daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Text Enhancements (#3948) 

Dashboard content enhancements
patch-1
MostInterestingBotInTheWorld 2022-03-21 23:48:47 -04:00 committed by GitHub
parent aa2609f924
commit 9663595dd1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
39 changed files with 394 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cnvd/2021/CNVD-2021-15822.yaml
View File

@ -23,3 +23,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/17

13
misconfiguration/horde-unauthenticated.yaml → cves/2005/CVE-2005-3344.yaml
View File

@ -1,10 +1,17 @@
id: horde-unauthenticated
id: CVE-2005-3344
info:
name: Horde Groupware Unauthenticated
name: Horde Groupware Unauthenticated Admin Access
author: pikpikcu
severity: critical
description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
tags: horde,unauth
remediation:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3344
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344
classification:
cve-id: CVE-2005-3344
requests:
- method: GET
@ -25,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/18

3
cves/2010/CVE-2010-1870.yaml
View File

@ -5,7 +5,6 @@ info:
author: b0yd
severity: info
description: A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.
remediation: Update to the most recent version of ListSERV Maestro.
reference:
- https://www.securifera.com/advisories/sec-2020-0001/
- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
@ -30,4 +29,4 @@ requests:
- 'Administration Hub 9\.0-[123456780]'
- 'Administration Hub [5678]'
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/03/20

10
cves/2010/CVE-2010-1873.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2010-1873
info:
name: Joomla! Component Jvehicles - Local File Inclusion
name: Joomla! Component Jvehicles SQL Injection
author: daffainfo
severity: high
description: A SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php.
remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/11997
- https://www.cvedetails.com/cve/CVE-2010-1873
tags: cve,cve2010,joomla,lfi
tags: cve,cve2010,joomla,lfi,sql-injection
classification:
cve-id: CVE-2010-1873
requests:
- method: GET
path:
@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/03/20

2
cves/2021/CVE-2021-40542.yaml
View File

@ -36,4 +36,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/03/16
# Enhanced by mp on 2022/03/18

12
exposed-panels/acunetix-panel.yaml
View File

@ -1,10 +1,18 @@
id: acunetix-panel-detect
info:
name: Acunetix Panel detector
name: Acunetix Login Panel
author: joanbono
severity: info
description: An Acunetix login panel was detected.
tags: panel
reference:
- https://www.acunetix.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

14
exposed-panels/adiscon-loganalyzer.yaml
View File

@ -1,12 +1,18 @@
id: adiscon-loganalyzer
info:
name: Detect exposed Adiscon LogAnalyzer
name: Adiscon LogAnalyzer Detection
author: geeknik
severity: high
description: Adiscon LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing, analysis of realtime network events and reporting services.
reference: https://loganalyzer.adiscon.com/
description: Adiscon LogAnalyzer was discovered. Adiscon LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing and analysis of real-time network events and reporting services.
reference:
- https://loganalyzer.adiscon.com/
tags: adiscon,loganalyzer,syslog,exposures
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -32,3 +38,5 @@ requests:
part: header
words:
- 'text/html'
# Enhanced by mp on 2022/03/20

30
exposed-panels/adminer-panel.yaml
View File

@ -1,15 +1,23 @@
id: adminer-panel
info:
name: Adminer Login panel
author: random_robbie,meme-lord
severity: info
reference: https://blog.sorcery.ie/posts/adminer/
tags: panel,adminer,login
# <= 4.2.4 can have unauthenticated RCE via SQLite driver
# <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
# Most versions have some kind of SSRF usability
# Is generally handy if you find SQL creds
info:
name: Adminer Login Panel
author: random_robbie,meme-lord
description: An Adminer login panel was detected.
severity: info
reference:
- https://blog.sorcery.ie/posts/adminer/
tags: panel,adminer,login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
# <= 4.2.4 can have unauthenticated RCE via SQLite driver
# <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
# Most versions have some kind of SSRF usability
# Is generally handy if you find SQL creds
requests:
- method: GET
@ -43,3 +51,5 @@ requests:
group: 1
regex:
- '<span class="version">([0-9.]+)'
# Enhanced by mp on 2022/03/20

13
exposed-panels/adminset-panel.yaml
View File

@ -1,13 +1,20 @@
id: adminset-panel
info:
name: Adminset Panel
name: Adminset Login Panel
author: ffffffff0x
severity: info
description: An Adminset login panel was detected.
metadata:
fofa-query: app="AdminSet"
vendor: https://github.com/guhongze/adminset/
reference:
- https://github.com/guhongze/adminset/
tags: adminset,panel
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -26,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

17
exposed-panels/adobe/adobe-component-login.yaml
View File

@ -1,11 +1,18 @@
id: adobe-component-login
id: adobe-coldfusion-login
info:
name: Adobe Component Browser Login
name: Adobe ColdFusion Component Browser Login Panel
author: dhiyaneshDK
description: An Adobe ColdFusion Component Browser login panel was detected.
severity: info
reference: https://www.exploit-db.com/ghdb/6846
tags: panel,adobe
reference:
- https://www.exploit-db.com/ghdb/6846
tags: panel,adobe,coldfusion
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

14
exposed-panels/adobe/adobe-connect-central-login.yaml
View File

@ -1,10 +1,18 @@
id: adobe-connect-central-login
info:
name: Adobe Connect Central Login
name: Adobe Connect Central Login Panel
author: dhiyaneshDk
description: An Adobe Connect Central login panel was detected.
severity: info
tags: adobe,panel
tags: adobe,panel,connect-central
reference:
- https://www.adobe.com/products/adobeconnect.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

14
exposed-panels/adobe/adobe-experience-manager-login.yaml
View File

@ -1,11 +1,19 @@
id: adobe-experience-manager-login
info:
name: Adobe-Experience-Manager
name: Adobe Experience Manager Login Panel
author: dhiyaneshDK
description: An Adobe Experience Manager login panel was detected.
severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22AEM+Sign+In%22
reference:
- https://www.shodan.io/search?query=http.title%3A%22AEM+Sign+In%22
- https://business.adobe.com/products/experience-manager/adobe-experience-manager.html
tags: panel,aem,adobe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

14
exposed-panels/adobe/adobe-media-server.yaml
View File

@ -1,11 +1,19 @@
id: adobe-media-server
info:
name: Adobe Media Server
name: Adobe Media Server Login Panel
author: dhiyaneshDK
description: An Adobe Media Server login panel was detected.
severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22Adobe+Media+Server%22
reference:
- https://www.shodan.io/search?query=http.title%3A%22Adobe+Media+Server%22
- https://helpx.adobe.com/support/adobe-media-server.html
tags: panel,adobe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

16
exposed-panels/advance-setup.yaml
View File

@ -1,11 +1,19 @@
id: advance-setup-login
id: advanced-setup-login
info:
name: Advance Setup Login
name: ActionTec Modem Advanced Setup Login Panel
author: dhiyaneshDK
description: An ActionTec Modem Advanced Setup login panel was detected.
severity: info
reference: https://www.exploit-db.com/ghdb/6819
reference:
- https://www.exploit-db.com/ghdb/6819
- https://www.actiontec.com/dsl/
tags: panel,setup
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -20,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

11
exposed-panels/aerohive-netconfig-ui.yaml
View File

@ -1,11 +1,20 @@
id: aerohive-netconfig-ui
info:
name: Aerohive NetConfig UI
author: pussycat0x
severity: info
description: An Aerohive NetConfig user interface was detected. The NetConfig UI provides a fundamental set of configurations for configuring basic network and HiveManager connectivity settings, and uploading new IQ Engine images to Extreme Networks APs.
reference:
- https://docs.aerohive.com/330000/docs/help/english/ng/Content/reference/docs/online-help-systems.htm
metadata:
shodan-dork: 'http.title:"Aerohive NetConfig UI"'
tags: panel,tech,hiveos,aerohive
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -29,3 +38,5 @@ requests:
group: 1
regex:
- 'version" align="right" valign="bottom">([0-9.a-z]+)<\/td>'
# Enhanced by mp on 2022/03/21

10
exposed-panels/aims-password-mgmt-client.yaml
View File

@ -3,8 +3,16 @@ id: aims-password-mgmt-client
info:
name: Aims Password Management Client Detect
author: iamthefrogy
description: An Aims Password management client was detected.
severity: info
tags: panel,aims
reference:
- https://www.avatier.com/products/identity-management/password-management/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -15,3 +23,5 @@ requests:
- type: word
words:
- "Avatier Corporation"
# Enhanced by mp on 2022/03/21

3
exposed-panels/aims-password-portal.yaml
View File

@ -7,6 +7,7 @@ info:
description: An AIMS Password Management portal was discovered.
reference:
- https://www.exploit-db.com/ghdb/6576
- https://www.avatier.com/products/identity-management/password-management/
tags: panel,aims
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
@ -28,4 +29,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/03/16
# Enhanced by mp on 2022/03/21

6
exposed-panels/airflow-panel.yaml
View File

@ -1,4 +1,4 @@
id: airflow-panel
id: airflow-admin-login-panel
info:
name: Apache Airflow Admin Login Panel
@ -7,7 +7,7 @@ info:
description: An Apache Airflow admin login panel was discovered.
reference:
- https://airflow.apache.org/docs/apache-airflow/stable/security/webserver.html
tags: panel,apache,airflow
tags: panel,apache,airflow,admin
metadata:
shodan-query: title:"Sign In - Airflow"
classification:
@ -35,4 +35,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/03/16
# Enhanced by mp on 2022/03/21

12
exposed-panels/apache/tomcat-pathnormalization.yaml
View File

@ -4,8 +4,16 @@ info:
name: Tomcat Manager Path Normalization
author: organiccrap
severity: info
reference: https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
description: A Tomcat Manager login panel was discovered via path normalization. Normalizing a path involves modifying the string that identifies a path or file so that it conforms to a valid path on the target operating system.
reference:
- https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/mitigation-path-normalization
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
tags: panel,tomcat,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -26,3 +34,5 @@ requests:
status:
- 403
- 401
# Enhanced by mp on 2022/03/17

13
exposed-panels/apiman-panel.yaml
View File

@ -1,11 +1,18 @@
id: apiman-panel
info:
name: Apiman Instance Detection Template
name: Apiman Login Panel
author: righettod
severity: info
description: Try to detect the presence of a Apiman instance via the login redirection
description: An Apiman instance was detected via the login redirection.
tags: panel,apiman
reference:
- https://www.apiman.io/latest/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -22,3 +29,5 @@ requests:
- type: status
status:
- 302
# Enhanced by mp on 2022/03/18

10
exposed-panels/arcgis/arcgis-panel.yaml
View File

@ -5,6 +5,14 @@ info:
author: Podalirius
severity: info
tags: docs,arcgis,cms,panel
description: An ArcGIS instance was discovered.
reference:
- https://enterprise.arcgis.com/en/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -35,3 +43,5 @@ requests:
group: 2
regex:
- '(Released Version:</strong>[\n\t ]+(([0-9]+(.[0-9]+)?(.[0-9]+)?)([\n\t ]+\([A-Za-z]+[\t ]+20[0-9][0-9]\))?))'
# Enhanced by mp on 2022/03/20

12
exposed-panels/arcgis/arcgis-rest-api.yaml
View File

@ -1,10 +1,18 @@
id: arcgis-rest-api
info:
name: ArcGIS exposed docs
name: ArcGIS Exposed Docs
author: Podalirius
severity: info
description: ArcGIS documents were discovered.
tags: api,arcgis,cms
reference:
- https://enterprise.arcgis.com/en/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -20,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

11
exposed-panels/argocd-login.yaml
View File

@ -4,10 +4,17 @@ info:
name: Argo CD Login Panel
author: Adam Crosser,daffainfo
severity: info
description: Argo CD is a tool which will read your environment configuration (written either as a helm chart, kustomize files, jsonnet or plain yaml files) from your git repository and apply it to your Kubernetes namespaces.
description: An Argo CD login panel was discovered.
reference:
- https://argoproj.github.io/cd/
metadata:
shodan-query: http.title:"Argo CD"
tags: panel,argocd,login,kubernetes
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -24,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

12
exposed-panels/atlassian-crowd-panel.yaml
View File

@ -1,10 +1,18 @@
id: atlassian-crowd-panel
info:
name: Atlassian Crowd panel detect
name: Atlassian Crowd Login Panel
author: organiccrap
description: An Atlassian Crowd login panel was discovered.
reference:
- https://www.atlassian.com/
severity: info
tags: panel,atlassian
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -16,3 +24,5 @@ requests:
words:
- <title>Atlassian Crowd - Login</title>
part: body
# Enhanced by mp on 2022/03/20

11
exposed-panels/atvise-login.yaml
View File

@ -1,13 +1,18 @@
id: atvise-login
info:
name: Atvise Login panel
name: Atvise Login Panel
author: idealphase
severity: info
description: atvise is leading visualization and control center solutions based on pure web technology
description: An Atvise login panel was discovered. Atvise is a leading visualization and control center solutions based on pure web technology.
reference:
- https://www.exploit-db.com/ghdb/7837
- https://www.atvise.com/en
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
metadata:
google-dork: intitle:"atvise - next generation"
tags: panel,atvise
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

10
exposed-panels/avantfax-panel.yaml
View File

@ -4,9 +4,17 @@ info:
name: AvantFAX Login Panel
author: pikpikcu,daffainfo
severity: info
description: An AvantFAX login panel was discovered.
reference:
- http://www.avantfax.com/
metadata:
shodan-query: http.title:"AvantFAX - Login"
tags: panel,avantfax,login
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -30,3 +38,5 @@ requests:
group: 1
regex:
- '<p align="center">([0-9.]+)<\/p>'
# Enhanced by mp on 2022/03/20

11
exposed-panels/avatier-password-management.yaml
View File

@ -4,10 +4,17 @@ info:
name: Avatier Password Management Panel Detect
author: praetorian-thendrickson
severity: info
reference: https://www.avatier.com
description: An Avatier password management panel was detected.
reference:
- https://www.avatier.com
metadata:
shodan-query: http.favicon.hash:983734701
tags: panel,avatier
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -21,3 +28,5 @@ requests:
- 'LabelWelcomeToPS'
- 'Avatier Corporation'
condition: and
# Enhanced by mp on 2022/03/20

15
exposed-panels/axigen-webadmin.yaml
View File

@ -1,15 +1,20 @@
id: axigen-webadmin
info:
name: Axigen Web Admin
name: Axigen Web Admin Detection
author: dhiyaneshDk
severity: info
description: This template determines if Axigen Web Admin is running.
description: An Axigen Web Admin panel was discovered.
reference:
- https://www.axigen.com/
metadata:
shodan-query: 'http.title:"Axigen WebAdmin"'
shodan-query: 'http.title:"Axigen WebAdmin"'
tags: axigen,panel
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -20,10 +25,10 @@ requests:
matchers:
- type: word
words:
- '<title>Axigen WebAdmin</title>'
- '<title>Axigen WebAdmin</title>'
- type: status
status:
- 200
# Enhanced by cs on 2022/02/25
# Enhanced by mp on 2022/03/20

11
exposed-panels/axigen-webmail.yaml
View File

@ -1,15 +1,20 @@
id: axigen-webmail
info:
name: Axigen WebMail
name: Axigen WebMail PanelDetection
author: dhiyaneshDk,idealphase
severity: info
description: This template determines if Axigen Webmail is running.
description: An Axigen webmail panel was discovered.
reference:
- https://www.axigen.com/
metadata:
shodan-query: 'http.title:"Axigen WebMail"'
tags: axigen,panel
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -34,3 +39,5 @@ requests:
part: body
regex:
- '<script type="text\/javascript" src="js\/lib_login\.js\?v=(.+)"><\/script>'
# Enhanced by mp on 2022/03/20

12
exposed-panels/azkaban-web-client.yaml
View File

@ -3,9 +3,17 @@ id: azkaban-web-client
info:
name: Azkaban Web Client
author: dhiyaneshDK
description: An Azkaban web client panel was discovered.
severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22
reference:
- https://azkaban.github.io/
- https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22
tags: panel,azkaban
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -20,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/20

7
exposed-panels/concrete5/concrete5-install.yaml
View File

@ -1,9 +1,12 @@
id: concrete5-install
info:
name: Concrete5 Install Panel
author: osamahamad,princechaddha
severity: critical
reference: https://documentation.concretecms.org/developers/introduction/installing-concrete-cms
description: A Concrete5 installation panel was discovered.
reference:
- https://documentation.concretecms.org/developers/introduction/installing-concrete-cms
metadata:
shodan-query: http.title:"Install concrete5"
tags: panel,concrete,cms
@ -31,3 +34,5 @@ requests:
group: 1
regex:
- 'Version ([0-9.]+)'
# Enhanced by mp on 2022/03/21

10
exposures/tokens/digitalocean/tugboat-config-exposure.yaml
View File

@ -1,9 +1,11 @@
id: tugboat-config-exposure
info:
name: Tugboat configuration file exposure
description: Tugboat is a command line tool for interacting with your DigitalOcean droplets.
reference: https://github.com/petems/tugboat
name: Tugboat Configuration File Exposure
description: A Tugboat configuration file was discovered. Tugboat is a command line tool for interacting with DigitalOcean droplets.
reference:
- https://github.com/petems/tugboat
- https://www.digitalocean.com/community/tools/tugboat
author: geeknik
severity: critical
tags: tugboat,config,exposure
@ -31,3 +33,5 @@ requests:
part: body
regex:
- 'access_token: .*'
# Enhanced by mp on 2022/03/21

8
network/exposed-adb.yaml
View File

@ -4,8 +4,12 @@ info:
name: Exposed Android Debug Bridge
author: pdteam,pikpikcu
severity: critical
description: An exposed Android debug bridge was discovered.
tags: network,adb,rce,android
reference: https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
reference:
- https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
- https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
- https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/
network:
- inputs:
@ -25,3 +29,5 @@ network:
- "device"
- "product"
condition: and
# Enhanced by mp on 2022/03/21

6
network/sap-router-info-leak.yaml
View File

@ -4,7 +4,11 @@ info:
name: SAPRouter - Routing information leak
author: randomstr1ng
severity: critical
description: SAPRouter contains an information leakage vulnerability.
tags: network,sap
reference:
- https://securityforeveryone.com/tools/saprouter-routing-information-leakage-vulnerability-scanner
- https://support.sap.com/en/tools/connectivity-tools/saprouter.html
network:
- inputs:
@ -22,3 +26,5 @@ network:
- "Routtab"
- "Working directory"
- "SAProuter Connection Table"
# Enhanced by mp on 2022/03/21

8
technologies/waf-detect.yaml
View File

@ -4,8 +4,14 @@ info:
name: WAF Detection
author: dwisiswant0,lu4nx
severity: info
description: A web application firewall was detected.
reference: https://github.com/Ekultek/WhatWaf
tags: waf,tech,misc
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- raw:
@ -749,3 +755,5 @@ requests:
- '(?)content="CloudWAF"'
- 'Server: CloudWAF'
- 'Set-Cookie: HWWAFSESID='
# Enhanced by mp on 2022/03/21

14
vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml
View File

@ -1,14 +1,20 @@
id: vrealize-operations-log4j-rce
info:
name: vRealize Operations Tenant App Log4j JNDI RCE
name: VMware vRealize Operations Tenant App Log4j JNDI RCE
author: bughuntersurya
severity: critical
description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in an impacted vRealize Operations Tenant Application.
reference: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
description: VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.
reference:
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
- https://core.vmware.com/vmsa-2021-0028-questions-answers-faq
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://nvd.nist.gov/vuln/detail/CVE-2021-45046
metadata:
shodan-query: http.title:"vRealize Operations Tenant App"
tags: rce,log4j,vmware,vrealize
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
requests:
- raw:
@ -39,3 +45,5 @@ requests:
group: 1
regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
# Enhanced by mp on 2022/03/21

11
vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
View File

@ -4,8 +4,15 @@ info:
name: WordPress InfiniteWP Client Authentication Bypass
author: princechaddha
severity: critical
reference: https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
description: InfiniteWP Client plugin versions 1.9.4.4 or earlier contain a critical authentication bypass vulnerability. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a site owner to manage unlimited WordPress sites from their own server.
remediation: Upgrade to InfiniteWP Client 1.9.4.5 or higher.
reference:
- https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
- https://wordpress.org/plugins/iwp-client/#developers
tags: wordpress,auth-bypass,wp-plugin
classification:
cvss-score: 9.8
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
requests:
- raw:
@ -56,3 +63,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/21

11
vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
View File

@ -1,13 +1,20 @@
id: wordpress-woocommerce-sqli
info:
name: Unauthenticated SQL injection Woocommerce
name: Woocommerce Unauthenticated SQL Injection
author: rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan,madrobot
severity: critical
description: The Woocommerce plugin for Wordpress contains an unauthenticated SQL injection vulnerability.
tags: wordpress,woocommerce,sqli,wp-plugin,injection
reference:
- https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
- https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
- https://securitynews.sonicwall.com/xmlpost/wordpress-woocommerce-plugin-sql-injection/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id:
cwe-id: CWE-89
requests:
- method: GET
@ -33,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/21

9
vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml
View File

@ -1,14 +1,17 @@
id: wordpress-wpcourses-info-disclosure
id: CVE-2020-26876
info:
name: WordPress WP Courses Plugin Information Disclosure
author: dwisiswant0
severity: high
description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials
description: WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials.
tags: wordpress,plugin
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-26876
- https://www.exploit-db.com/exploits/48910
- https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
classification:
cve-id: CVE-2020-26876
requests:
- method: GET
@ -34,3 +37,5 @@ requests:
- 200
- 404
condition: or
# Enhanced by mp on 2022/03/21