Adding tags to vulnerabilities and workflows

patch-1
sandeep 2021-02-12 11:23:01 +05:30
parent 16f23c84be
commit ec7a29957d
81 changed files with 106 additions and 35 deletions

View File

@ -4,6 +4,7 @@ info:
name: Basic CORS misconfiguration
author: nadino
severity: low
tags: cors
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Basic XSS Prober
author: nadino & geeknik
severity: low
tags: xss
# Basic XSS prober
# Manual testing needed for exploitation

View File

@ -5,6 +5,7 @@ info:
author: melbadry9 & nadino & xElkomy
severity: low
description: Improper sanitization of CRLF sequences.
tags: crlf
requests:
- method: GET

View File

@ -11,6 +11,7 @@ info:
severity: medium
# Description optionally describes the template.
description: Searches for reflected XSS in the server response via GET-requests.
tags: xss
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: melbadry9 & Elmahdi & @pxmme1337 & @Regala_ & @andirrahmani1 & geeknik
severity: low
description: A user-controlled input redirect users to an external website.
tags: redirect
requests:
- method: GET

View File

@ -4,8 +4,7 @@ info:
name: Eclipse Help System RXSS vulnerability
author: pikpikcu
severity: medium
# Source:- https://github.com/pikpikcu/nuclei-templates/blob/master/vulnerabilities/eclipse-xss.yaml
tags: ibm,xss
requests:
- method: GET

View File

@ -5,8 +5,8 @@ info:
author: Harsh Bothra
severity: medium
description: Directory traversal vulnerability on IBM InfoPrint 4247-Z03 Impact Matrix Printer.
# reference: https://www.exploit-db.com/exploits/47835
reference: https://www.exploit-db.com/exploits/47835
tags: ibm,lfi
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Jenkins panel async-people
author: nadino
severity: info
tags: jenkins
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: low
description: Module identified that the affected host is running an instance of Jenkins in debug mode, as a result stack traces are enabled.
reference: https://hackerone.com/reports/221833
tags: jenkins
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Unauthenticated Jenkin Dashboard
author: dhiyaneshDK
severity: high
tags: jenkins
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Jira Service Desk Signup
author: TechbrunchFR
severity: medium
tags: jira,atlassian
requests:
- method: POST

View File

@ -5,6 +5,7 @@ info:
author: madrobot
severity: high
description: Local file inclusion on Moodle.
tags: moodle,lfi
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: madrobot
severity: medium
description: Cross-site scripting on Moodle.
tags: moodle,xss
requests:
- method: GET

View File

@ -2,8 +2,9 @@ id: oracle-ebs-bispgrapgh-file-read
info:
name: Oracle EBS Bispgraph File Access
author: "@emenalf & @tirtha_mandal"
author: emenalf & tirtha_mandal
severity: critical
tags: moodle,lfi
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: medium
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
tags: lfi
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: ACME / Let's Encrypt Reflected XSS
author: pd-team
severity: low
tags: xss,acme
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: ASP-Nuke Open Redirect
author: pd-team
severity: low
tags: aspnuke,redirect
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Bullwark Momentum Series JAWS 1.0 - Directory Traversal
author: pikpikcu
severity: high
tags: bullwark,lfi
# Refrence:-https://www.exploit-db.com/exploits/47773
# Vendor Homepage: http://www.bullwark.net/

View File

@ -4,7 +4,7 @@ info:
name: Invalidate / Flush Cached Pages on AEM
author: hetroublemakr
severity: low
description: todo
tags: aem
# reference: https://twitter.com/AEMSecurity

View File

@ -5,6 +5,7 @@ info:
author: geeknik
severity: medium
description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
tags: xss,chamilo
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: organiccrap
severity: high
description: Requests made against CouchDB is done in the context of an admin user.
tags: couchdb
requests:
- method: GET

View File

@ -5,6 +5,7 @@ info:
author: madrobot
severity: medium
description: Cross-site scripting (XSS) on Discourse CMS
tags: xss,discourse
requests:
- method: GET
@ -15,7 +16,13 @@ requests:
- type: status
status:
- 200
- type: word
words:
- "<svg/onload=alert(1337)>"
part: body
- type: word
words:
- "text/html"
part: header

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: info
reference: https://xz.aliyun.com/t/2941
tags: dlink
requests:
- method: POST

View File

@ -5,6 +5,7 @@ info:
author: incogbyte
severity: medium
reference: https://cure53.de/pentest-report_keycloak.pdf
tags: keycloak,xss
requests:
- raw:

View File

@ -14,6 +14,7 @@ info:
References:
- https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
tags: mcafee,rce
requests:
- method: GET

View File

@ -4,7 +4,8 @@ info:
author: organiccrap
severity: high
description: Blind server-side request forgery vulnerability on MicroStrategy URL shortener.
# reference: https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
reference: https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
tags: microstrategy,ssrf
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Mida eFramework - Cross Site Scripting
author: pikpikcu
severity: medium
tags: mida,xss
requests:
- raw:
@ -23,4 +24,4 @@ requests:
- 200
- type: word
words:
- '"><script>javascript:alert(document.cookie)</script>'
- '"><script>javascript:alert(document.cookie)</script>'

View File

@ -4,7 +4,7 @@ info:
name: Nginx virtual host traffic status module XSS
author: madrobot
severity: medium
description: todo
tags: nginx,xss
requests:
- method: GET
@ -16,7 +16,13 @@ requests:
- type: status
status:
- 200
- type: word
words:
- "<script>alert(31337)</script>"
part: body
- type: word
words:
- "text/html"
part: header

View File

@ -4,6 +4,7 @@ info:
name: NUUO NVRmini2 3.0.8 - Remote Code Execution
author: berkdusunur
severity: critical
tags: rce
# Reference:-
# https://www.exploit-db.com/exploits/45070

View File

@ -4,7 +4,7 @@ info:
name: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie
author: madrobot
severity: high
description: todo
tags: ssti,rce
requests:
- method: GET

View File

@ -1,10 +1,10 @@
id: rce-user-agent-shell-shock
info:
name: Remote Code Execution Via (User-Agent)
author: 0xelkomy
severity: high
description: todo
name: Remote Code Execution Via (User-Agent)
author: 0xelkomy
severity: high
tags: shellshock,rce
requests:
- method: GET

View File

@ -3,7 +3,8 @@ info:
name: Java Deserialization [RCE]
author: uhnysh
severity: critical
description: todo
tags: java,rce
# This can only be used to detect the vuln, please make sure to run ysoserial over the URLs to verify.
requests:

View File

@ -4,6 +4,7 @@ info:
name: rConfig 3.9.5 - Remote Code Execution
author: dwisiswant0
severity: high
tags: rconfig,rce
# This template supports the user creation part only.
# To triggering an RCE, see references[2].

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: critical
reference: https://www.cnblogs.com/0day-li/p/13650452.html
tags: rce
requests:
- method: POST

View File

@ -1,13 +1,14 @@
id: sick-beard-xss
# Vendor Homepage: https://sickbeard.com/
# Software Link: https://github.com/midgetspy/Sick-Beard
# shodan dork: sickbeard
info:
name: Sick Beard XSS
author: pikpikcu
severity: medium
tags: xss
# Vendor Homepage: https://sickbeard.com/
# Software Link: https://github.com/midgetspy/Sick-Beard
# shodan dork: sickbeard
requests:
- method: GET

View File

@ -7,6 +7,7 @@ info:
reference: |
- https://twitter.com/chybeta/status/1353974652540882944
- https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
tags: shellshock,sonicwall,rce,vpn
requests:
- raw:

View File

@ -5,6 +5,7 @@ info:
author: Random-Robbie
severity: medium
description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal
tags: lfi
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Open Redirect vulnerability on thinkific websites
author: Gal Nagli
severity: Medium
tags: redirect
requests:

View File

@ -4,7 +4,7 @@ info:
name: Tiki Wiki CMS Groupware 5.2 Reflected Cross-site Scripting
author: madrobot
severity: medium
description: todo
tags: xss
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Twig PHP <2.4.4 template engine - SSTI
author: madrobot
severity: high
tags: php,ssti
requests:
- method: GET

View File

@ -4,9 +4,7 @@ info:
name: Vehicle Parking Management System 1.0 - Authentication Bypass
author: dwisiswant0
severity: high
# References:
# - https://www.exploit-db.com/exploits/48877
reference: https://www.exploit-db.com/exploits/48877
requests:
- raw:

View File

@ -4,6 +4,7 @@ info:
name: WEMS Enterprise Manager XSS
author: pikpikcu
severity: medium
tags: xss
# Source
# https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html

View File

@ -9,6 +9,7 @@ info:
A general document of UFIDA ERP-NC contains a vulnerability
(affecting a large number of well-known school government and enterprise cases
such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo)
tags: lfi
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Apache Yarn ResourceManager RCE
author: pd-team
severity: low
tags: apache,rce
requests:
- method: POST

View File

@ -4,9 +4,7 @@ info:
name: Zoo Management System 1.0 - Authentication Bypass
author: dwisiswant0
severity: high
# References:
# - https://www.exploit-db.com/exploits/48880
refernce: https://www.exploit-db.com/exploits/48880
requests:
- raw:

View File

@ -4,6 +4,7 @@ info:
author: 'ooooooo_q (Original finder), Rahul and Harsh (Template author)'
severity: medium
reference: https://hackerone.com/reports/904059
tags: rails,xss
# XSS (6.0.0 < rails < 6.0.3.2); Payload is location=%0djavascript:alert(1);
# Nuclei has issues with 302 response missing a Location header thus the

View File

@ -5,6 +5,7 @@ info:
author: dwisiswant0
severity: high
description: todo
tags: springboot,jolokia,xxe
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Spring Boot H2 Database RCE
author: dwisiswant0
severity: critical
tags: springboot,rce
# Payload taken from @pyn3rd (Twitter), see reference[2].

View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: critical
reference: https://www.freebuf.com/vuls/217586.html
tags: thinkcmf,lfi
tags: thinkcmf,rce
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: critical
description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce
tags: thinkphp,rce
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: critical
description: Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default).
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
tags: thinkphp,rce
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: critical
description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce
tags: thinkphp,rce
requests:
- method: POST

View File

@ -6,6 +6,7 @@ info:
severity: critical
description: Verbose SQL error message reveals sensitive information including database credentials.
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
tags: thinkphp
requests:
- method: GET

View File

@ -4,6 +4,7 @@ info:
name: Vmware Vcenter LFI for Linux appliances
author: PR3R00T
severity: high
tags: vmware,lfi
requests:
- method: GET

View File

@ -4,6 +4,8 @@ info:
name: VMware vCenter Unauthenticated Arbitrary File Read
author: dwisiswant0
severity: high
reference: https://kb.vmware.com/s/article/7960893
tags: vmware,lfi
# Reference:-
# https://twitter.com/ptswarm/status/1316016337550938122

View File

@ -5,7 +5,7 @@ info:
author: PR3R00T
severity: high
reference: "https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/"
tags: wordpress,wp-pluing
tags: wordpress,plugin
requests:
- method: GET

View File

@ -5,7 +5,7 @@ info:
author: Random-Robbie
severity: medium
description: Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS)
tags: wordpress,wp-pluing
tags: wordpress,plugin
requests:
- method: GET
path:

View File

@ -3,7 +3,7 @@ info:
name: Wordpress W3C Total Cache SSRF <= 0.9.4
author: random-robbie
severity: medium
tags: wordpress,wp-pluing
tags: wordpress,plugin
# Reference
# https://wpvulndb.com/vulnerabilities/8644

View File

@ -3,7 +3,7 @@ info:
name: wordpress-emails-verification-for-woocommerce
author: random-robbie
severity: critical
tags: wordpress,wp-pluing
tags: wordpress,plugin
# Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass
# https://wpvulndb.com/vulnerabilities/10318

View File

@ -4,7 +4,7 @@ info:
name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
author: randomrobbie
severity: medium
tags: wordpress,wp-pluing
tags: wordpress,plugin
requests:
- method: GET

View File

@ -4,7 +4,7 @@ info:
name: WordPress ThemeMarkers DB Migration File
author: dwisiswant0
severity: info
tags: wordpress,wp-pluing,backups
tags: wordpress,plugin,backups
requests:
- method: GET

View File

@ -4,7 +4,7 @@ info:
name: WordPress Wordfence 7.4.6 Cross Site Scripting
author: madrobot
severity: medium
tags: wordpress,wp-pluing,xss
tags: wordpress,plugin,xss
requests:
- method: GET

View File

@ -5,7 +5,7 @@ info:
author: dwisiswant0
severity: high
description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials
tags: wordpress,wp-pluing
tags: wordpress,plugin
# References:
# - [1] https://www.exploit-db.com/exploits/48910

View File

@ -4,6 +4,7 @@ info:
name: Artica Web Proxy Security Checks
author: dwisiswant0 & pdteam
description: A simple workflow that runs all Artica Web Proxy related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: F5 BIG-IP Security Checks
author: dwisiswant0
description: A simple workflow that runs all Bigip related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Cisco ASA Security Checks
author: flag007
description: A simple workflow that runs all Cisco related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Grafana Security Checks
author: pdteam
description: A simple workflow that runs all Grafana related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Jira Security Checks
author: micha3lb3n
description: A simple workflow that runs all Jira related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Liferay Security Checks
author: dwisiswant0
description: A simple workflow that runs all liferay related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Lotus Domino Security Checks
author: CasperGN
description: A simple workflow that runs all Lotus Domino related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: MAGMI Security Checks
author: dwisiswant0
description: A simple workflow that runs all MAGMI related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Mida eFramework Security Checks
author: CasperGN
description: A simple workflow that runs all Mida eFramework related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Netsweeper Security Checks
author: dwisiswant0
description: A simple workflow that runs all netsweeper related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: RabbitMQ Security Checks
author: fyoorer
description: A simple workflow that runs all rabbitmq related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: SAP NetWaver Security Checks
author: dwisiswant0
description: A simple workflow that runs all SAP NetWaver related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: SolarWinds Orion Security Checks
author: dwisiswant0
description: A simple workflow that runs all SolarWinds Orion related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -4,6 +4,7 @@ info:
name: Springboot Security Checks
author: dwisiswant0
description: A simple workflow that runs all springboot related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -3,6 +3,7 @@ info:
name: ThinkPHP Security Checks
author: dr_set
description: A simple workflow that runs all ThinkPHP related nuclei templates on a given target.
tags: workflow
workflows:

View File

@ -4,6 +4,7 @@ info:
name: vBulletin Security Checks
author: pdteam
description: A simple workflow that runs all vBulletin related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.

View File

@ -3,6 +3,7 @@ info:
name: WebLogic Security Checks
author: dr_set
description: A simple workflow that runs all WebLogic related nuclei templates on a given target.
tags: workflow
workflows:

View File

@ -3,6 +3,7 @@ info:
name: Wordpress Security Checks
author: kiblyn11 & zomsop82
description: A simple workflow that runs all wordpress related nuclei templates on a given target.
tags: workflow
# Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
# Old workflows still remains valid, and will be working with all nuclei versions.