Merge branch 'projectdiscovery:master' into dashboard

patch-1
MostInterestingBotInTheWorld 2022-05-23 17:24:43 -04:00 committed by GitHub
commit bd5823ea54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 67 additions and 16 deletions

View File

@ -12,6 +12,7 @@ exposed-panels/jupyter-notebook.yaml
exposed-panels/looker-panel.yaml exposed-panels/looker-panel.yaml
exposures/files/xampp-environment-variables.yaml exposures/files/xampp-environment-variables.yaml
miscellaneous/robots-txt-endpoint.yaml miscellaneous/robots-txt-endpoint.yaml
misconfiguration/selenium-exposure.yaml
ssl/self-signed-ssl.yaml ssl/self-signed-ssl.yaml
token-spray/api-binaryedge.yaml token-spray/api-binaryedge.yaml
token-spray/api-c99.yaml token-spray/api-c99.yaml

View File

@ -3,7 +3,7 @@ id: CVE-2019-16932
info: info:
name: Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF) name: Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
author: akincibor author: akincibor
severity: high severity: critical
description: | description: |
This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint.
classification: classification:
@ -12,6 +12,12 @@ info:
- https://wpscan.com/vulnerability/9892 - https://wpscan.com/vulnerability/9892
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf - https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
- https://nvd.nist.gov/vuln/detail/CVE-2019-16932 - https://nvd.nist.gov/vuln/detail/CVE-2019-16932
- https://wordpress.org/plugins/visualizer/#developers
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
cvss-score: 10
cve-id: CVE-2019-16932
cwe-id: CWE-918
tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth
requests: requests:

View File

@ -0,0 +1,34 @@
id: selenium-exposure
info:
name: Selenium Node exposure
author: w0Tx
severity: high
description: |
If a Selenium Node is exposed without any form of authentication, RCE could be possible if chromium is configured. By default the port is 4444, still, most of the internet facing are done through reverse proxies.
reference:
- https://nutcrackerssecurity.github.io/selenium.html
- https://labs.detectify.com/2017/10/06/guest-blog-dont-leave-your-grid-wide-open/
metadata:
verified: true
shodan-query: "/wd/hub"
tags: selenium,misconfiguration,rce,chromium
requests:
- method: GET
path:
- "{{BaseURL}}/wd/hub"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'WebDriverRequest'
- '<title>WebDriver Hub</title>'
condition: or
- type: status
status:
- 200

View File

@ -4,29 +4,36 @@ info:
name: Sangfor EDR Authentication Bypass name: Sangfor EDR Authentication Bypass
author: princechaddha author: princechaddha
severity: high severity: high
description: A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login description: |
A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login
screen without providing a username. screen without providing a username.
metadata:
fofa-query: app="sangfor"
tags: sangfor,auth-bypass,login tags: sangfor,auth-bypass,login
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/ui/login.php?user=admin" - "{{BaseURL}}/ui/login.php?user=admin"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word
part: body
words:
- "/download/edr_installer_"
- type: word
part: header
words:
- 'Set-Cookie=""'
negative: true
- type: word
part: header
words:
- 'Set-Cookie='
- type: status - type: status
status: status:
- 302 - 302
- type: word
words:
- "/download/edr_installer_"
part: body
- type: word
words:
- 'Set-Cookie=""'
part: header
negative: true
- type: word
words:
- 'Set-Cookie='
part: header

View File

@ -7,6 +7,8 @@ info:
description: A vulnerability in Sangfor EDR product allows remote unauthenticated users to cause the product to execute arbitrary commands. description: A vulnerability in Sangfor EDR product allows remote unauthenticated users to cause the product to execute arbitrary commands.
reference: reference:
- https://www.cnblogs.com/0day-li/p/13650452.html - https://www.cnblogs.com/0day-li/p/13650452.html
metadata:
fofa-query: app="sangfor"
tags: rce,sangfor tags: rce,sangfor
requests: requests:
@ -21,9 +23,10 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex
part: body
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
part: body
- type: status - type: status
status: status:
- 200 - 200