daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added confluence metadata and minor matcher updates (#3929)

patch-1
Sandeep Singh 2022-03-19 16:12:08 +05:30 committed by GitHub
parent bf8b545fed
commit ec2246ee22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2015/CVE-2015-8399.yaml
View File

@ -1,21 +1,25 @@
id: CVE-2015-8399 id: CVE-2015-8399
info: info:
author: princechaddha author: princechaddha
name: Atlassian Confluence configuration files read name: Atlassian Confluence configuration files read
severity: medium severity: medium
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
tags: cve,cve2015,atlassian,confluence
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4.30 cvss-score: 4.30
cve-id: CVE-2015-8399 cve-id: CVE-2015-8399
cwe-id: CWE-200 cwe-id: CWE-200
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: cve,cve2015,atlassian,confluence
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/spaces/viewdefaultdecorator.action?decoratorName" - "{{BaseURL}}/spaces/viewdefaultdecorator.action?decoratorName"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
@ -23,8 +27,8 @@ requests:
- 200 - 200
- type: word - type: word
part: body
words: words:
- "confluence-init.properties" - "confluence-init.properties"
- "View Default Decorator" - "View Default Decorator"
condition: and condition: and
part: body

2
cves/2018/CVE-2018-5230.yaml
View File

@ -12,6 +12,8 @@ info:
cvss-score: 6.10 cvss-score: 6.10
cve-id: CVE-2018-5230 cve-id: CVE-2018-5230
cwe-id: CWE-79 cwe-id: CWE-79
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: cve,cve2018,atlassian,confluence,xss tags: cve,cve2018,atlassian,confluence,xss
requests: requests:

4
cves/2019/CVE-2019-3396.yaml
View File

@ -5,12 +5,14 @@ info:
severity: critical severity: critical
description: The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. description: The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
reference: https://github.com/x-f1v3/CVE-2019-3396 reference: https://github.com/x-f1v3/CVE-2019-3396
tags: cve,cve2019,atlassian,confluence,lfi,rce
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80 cvss-score: 9.80
cve-id: CVE-2019-3396 cve-id: CVE-2019-3396
cwe-id: CWE-22 cwe-id: CWE-22
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: cve,cve2019,atlassian,confluence,lfi,rce
requests: requests:
- raw: - raw:

4
cves/2021/CVE-2021-26084.yaml
View File

@ -5,7 +5,6 @@ info:
severity: critical severity: critical
name: Confluence Server OGNL injection - RCE name: Confluence Server OGNL injection - RCE
description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
tags: cve,cve2021,rce,confluence,injection,ognl
reference: reference:
- https://jira.atlassian.com/browse/CONFSERVER-67940 - https://jira.atlassian.com/browse/CONFSERVER-67940
- https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084 - https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084
@ -16,6 +15,9 @@ info:
cvss-score: 9.80 cvss-score: 9.80
cve-id: CVE-2021-26084 cve-id: CVE-2021-26084
cwe-id: CWE-74 cwe-id: CWE-74
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: cve,cve2021,rce,confluence,injection,ognl
requests: requests:
- raw: - raw:

4
cves/2021/CVE-2021-26085.yaml
View File

@ -7,12 +7,14 @@ info:
reference: reference:
- https://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html - https://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-26085 - https://nvd.nist.gov/vuln/detail/CVE-2021-26085
tags: cve,cve2021,confluence,atlassian,lfi
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30 cvss-score: 5.30
cve-id: CVE-2021-26085 cve-id: CVE-2021-26085
cwe-id: CWE-862 cwe-id: CWE-862
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: cve,cve2021,confluence,atlassian,lfi
requests: requests:
- method: GET - method: GET

2
exposed-panels/servicedesk-login-panel.yaml
View File

@ -5,6 +5,8 @@ info:
author: aashiq author: aashiq
severity: info severity: info
description: Searches for ServiceDesk login panels by trying to query the "/servicedesk/customer/user/login" endpoint description: Searches for ServiceDesk login panels by trying to query the "/servicedesk/customer/user/login" endpoint
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: servicedesk,confluence,jira,panel,login tags: servicedesk,confluence,jira,panel,login
requests: requests:

16
technologies/confluence-detect.yaml
View File

@ -5,9 +5,10 @@ info:
author: philippedelteil author: philippedelteil
severity: info severity: info
description: Allows you to detect Atlassian Confluence instances description: Allows you to detect Atlassian Confluence instances
tags: tech,confluence,atlassian
metadata: metadata:
shodan-query: https://www.shodan.io/search?query=http.component%3A%22atlassian+confluence%22 shodan-query: http.component:"Atlassian Confluence"
tags: tech,confluence,atlassian
requests: requests:
- method: GET - method: GET
@ -19,19 +20,18 @@ requests:
redirects: true redirects: true
stop-at-first-match: true stop-at-first-match: true
matchers-condition: and matchers-condition: or
matchers: matchers:
- type: word - type: word
words:
- '-Confluence-'
- '-confluence-'
part: header part: header
condition: or words:
- '-confluence-'
case-insensitive: true
- type: word - type: word
part: body
words: words:
- 'confluence-base-url' - 'confluence-base-url'
part: body
extractors: extractors:
- type: regex - type: regex

17
vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml
View File

@ -8,14 +8,29 @@ info:
reference: reference:
- https://bitbucket.org/atlassian/confluence-business-blueprints/pull-requests/144/issue-60-conf-45342-ssrf-in-sharelinks - https://bitbucket.org/atlassian/confluence-business-blueprints/pull-requests/144/issue-60-conf-45342-ssrf-in-sharelinks
- https://github.com/assetnote/blind-ssrf-chains#confluence - https://github.com/assetnote/blind-ssrf-chains#confluence
tags: confluence,atlassian,ssrf,jira,oast metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: confluence,atlassian,ssrf,oast
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/rest/sharelinks/1.0/link?url=https://{{interactsh-url}}/' - '{{BaseURL}}/rest/sharelinks/1.0/link?url=https://{{interactsh-url}}/'
matchers-condition: and
matchers: matchers:
- type: word - type: word
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"
- type: word
part: body
words:
- "faviconURL"
- "domain"
condition: and
- type: status
status:
- 200