diff --git a/http/misconfiguration/mysql-history.yaml b/http/misconfiguration/mysql-history.yaml index caf8abb50f..865ff21a15 100644 --- a/http/misconfiguration/mysql-history.yaml +++ b/http/misconfiguration/mysql-history.yaml @@ -9,8 +9,8 @@ info: reference: - http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html metadata: - max-request: 1 verified: true + max-request: 1 shodan-query: html:"mysql_history" tags: misconfig,disclosure,config diff --git a/http/technologies/wordpress/plugins/updraftplus.yaml b/http/technologies/wordpress/plugins/updraftplus.yaml index 4d4c68ef8e..9048b3ccf9 100644 --- a/http/technologies/wordpress/plugins/updraftplus.yaml +++ b/http/technologies/wordpress/plugins/updraftplus.yaml @@ -14,7 +14,6 @@ info: http: - method: GET - path: - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" diff --git a/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml b/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml index 94872c5632..97561e70ea 100644 --- a/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml +++ b/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml @@ -52,23 +52,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 4b0a00483046022100b5e26a39ec8e659d9a328ca3ccc4d4a267ef1c1937983c87d03cf4b44a1edc19022100a16a4eb3b0ebef7e1d2bff0b55f79af36b79e0c035501df0c1d8af6661ffd809:922c64590222798bb761d5b6d8e72950 diff --git a/http/vulnerabilities/code42/code42-log4j-rce.yaml b/http/vulnerabilities/code42/code42-log4j-rce.yaml index 27936580d1..3f5863045d 100644 --- a/http/vulnerabilities/code42/code42-log4j-rce.yaml +++ b/http/vulnerabilities/code42/code42-log4j-rce.yaml @@ -42,23 +42,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 490a00463044022057f58fb326fd41f2ba448ad56475806fec61bbad1a9b3f8d55af985bab85af900220238cdddcfece8857fb823c2dbaf1e47c371c77421b4213352e9ed1e5b920f41e:922c64590222798bb761d5b6d8e72950 diff --git a/http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml b/http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml index 83231041c1..bc157d3818 100644 --- a/http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml +++ b/http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml @@ -40,23 +40,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 4a0a004730450220309d02fb2a14af51d6b3dd296b9d421619f900f7fea1ae7771ab375e5fb84f430221008b5eb4ddb57371bdd686e15e931342efb73e102e7539625e6f22a8c8fafc2548:922c64590222798bb761d5b6d8e72950 diff --git a/http/vulnerabilities/other/fortiportal-log4j-rce.yaml b/http/vulnerabilities/other/fortiportal-log4j-rce.yaml index 1c626d5fab..0fd05f3c15 100644 --- a/http/vulnerabilities/other/fortiportal-log4j-rce.yaml +++ b/http/vulnerabilities/other/fortiportal-log4j-rce.yaml @@ -44,23 +44,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 4a0a00473045022037f46fc4de680b650e54d74c1f8a6a65e092ba7e548b90992da1f51b828ac575022100be5e34c623eeb506f322c38890a5a638ee74525641827b2c5982c0fa737390b7:922c64590222798bb761d5b6d8e72950 diff --git a/http/vulnerabilities/other/logstash-log4j-rce.yaml b/http/vulnerabilities/other/logstash-log4j-rce.yaml index 6e8cc88db0..27db46ccba 100644 --- a/http/vulnerabilities/other/logstash-log4j-rce.yaml +++ b/http/vulnerabilities/other/logstash-log4j-rce.yaml @@ -40,23 +40,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 4a0a00473045022041e2cc92ba6a2cc9920f7d74806ceb2570f3b0f6f08ac1c3bf26186630e44775022100f7bcae3be77b86e66ecd90c7df6e95093ceffca7167de0844ccc3f4cc28e5ee7:922c64590222798bb761d5b6d8e72950 diff --git a/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml b/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml index d2df030d0a..67766058e9 100644 --- a/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml +++ b/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml @@ -50,23 +50,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 4a0a00473045022100b96d44b2b974d14dab76297531b2343eca8753e92a5b59f2ea9e3b0291eb9d71022062a47fe4c8f81b4288ec5430719483f92f754087e9f1702a41e8a0df922c6d2d:922c64590222798bb761d5b6d8e72950