New Templates added (#3913)

* Add files via upload

* Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] 🤖

* Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] 🤖

* moving templates into jolokia directory

* duplicate of jolokia-unauthenticated-lfi

* merged similar templates into one with updated matchers

* Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] 🤖

* Delete .new-additions

* Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] 🤖

* conflict update

* Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] 🤖

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>

.new-additions

@@ -8,4 +8,4 @@ exposed-panels/beyondtrust-panel.yaml
 exposed-panels/open-virtualization-manager-panel.yaml
 technologies/open-virtualization-manager-detect.yaml
 vulnerabilities/huawei/huawei-hg255s-lfi.yaml
-vulnerabilities/other/tekon-info-leak.yaml
+vulnerabilities/other/tekon-info-leak.yaml

misconfiguration/jolokia/jolokia-info-disclosure.yaml

@@ -0,0 +1,73 @@
+id: jolokia-info-disclosure
+
+info:
+  name: Jolokia - Information disclosure
+  author: pussycat0x
+  severity: medium
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,mbean,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
+      - "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory"
+      - "{{BaseURL}}/jolokia/read/java.lang:type=Memory"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
+
+    matchers-condition: or
+    matchers:
+
+      - type: word
+        name: memory
+        words:
+          - '"java.lang:type=Memory"'
+
+      - type: word
+        name: implementation-vendor
+        words:
+          - '"attribute":"ImplementationVendor"'
+
+      - type: word
+        name: implementation-version
+        words:
+          - '"attribute":"ImplementationVersion"'
+
+      - type: word
+        name: implementation-name
+        words:
+          - '"attribute":"ImplementationName"'
+
+      - type: word
+        name: specification-vendor
+        words:
+          - '"attribute":"SpecificationVendor"'
+
+      - type: word
+        name: mbean-serverid
+        words:
+          - '"attribute":"MBeanServerId"'
+
+      - type: word
+        name: specification-name
+        words:
+          - '"attribute":"SpecificationName"'
+
+      - type: word
+        name: specification-version
+        words:
+          - '"attribute":"SpecificationVersion'

misconfiguration/jolokia/jolokia-list.yaml

@@ -0,0 +1,28 @@
+id: jolokia-list
+
+info:
+  name: Jolokia - List
+  author: pussycat0x
+  severity: low
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jolokia/list"
+      - "{{BaseURL}}/actuator/jolokia/list"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '"type":"list"'

misconfiguration/jolokia/jolokia-mbean-search.yaml

@@ -0,0 +1,30 @@
+id: jolokia-mbean-search
+
+info:
+  name: Jolokia -Searching MBeans
+  author: pussycat0x
+  severity: low
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,mbean,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jolokia/search/*:test=test"
+      - "{{BaseURL}}/actuator/jolokia/search/*:test=test"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '"type":"search"'
+          - '"value":'
+        condition: and

misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml

@@ -8,7 +8,7 @@ info:
   reference:
     - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
     - https://github.com/laluka/jolokia-exploitation-toolkit
-  tags: jolokia,lfi
+  tags: jolokia,springboot,tomcat,lfi
 
 requests:
   - method: GET