File Disclosure author: princechaddha @@ -14,13 +15,15 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - "$_GET['css']" - part: body + - type: word + part: header words: - "text/css" - part: header + - type: status status: - 200 diff --git a/vulnerabilities/other/spark-webui-unauth.yaml b/vulnerabilities/other/spark-webui-unauth.yaml index bd4e737908..fdc11f53c8 100644 --- a/vulnerabilities/other/spark-webui-unauth.yaml +++ b/vulnerabilities/other/spark-webui-unauth.yaml @@ -1,4 +1,4 @@ -id: spark-webui-unauth.yaml +id: spark-webui-unauth info: name: Unauthenticated Spark WebUI author: princechaddha