From c6e264a04e6f2492f13510f31da5f55363e06ef2 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Wed, 23 Mar 2022 15:56:30 +0530
Subject: [PATCH] New Templates added (#3913)

* Add files via upload

* Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] :robot:

* Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] :robot:

* moving templates into jolokia directory

* duplicate of jolokia-unauthenticated-lfi

* merged similar templates into one with updated matchers

* Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] :robot:

* Delete .new-additions

* Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] :robot:

* conflict update

* Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] :robot:

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
---
 .new-additions                                |  2 +-
 .../jolokia/jolokia-info-disclosure.yaml      | 73 +++++++++++++++++++
 misconfiguration/jolokia/jolokia-list.yaml    | 28 +++++++
 .../jolokia/jolokia-mbean-search.yaml         | 30 ++++++++
 .../jolokia-unauthenticated-lfi.yaml          |  2 +-
 5 files changed, 133 insertions(+), 2 deletions(-)
 create mode 100644 misconfiguration/jolokia/jolokia-info-disclosure.yaml
 create mode 100644 misconfiguration/jolokia/jolokia-list.yaml
 create mode 100644 misconfiguration/jolokia/jolokia-mbean-search.yaml
 rename misconfiguration/{ => jolokia}/jolokia-unauthenticated-lfi.yaml (94%)

diff --git a/.new-additions b/.new-additions
index 225edd83a9..38c5a59a6d 100644
--- a/.new-additions
+++ b/.new-additions
@@ -8,4 +8,4 @@ exposed-panels/beyondtrust-panel.yaml
 exposed-panels/open-virtualization-manager-panel.yaml
 technologies/open-virtualization-manager-detect.yaml
 vulnerabilities/huawei/huawei-hg255s-lfi.yaml
-vulnerabilities/other/tekon-info-leak.yaml
+vulnerabilities/other/tekon-info-leak.yaml
\ No newline at end of file
diff --git a/misconfiguration/jolokia/jolokia-info-disclosure.yaml b/misconfiguration/jolokia/jolokia-info-disclosure.yaml
new file mode 100644
index 0000000000..de7cac14a8
--- /dev/null
+++ b/misconfiguration/jolokia/jolokia-info-disclosure.yaml
@@ -0,0 +1,73 @@
+id: jolokia-info-disclosure
+
+info:
+  name: Jolokia - Information disclosure
+  author: pussycat0x
+  severity: medium
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,mbean,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
+      - "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory"
+      - "{{BaseURL}}/jolokia/read/java.lang:type=Memory"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
+
+    matchers-condition: or
+    matchers:
+
+      - type: word
+        name: memory
+        words:
+          - '"java.lang:type=Memory"'
+
+      - type: word
+        name: implementation-vendor
+        words:
+          - '"attribute":"ImplementationVendor"'
+
+      - type: word
+        name: implementation-version
+        words:
+          - '"attribute":"ImplementationVersion"'
+
+      - type: word
+        name: implementation-name
+        words:
+          - '"attribute":"ImplementationName"'
+
+      - type: word
+        name: specification-vendor
+        words:
+          - '"attribute":"SpecificationVendor"'
+
+      - type: word
+        name: mbean-serverid
+        words:
+          - '"attribute":"MBeanServerId"'
+
+      - type: word
+        name: specification-name
+        words:
+          - '"attribute":"SpecificationName"'
+
+      - type: word
+        name: specification-version
+        words:
+          - '"attribute":"SpecificationVersion'
\ No newline at end of file
diff --git a/misconfiguration/jolokia/jolokia-list.yaml b/misconfiguration/jolokia/jolokia-list.yaml
new file mode 100644
index 0000000000..823e31e5fd
--- /dev/null
+++ b/misconfiguration/jolokia/jolokia-list.yaml
@@ -0,0 +1,28 @@
+id: jolokia-list
+
+info:
+  name: Jolokia - List
+  author: pussycat0x
+  severity: low
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jolokia/list"
+      - "{{BaseURL}}/actuator/jolokia/list"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '"type":"list"'
\ No newline at end of file
diff --git a/misconfiguration/jolokia/jolokia-mbean-search.yaml b/misconfiguration/jolokia/jolokia-mbean-search.yaml
new file mode 100644
index 0000000000..1a335bf76b
--- /dev/null
+++ b/misconfiguration/jolokia/jolokia-mbean-search.yaml
@@ -0,0 +1,30 @@
+id: jolokia-mbean-search
+
+info:
+  name: Jolokia -Searching MBeans
+  author: pussycat0x
+  severity: low
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,mbean,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jolokia/search/*:test=test"
+      - "{{BaseURL}}/actuator/jolokia/search/*:test=test"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '"type":"search"'
+          - '"value":'
+        condition: and
\ No newline at end of file
diff --git a/misconfiguration/jolokia-unauthenticated-lfi.yaml b/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml
similarity index 94%
rename from misconfiguration/jolokia-unauthenticated-lfi.yaml
rename to misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml
index b80c34d39d..ca0f994111 100644
--- a/misconfiguration/jolokia-unauthenticated-lfi.yaml
+++ b/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
     - https://github.com/laluka/jolokia-exploitation-toolkit
-  tags: jolokia,lfi
+  tags: jolokia,springboot,tomcat,lfi
 
 requests:
   - method: GET