TemplateMan Update [Mon Sep 18 12:45:28 UTC 2023] 🤖

2023-09-18 12:45:28 +00:00 · 2023-09-18 12:45:28 +00:00 · aa3659d49d
parent 9d36f78437
commit aa3659d49d
29 changed files with 43 additions and 33 deletions
--- a/http/cnvd/2023/CNVD-C-2023-76801.yaml
+++ b/http/cnvd/2023/CNVD-C-2023-76801.yaml
@ -5,6 +5,8 @@ info:
  author: SleepingBag945
  severity: critical
  description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks.
+  metadata:
+    max-request: 2
  tags: cvnd,cvnd2023,yonyou,rce

 http:
--- a/http/default-logins/smartbi/smartbi-default-login.yaml
+++ b/http/default-logins/smartbi/smartbi-default-login.yaml
@ -11,8 +11,8 @@ info:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/smartbi-default-user-weakpass.yaml
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Smartbi%20%E7%99%BB%E5%BD%95%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
    fofa-query: app="SMARTBI"
+    max-request: 2
    verified: true
  tags: smartbi,default-login

--- a/http/vulnerabilities/realor/realor-gwt-system-sqli.yaml
+++ b/http/vulnerabilities/realor/realor-gwt-system-sqli.yaml
@ -9,9 +9,9 @@ info:
  reference:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/realor-gwt-system-sql-injection.yaml
  metadata:
+    fofa-query: app="REALOR-天翼应用虚拟化系统"
+    max-request: 2
    verified: "true"
-    fofa-query: 'app="REALOR-天翼应用虚拟化系统"'
-    max-request: 1
  tags: realor,sqli

 http:
--- a/http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml
+++ b/http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml
@ -8,8 +8,8 @@ info:
  reference:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/ruijie-nbr-fileupload.yaml
  metadata:
-    max-request: 1
    fofa-query: app="Ruijie-NBR路由器"
+    max-request: 2
    verified: true
  tags: ruijie,file-upload,intrusive,nbr

--- a/http/vulnerabilities/secworld/secgate-3600-file-upload.yaml
+++ b/http/vulnerabilities/secworld/secgate-3600-file-upload.yaml
@ -10,9 +10,9 @@ info:
    - https://peiqi.wgpsec.org/wiki/iot/%E5%A5%87%E5%AE%89%E4%BF%A1/%E7%BD%91%E7%A5%9E%20SecGate%203600%20%E9%98%B2%E7%81%AB%E5%A2%99%20obj_app_upfile%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/%E5%A5%87%E5%AE%89%E4%BF%A1/%E7%BD%91%E7%A5%9E%20SecGate%203600%20%E9%98%B2%E7%81%AB%E5%A2%99%20obj_app_upfile%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
  metadata:
+    fofa-query: fid="1Lh1LHi6yfkhiO83I59AYg=="
+    max-request: 2
    verified: "true"
-    fofa-query: 'fid="1Lh1LHi6yfkhiO83I59AYg=="'
-    max-request: 1
  tags: secgate,3600,firewall,file-upload,intrusive

 variables:
--- a/http/vulnerabilities/seeyon/seeyon-createmysql-exposure.yaml
+++ b/http/vulnerabilities/seeyon/seeyon-createmysql-exposure.yaml
@ -10,8 +10,8 @@ info:
    - https://github.com/achuna33/MYExploit/blob/8ffbf7ee60cbd77ad90b0831b93846aba224ab29/src/main/java/com/achuna33/Controllers/SeeyonController.java
    - https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E8%87%B4%E8%BF%9COA%20A6%20createMysql.jsp%20%E6%95%B0%E6%8D%AE%E5%BA%93%E6%95%8F%E6%84%9F%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2.md
  metadata:
-    max-request: 1
    fofa-query: title="致远A8+协同管理软件.A6"
+    max-request: 2
    verified: true
  tags: seeyon,oa,info-leak

--- a/http/vulnerabilities/seeyon/seeyon-oa-sp2-file-upload.yaml
+++ b/http/vulnerabilities/seeyon/seeyon-oa-sp2-file-upload.yaml
@ -11,8 +11,8 @@ info:
    - http://wiki.peiqi.tech/wiki/oa/致远OA/致远OA%20wpsAssistServlet%20任意文件上传漏洞.html
    - https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E8%87%B4%E8%BF%9COA%20wpsAssistServlet%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
    fofa-query: app="致远互联-OA" && title="V8.0SP2"
+    max-request: 2
    verified: true
  tags: seeyon,oa,file-upload,intrusive

--- a/http/vulnerabilities/smartbi/smartbi-deserialization.yaml
+++ b/http/vulnerabilities/smartbi/smartbi-deserialization.yaml
@ -11,8 +11,8 @@ info:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/smartbi-windowunloading-other.yaml
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Smartbi%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
    fofa-query: app="SMARTBI"
+    max-request: 2
    verified: true
  tags: smartbi,deserialization

--- a/http/vulnerabilities/tongda/tongda-action-uploadfile.yaml
+++ b/http/vulnerabilities/tongda/tongda-action-uploadfile.yaml
@ -10,9 +10,9 @@ info:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v2017%20action_upload.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
    - https://github.com/shadow1ng/fscan/blob/main/WebScan/pocs/tongda-v2017-uploadfile.yml
  metadata:
-    max-request: 1
-    verified: true
    fofa-query: app="TDXK-通达OA"
+    max-request: 2
+    verified: true
  tags: tongda,fileupload,intrusive,router

 variables:
--- a/http/vulnerabilities/tongda/tongda-api-file-upload.yaml
+++ b/http/vulnerabilities/tongda/tongda-api-file-upload.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-oa-api-ali-upload.yaml
  metadata:
-    max-request: 1
    fofa-query: app="TDXK-通达OA"
+    max-request: 3
    verified: true
  tags: tongda,oa,fileupload

--- a/http/vulnerabilities/tongda/tongda-getway-rfi.yaml
+++ b/http/vulnerabilities/tongda/tongda-getway-rfi.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E9%80%9A%E8%BE%BEOA%20v11.8%20getway.php%20%E8%BF%9C%E7%A8%8B%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
    fofa-query: app="TDXK-通达OA"
+    max-request: 2
    verified: true
  tags: tongda,rfi

--- a/http/vulnerabilities/tongda/tongda-insert-sqli.yaml
+++ b/http/vulnerabilities/tongda/tongda-insert-sqli.yaml
@ -9,9 +9,9 @@ info:
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v11.6%20insert%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
-    verified: true
    fofa-query: app="TDXK-通达OA"
+    max-request: 2
+    verified: true
  tags: tongda,sqli

 http:
--- a/http/vulnerabilities/topsec/topsec-topapplb-auth-bypass.yaml
+++ b/http/vulnerabilities/topsec/topsec-topapplb-auth-bypass.yaml
@ -9,9 +9,9 @@ info:
  reference:
    - https://github.com/cqr-cryeye-forks/goby-pocs/blob/main/Topsec-TopAppLB-Any-account-Login.json
  metadata:
-    max-request: 1
-    verified: true
    fofa-query: title="TopApp-LB 负载均衡系统"
+    max-request: 2
+    verified: true
  tags: topsec,topapplb,auth-bypass

 http:
--- a/http/vulnerabilities/weaver/ecology-verifyquicklogin-auth-bypass.yaml
+++ b/http/vulnerabilities/weaver/ecology-verifyquicklogin-auth-bypass.yaml
@ -10,6 +10,7 @@ info:
    - http://wiki.peiqi.tech/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20VerifyQuickLogin.jsp%20%E4%BB%BB%E6%84%8F%E7%AE%A1%E7%90%86%E5%91%98%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E.html
  metadata:
    fofa-query: app="泛微-协同办公OA"
+    max-request: 1
  tags: ecology,weaver,oa,auth-bypass

 http:
--- a/http/vulnerabilities/weaver/weaver-e-cology-validate-sqli.yaml
+++ b/http/vulnerabilities/weaver/weaver-e-cology-validate-sqli.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    In the validate.jsp file of the Panwei e-cology OA system, the parameter capitalid is not strictly filtered, which can lead to SQL injection vulnerabilities. An attacker can use this vulnerability to remotely send carefully constructed SQL statements without authorization, thereby obtaining sensitive database information.
+  metadata:
+    max-request: 1
  tags: ecology,weaver,sqli

 variables:
--- a/http/vulnerabilities/weaver/weaver-ebridge-lfi.yaml
+++ b/http/vulnerabilities/weaver/weaver-ebridge-lfi.yaml
@ -9,10 +9,10 @@ info:
  reference:
    - https://peiqi.wgpsec.org/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Bridge%20saveYZJFile%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.html
  metadata:
-    max-request: 1
-    verified: true
-    shodan-query: eBridge_JSessionid
    fofa-query: app="泛微云桥e-Bridge"
+    max-request: 4
+    shodan-query: eBridge_JSessionid
+    verified: true
  tags: eBridge,weaver,oa,lfi,lfr,intrusive

 http:
--- a/http/vulnerabilities/weaver/weaver-ecology-bshservlet-rce.yaml
+++ b/http/vulnerabilities/weaver/weaver-ecology-bshservlet-rce.yaml
@ -7,10 +7,10 @@ info:
  description: |
    Weaver BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
  metadata:
-    max-request: 1
-    verified: true
-    shodan-query: ecology_JSessionid
    fofa-query: app="泛微-协同办公OA"
+    max-request: 2
+    shodan-query: ecology_JSessionid
+    verified: true
  tags: beanshell,rce,weaver

 http:
--- a/http/vulnerabilities/weaver/weaver-group-xml-sqli.yaml
+++ b/http/vulnerabilities/weaver/weaver-group-xml-sqli.yaml
@ -10,8 +10,8 @@ info:
    - http://wiki.peiqi.tech/wiki/oa/泛微OA/泛微OA%20E-Office%20group_xml.php%20SQL注入漏洞.html
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Office%20group_xml.php%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
    fofa-query: app="泛微-EOffice"
+    max-request: 2
    verified: true
  tags: weaver,e-office,oa,sqli

--- a/http/vulnerabilities/weaver/weaver-jquery-file-upload.yaml
+++ b/http/vulnerabilities/weaver/weaver-jquery-file-upload.yaml
@ -7,8 +7,8 @@ info:
  reference:
    - https://github.com/w-digital-scanner/w9scan/blob/master/plugins/weaver_oa/2158.py
  metadata:
-    max-request: 1
    fofa-query: app="泛微-EOffice"
+    max-request: 3
    verified: true
  tags: weaver,e-office,oa,instrusive,rce

--- a/http/vulnerabilities/weaver/weaver-lazyuploadify-file-upload.yaml
+++ b/http/vulnerabilities/weaver/weaver-lazyuploadify-file-upload.yaml
@ -7,8 +7,8 @@ info:
  reference:
    - https://github.com/w-digital-scanner/w9scan/blob/master/plugins/weaver_oa/2158.py
  metadata:
-    max-request: 1
    fofa-query: app="泛微-EOffice"
+    max-request: 3
    verified: true
  tags: weaver,e-office,intrusive,rce,file-upload

--- a/http/vulnerabilities/weaver/weaver-login-sessionkey.yaml
+++ b/http/vulnerabilities/weaver/weaver-login-sessionkey.yaml
@ -5,7 +5,7 @@ info:
  author: SleepingBag945
  severity: high
  metadata:
-    max-request: 1
+    max-request: 2
    shodan-query: http.html:"E-Mobile"
  tags: weaver,e-mobile,oa

--- a/http/vulnerabilities/weaver/weaver-office-server-file-upload.yaml
+++ b/http/vulnerabilities/weaver/weaver-office-server-file-upload.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Office%20OfficeServer.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
    fofa-query: app="泛微-EOffice"
+    max-request: 2
    verified: true
  tags: weaver,e-office,oa,rce,intrusive,fileupload

--- a/http/vulnerabilities/weaver/weaver-uploadify-file-upload.yaml
+++ b/http/vulnerabilities/weaver/weaver-uploadify-file-upload.yaml
@ -7,8 +7,8 @@ info:
  reference:
    - https://github.com/w-digital-scanner/w9scan/blob/master/plugins/weaver_oa/2158.py
  metadata:
-    max-request: 1
    fofa-query: app="泛微-EOffice"
+    max-request: 3
    verified: true
  tags: weaver,e-office,oa,instrusive,rce

--- a/http/vulnerabilities/weaver/weaver-uploadoperation-file-upload.yaml
+++ b/http/vulnerabilities/weaver/weaver-uploadoperation-file-upload.yaml
@ -11,6 +11,7 @@ info:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/weaver-oa-workrelate-file-upload.yaml
  metadata:
    fofa-query: app="泛微-协同办公OA"
+    max-request: 3
  tags: ecology,fileupload,intrusive

 variables:
--- a/http/vulnerabilities/yonyou/chanjet-tplus-rce.yaml
+++ b/http/vulnerabilities/yonyou/chanjet-tplus-rce.yaml
@ -11,6 +11,7 @@ info:
    - https://github.com/MrWQ/vulnerability-paper/blob/7551f7584bd35039028b1d9473a00201ed18e6b2/bugs/%E7%95%85%E6%8D%B7%E9%80%9A%20T%2B%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
  metadata:
    fofa-query: app="畅捷通-TPlus"
+    max-request: 1
    verified: true
  tags: chanjettplus,rce

--- a/http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml
+++ b/http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml
@ -5,12 +5,12 @@ info:
  author: SleepingBag945
  severity: medium
  description: |
-     There is a directory traversal vulnerability in the templateOfTaohong_manager.jsp file of UFIDA FE collaborative office platform. Through the vulnerability, attackers can obtain directory files and other information, leading to further attacks.
+    There is a directory traversal vulnerability in the templateOfTaohong_manager.jsp file of UFIDA FE collaborative office platform. Through the vulnerability, attackers can obtain directory files and other information, leading to further attacks.
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20FE%E5%8D%8F%E4%BD%9C%E5%8A%9E%E5%85%AC%E5%B9%B3%E5%8F%B0%20templateOfTaohong_manager.jsp%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 2
-    fofa-query: "FE协作"
+    fofa-query: FE协作
+    max-request: 1
    verified: true
  tags: yonyou,fe,lfi

--- a/http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml
+++ b/http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/yonyou-nc-arbitrary-file-upload.yaml
  metadata:
-    max-request: 1
    fofa-query: app="用友-UFIDA-NC"
+    max-request: 2
    verified: true
  tags: yonyou,file-upload,intrusive

--- a/http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml
+++ b/http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml
@ -7,6 +7,8 @@ info:
  description: UFIDA GRP-u8 has an XXE vulnerability. This vulnerability is caused by the application not loading external entities when parsing XML input, resulting in the loading of external SQL statements and command execution.
  reference:
    - http://wiki.peiqi.tech/wiki/oa/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20GRP-U8%20Proxy%20SQL%E6%B3%A8%E5%85%A5%20CNNVD-201610-923.html
+  metadata:
+    max-request: 1
  tags: yonyou,grp,xxe,sqli

 variables:
--- a/http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml
+++ b/http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml
@ -10,6 +10,7 @@ info:
    - https://github.com/lal0ne/vulnerability/blob/c0985107adfd91d85fbd76d9a8acf8fbfa98ed41/YonyouNC/ncDecode/README.md
  metadata:
    fofa-query: icon_hash="1085941792"
+    max-request: 2
    verified: true
  tags: yonyou,intrusive,fileupload