daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix classification position 

Fix classification position
patch-11
Parth Malhotra 2024-09-10 14:11:12 +05:30
parent 33f6932472
commit b2e470c37e
25 changed files with 66 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/cnvd/2021/CNVD-2021-33202.yaml
View File

@ -9,6 +9,8 @@ info:
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md
- https://www.cnblogs.com/0day-li/p/14637680.html
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
@ -16,8 +18,7 @@ info:
product: e-cology
vendor: weaver
tags: cnvd2021,cnvd,e-cology,sqli
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
variables:
num: "999999999"

4
http/credential-stuffing/self-hosted/grafana-login-check.yaml
View File

@ -7,6 +7,8 @@ info:
description: Checks for a valid login on self hosted Grafana instance.
reference:
- https://owasp.org/www-community/attacks/Credential_stuffing
classification:
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Grafana"
@ -14,8 +16,6 @@ info:
product: grafana
vendor: grafana
tags: self-hosted,creds-stuffing,login-check,grafana
classification:
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
variables:
username: "{{username}}"
password: "{{password}}"

4
http/cves/2024/CVE-2024-4358.yaml
View File

@ -12,6 +12,8 @@ info:
- https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
- https://github.com/sinsinology/CVE-2024-4358
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358
classification:
cpe: cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -19,8 +21,6 @@ info:
product: telerik_report_server
vendor: progress
tags: cve,cve2024,telerik,progress,auth-bypass,instrusive
classification:
cpe: cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*
variables:
user: "{{rand_base(6)}}"
pass: "{{rand_base(8)}}"

4
http/default-logins/webmethod/webmethod-integration-default-login.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
reference:
- https://documentation.softwareag.com/
classification:
cpe: cpe:2.3:a:softwareag:webmethods:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 5
@ -13,8 +15,6 @@ info:
product: webmethods
vendor: softwareag
tags: default-login,webmethod
classification:
cpe: cpe:2.3:a:softwareag:webmethods:*:*:*:*:*:*:*:*
flow: http(1) && http(2)
http:

4
http/exposed-panels/fortinet/fortisiem-panel.yaml
View File

@ -5,6 +5,8 @@ info:
author: pussycat0x
severity: info
description: FortiSIEM login panel was detected.
classification:
cpe: cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -12,8 +14,6 @@ info:
product: fortisiem
vendor: fortinet
tags: panel,fortisiem
classification:
cpe: cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
flow: http(1) && http(2)
http:
- method: GET

4
http/exposures/configs/vbulletin-path-disclosure.yaml
View File

@ -6,6 +6,8 @@ info:
severity: info
reference:
- https://github.com/OWASP/vbscan/blob/master/modules/pathdisclure.pl
classification:
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 11
@ -13,8 +15,6 @@ info:
product: vbulletin
vendor: vbulletin
tags: config,exposure,fpd,vbulletin
classification:
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
flow: http(1) && http(2)
http:

5
http/misconfiguration/graphql/graphql-alias-batching.yaml
View File

@ -14,13 +14,14 @@ info:
- https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
- https://graphql.security/
- https://stackoverflow.com/questions/62421352/graphql-difference-between-using-alias-versus-multiple-query-objects-when-doin
classification:
cpe: cpe:2.3:a:graphql:playground:*:*:*:*:node.js:*:*:*
metadata:
max-request: 2
product: playground
vendor: graphql
tags: graphql,misconfig
classification:
cpe: cpe:2.3:a:graphql:playground:*:*:*:*:node.js:*:*:*
variables:
str: "{{to_lower(rand_text_alpha(5))}}"

5
http/misconfiguration/nacos-authentication-bypass.yaml
View File

@ -11,6 +11,8 @@ info:
- https://github.com/alibaba/nacos/issues/10060
- https://avd.aliyun.com/detail?id=AVD-2023-1655789
- https://nacos.io/zh-cn/docs/auth.html
classification:
cpe: cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -18,8 +20,7 @@ info:
product: nacos
vendor: alibaba
tags: auth-bypass,nacos,misconfig,jwt
classification:
cpe: cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*
variables:
token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.-isk56R8NfioHVYmpj4oz92nUteNBCN3HRd0-Hfk76g

5
http/vulnerabilities/74cms/74cms-weixin-sqli.yaml
View File

@ -8,6 +8,8 @@ info:
There is a libxml_disable_entity_loader function to prevent XML eXternal Entity Injection, but this function needs to be customized by the user. If the user does not customize it, there will be no filtering, which leads to SQL injection vulnerabilities.
reference:
- https://cn-sec.com/archives/25900.html
classification:
cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
@ -15,8 +17,7 @@ info:
product: 74cms
vendor: 74cms
tags: 74cms,weixin,sqli
classification:
cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:*
variables:
num: '999999999'

4
http/vulnerabilities/landray/landray-oa-sysSearchMain-editParam-rce.yaml
View File

File diff suppressed because one or more lines are too long

4
http/vulnerabilities/microsoft/office-webapps-ssrf.yaml
View File

@ -7,6 +7,8 @@ info:
description: Office Web Apps Server Full Read is vulnerable to SSRF.
reference:
- https://drive.google.com/file/d/1aeNq_5wVwHRR1np1jIRQM1hocrgcZ6Qu/view (Slide 37,38)
classification:
cpe: cpe:2.3:a:microsoft:office_web_apps_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
@ -15,8 +17,6 @@ info:
product: office_web_apps_server
vendor: microsoft
tags: microsoft,office-webapps,redirect
classification:
cpe: cpe:2.3:a:microsoft:office_web_apps_server:*:*:*:*:*:*:*:*
variables:
oast: "{{interactsh-url}}"
string: "{{to_lower(rand_text_alpha(4))}}"

4
http/vulnerabilities/other/flir-ax8-rce.yaml
View File

@ -9,6 +9,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/45602
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/%E8%8F%B2%E5%8A%9B%E5%B0%94/FLIR-AX8%20res.php%20%E5%90%8E%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
classification:
cpe: cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -16,8 +18,6 @@ info:
product: flir_ax8_firmware
vendor: flir
tags: flir-ax8,rce,exploitdb,iot,sensor,authenticated
classification:
cpe: cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
variables:
username: admin
password: admin

4
http/vulnerabilities/other/opencart-core-sqli.yaml
View File

@ -9,6 +9,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/51940
- https://cxsecurity.com/issue/WLB-2024040004
classification:
cpe: cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: title:"OpenCart"
@ -16,8 +18,6 @@ info:
product: opencart
vendor: opencart
tags: opencart,sqli
classification:
cpe: cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*
flow: http(1) && http(2)
http:

5
http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
View File

@ -8,6 +8,8 @@ info:
There is a command execution vulnerability in the nmc_sync.php interface of Ruijie's RG-UAC unified online behavior management and audit system. An unauthenticated attacker can execute arbitrary commands to control server permissions.
reference:
- https://github.com/xinyisleep/pocscan/blob/main/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7_EG%E6%98%93%E7%BD%91%E5%85%B3_%E4%B8%8A%E7%BD%91%E8%A1%8C%E4%B8%BA%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E5%89%8D%E5%8F%B0RCE.py
classification:
cpe: cpe:2.3:h:ruijie:rg-uac:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
@ -15,8 +17,7 @@ info:
product: rg-uac
vendor: ruijie
tags: rg-uac,file-upload,intrusive,ruijie
classification:
cpe: cpe:2.3:h:ruijie:rg-uac:*:*:*:*:*:*:*:*
variables:
random_str: "{{rand_base(6)}}"
match_str: "{{md5(random_str)}}"

5
http/vulnerabilities/tongda/tongda-getdata-rce.yaml
View File

@ -8,6 +8,8 @@ info:
There is an arbitrary command execution vulnerability in the getdata interface of Tongda OA v11.9. An attacker can execute arbitrary commands on the server to control server permissions through the vulnerability.
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v11.9%20getdata%20%E4%BB%BB%E6%84%8F%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
classification:
cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
@ -15,8 +17,7 @@ info:
product: office_anywhere
vendor: tongda2000
tags: tongda,rce
classification:
cpe: cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
variables:
num: '999999999'
payload: "echo md5({{num}});"

5
http/vulnerabilities/weaver/eoffice/weaver-eoffice-file-upload.yaml
View File

@ -8,6 +8,8 @@ info:
Weaver E-Office version 9.5 is susceptible to an arbitrary file upload vulnerability. This flaw allows malicious actors to upload and execute arbitrary code or files without proper validation or authorization.
reference:
- https://github.com/RCEraser/cve/blob/main/Weaver.md
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -15,8 +17,7 @@ info:
product: e-office
vendor: weaver
tags: e-office,weaver,intrusive,file-upload
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
variables:
filename: '{{rand_base(7, "abc")}}'

5
http/vulnerabilities/weaver/weaver-ecology-getsqldata-sqli.yaml
View File

@ -8,6 +8,8 @@ info:
When the getSqlData interface of the Panwei e-cology OA system uses the mssql database, the built-in SQL statements are not spliced strictly, resulting in a SQL injection vulnerability.
reference:
- https://github.com/Wrin9/weaverOA_sql_RCE/blob/14cca7a6da7a4a81e7c7a7016cb0da75b8b290bc/weaverOA_sql_injection_POC_EXP.py#L46
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -16,8 +18,7 @@ info:
product: e-cology
vendor: weaver
tags: ecology,weaver,oa,sqli
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
variables:
num: "999999999"

5
http/vulnerabilities/weaver/weaver-ecology-hrmcareer-sqli.yaml
View File

@ -8,6 +8,8 @@ info:
There is a SQL injection vulnerability in the HrmCareerApplyPerView.jsp file of Panwei OA E-Cology. An attacker can obtain sensitive files in the server database through the vulnerability.
reference:
- https://github.com/ibaiw/2023Hvv/blob/556de69ffc370fd9827e2cf5027373543e2513d4/%E6%B3%9B%E5%BE%AE%20HrmCareerApplyPerView%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md?plain=1#L3
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
@ -16,8 +18,7 @@ info:
product: e-cology
vendor: weaver
tags: ecology,weaver,oa,sqli
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
variables:
num: "999999999"

5
http/vulnerabilities/weaver/weaver-jquery-file-upload.yaml
View File

@ -7,6 +7,8 @@ info:
description: Arbitrary File Upload in OA E-Office jQuery.
reference:
- https://github.com/w-digital-scanner/w9scan/blob/master/plugins/weaver_oa/2158.py
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
@ -14,8 +16,7 @@ info:
product: e-office
vendor: weaver
tags: weaver,e-office,oa,instrusive,rce,intrusive
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
variables:
filename: "{{to_lower(rand_base(5))}}"
string: "{{randstr}}"

5
http/vulnerabilities/weaver/weaver-ktreeuploadaction-file-upload.yaml
View File

@ -8,6 +8,8 @@ info:
There is a file upload vulnerability in Weaver E-Cology. An attacker can upload any file through KtreeUploadAction.jsp and further exploit it.
reference:
- https://buaq.net/go-117479.html
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -16,8 +18,7 @@ info:
product: e-cology
vendor: weaver
tags: weaver,ecology,fileupload,intrusive
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
variables:
num1: "{{rand_int(40000, 50000)}}"
num2: "{{rand_int(40000, 50000)}}"

5
http/vulnerabilities/weaver/weaver-office-server-file-upload.yaml
View File

@ -8,6 +8,8 @@ info:
OA E-Office OfficeServer.php has an arbitrary file upload vulnerability. Attackers can obtain sensitive information on the server through the vulnerability.
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Office%20OfficeServer.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -15,8 +17,7 @@ info:
product: e-office
vendor: weaver
tags: weaver,e-office,oa,rce,intrusive,fileupload
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
variables:
filename: "{{to_lower(rand_base(5))}}"
string: "weaver-office-server-file-upload"

5
http/vulnerabilities/weaver/weaver-uploadoperation-file-upload.yaml
View File

@ -9,14 +9,15 @@ info:
reference:
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/weaver-oa-workrelate-file-upload.yaml
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
max-request: 3
fofa-query: app="泛微-协同办公OA"
product: e-cology
vendor: weaver
tags: ecology,fileupload,intrusive
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
variables:
filename: "{{to_lower(rand_base(5))}}"
string: "{{randstr}}"

5
http/vulnerabilities/wordpress/wp-gallery-file-upload.yaml
View File

@ -12,6 +12,8 @@ info:
- http://wordpress.org/extend/plugins/gallery-plugin/
- http://downloads.wordpress.org/plugin/gallery-plugin.3.06.zip
- https://wpscan.com/vulnerability/049c8518-1f52-4aa4-b0b3-218289727353
classification:
cpe: cpe:2.3:a:bestwebsoft:gallery:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 2
@ -20,8 +22,7 @@ info:
product: gallery
vendor: bestwebsoft
tags: wp,wp-plugin,wordpress,wpscan,file-upload,intrusive
classification:
cpe: cpe:2.3:a:bestwebsoft:gallery:*:*:*:*:wordpress:*:*:*
variables:
filename: "{{to_lower(rand_text_alpha(5))}}"

5
http/vulnerabilities/yonyou/yonyou-nc-grouptemplet-fileupload.yaml
View File

@ -9,6 +9,8 @@ info:
reference:
- https://www.seebug.org/vuldb/ssvid-99547
- https://github.com/Augensternyu/POC-bomber/blob/main/pocs/redteam/yongyou_nc_fileupload_2022.py
classification:
cpe: cpe:2.3:a:yonyou:ufida-nc:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
@ -16,8 +18,7 @@ info:
product: ufida-nc
vendor: yonyou
tags: yonyou,intrusive,ufida,fileupload
classification:
cpe: cpe:2.3:a:yonyou:ufida-nc:*:*:*:*:*:*:*:*
variables:
v1: "{{rand_int(1,100)}}"

5
http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml
View File

@ -7,6 +7,8 @@ info:
description: ZzzCMS (A Lightweight ASP.NET content management system) is vulnerable to SSRF(Server-Side Request Forgery).
reference:
- https://www.hacking8.com/bug-web/Zzzcms/Zzzcms-1.75-ssrf.html
classification:
cpe: cpe:2.3:a:zzzcms:zzzcms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
@ -15,8 +17,7 @@ info:
product: zzzcms
vendor: zzzcms
tags: zzzcms,ssrf,oast
classification:
cpe: cpe:2.3:a:zzzcms:zzzcms:*:*:*:*:*:*:*:*
variables:
filename: "{{to_lower(rand_text_alpha(4))}}"