From f18404302aeff8fda8a4a4d85e6d19e41552d9e7 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Mon, 28 Feb 2022 09:09:26 -0500 Subject: [PATCH] Dashboard Text Enhancement (#3798) Dashboard text enhancements --- cves/2010/CVE-2010-1657.yaml | 5 ++--- cves/2010/CVE-2010-1658.yaml | 6 ++++-- cves/2014/CVE-2014-9094.yaml | 4 +--- cves/2016/CVE-2016-3978.yaml | 2 +- cves/2019/CVE-2019-2767.yaml | 2 +- cves/2021/CVE-2021-41653.yaml | 8 ++++++-- cves/2021/CVE-2021-41773.yaml | 6 +++++- cves/2021/CVE-2021-41826.yaml | 4 +++- cves/2021/CVE-2021-41878.yaml | 7 +++++-- cves/2021/CVE-2021-41951.yaml | 8 +++++--- cves/2021/CVE-2021-42013.yaml | 6 +++++- cves/2021/CVE-2021-42237.yaml | 2 ++ cves/2021/CVE-2021-42258.yaml | 14 +++++--------- cves/2021/CVE-2021-42551.yaml | 8 +++++--- cves/2021/CVE-2021-42565.yaml | 8 +++++--- default-logins/grafana/grafana-default-login.yaml | 6 +++--- default-logins/szhe/szhe-default-login.yaml | 2 +- exposures/backups/sql-dump.yaml | 2 +- exposures/backups/zip-backup-files.yaml | 4 ++-- file/perl/perl-scanner.yaml | 10 +++++----- fuzzing/mdb-database-file.yaml | 4 ++-- network/exposed-adb.yaml | 2 +- network/tidb-unauth.yaml | 2 +- technologies/apache/default-apache-test-all.yaml | 6 +++--- technologies/dell/dell-idrac9-detect.yaml | 2 +- technologies/liferay-portal-detect.yaml | 2 +- vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml | 2 +- .../wordpress/wp-xmlrpc-brute-force.yaml | 2 +- workflows/sap-netweaver-workflow.yaml | 2 +- 29 files changed, 79 insertions(+), 59 deletions(-) diff --git a/cves/2010/CVE-2010-1657.yaml b/cves/2010/CVE-2010-1657.yaml index 2ce660eabc..2472ae48f9 100644 --- a/cves/2010/CVE-2010-1657.yaml +++ b/cves/2010/CVE-2010-1657.yaml @@ -5,10 +5,9 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: + - https://nvd.nist.gov/vuln/detail/CVE-2010-1657 - https://www.exploit-db.com/exploits/12428 - - https://www.cvedetails.com/cve/CVE-2010-1657 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1657 @@ -26,4 +25,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/02/15 +# Enhanced by mp on 2022/02/27 diff --git a/cves/2010/CVE-2010-1658.yaml b/cves/2010/CVE-2010-1658.yaml index c8fe3f3d38..df10c280f5 100644 --- a/cves/2010/CVE-2010-1658.yaml +++ b/cves/2010/CVE-2010-1658.yaml @@ -1,16 +1,17 @@ id: CVE-2010-1658 + info: name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion author: daffainfo severity: high description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: - https://www.exploit-db.com/exploits/12427 - https://www.cvedetails.com/cve/CVE-2010-1658 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1658 + requests: - method: GET path: @@ -23,4 +24,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2014/CVE-2014-9094.yaml b/cves/2014/CVE-2014-9094.yaml index b0bad411a2..98d9373559 100644 --- a/cves/2014/CVE-2014-9094.yaml +++ b/cves/2014/CVE-2014-9094.yaml @@ -30,6 +30,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/02/25 - -# Enhanced by mp on 2022/02/25 +# Enhanced by mp on 2022/02/25 \ No newline at end of file diff --git a/cves/2016/CVE-2016-3978.yaml b/cves/2016/CVE-2016-3978.yaml index b687bb4948..ac3ab10ad8 100644 --- a/cves/2016/CVE-2016-3978.yaml +++ b/cves/2016/CVE-2016-3978.yaml @@ -24,4 +24,4 @@ requests: - type: regex part: header regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/cves/2019/CVE-2019-2767.yaml b/cves/2019/CVE-2019-2767.yaml index bf1dcb703f..7c4aecc5d7 100644 --- a/cves/2019/CVE-2019-2767.yaml +++ b/cves/2019/CVE-2019-2767.yaml @@ -22,6 +22,6 @@ requests: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/cves/2021/CVE-2021-41653.yaml b/cves/2021/CVE-2021-41653.yaml index 4626e4d030..a844f91c3b 100644 --- a/cves/2021/CVE-2021-41653.yaml +++ b/cves/2021/CVE-2021-41653.yaml @@ -2,12 +2,14 @@ id: CVE-2021-41653 info: name: TP-Link - OS Command Injection - description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. + description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. author: gy741 severity: critical + remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109". reference: - https://k4m1ll0.com/cve-2021-41653.html - https://nvd.nist.gov/vuln/detail/CVE-2021-41653 + - https://www.tp-link.com/us/press/security-advisory/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 @@ -43,6 +45,8 @@ requests: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-41773.yaml b/cves/2021/CVE-2021-41773.yaml index d7798f2871..ca025aed29 100644 --- a/cves/2021/CVE-2021-41773.yaml +++ b/cves/2021/CVE-2021-41773.yaml @@ -4,10 +4,12 @@ info: name: Apache 2.4.49 - Path Traversal and Remote Code Execution author: daffainfo severity: high - description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. + description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. + remediation: Update to Apache HTTP Server 2.4.50 or later. reference: - https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782 - https://nvd.nist.gov/vuln/detail/CVE-2021-41773 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773 - https://twitter.com/ptswarm/status/1445376079548624899 - https://twitter.com/h4x0r_dz/status/1445401960371429381 - https://github.com/blasty/CVE-2021-41773 @@ -45,3 +47,5 @@ requests: name: RCE words: - "CVE-2021-41773-POC" + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-41826.yaml b/cves/2021/CVE-2021-41826.yaml index 57515b20ba..0e89373c03 100644 --- a/cves/2021/CVE-2021-41826.yaml +++ b/cves/2021/CVE-2021-41826.yaml @@ -4,7 +4,7 @@ info: name: PlaceOS 1.2109.1 - Open Redirection author: geeknik severity: medium - description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect + description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. reference: - https://github.com/PlaceOS/auth/issues/36 - https://www.exploit-db.com/exploits/50359 @@ -34,3 +34,5 @@ requests: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-41878.yaml b/cves/2021/CVE-2021-41878.yaml index 4357fbd281..764882fe07 100644 --- a/cves/2021/CVE-2021-41878.yaml +++ b/cves/2021/CVE-2021-41878.yaml @@ -1,11 +1,12 @@ id: CVE-2021-41878 info: - name: i-Panel Administration System - Reflected XSS + name: i-Panel Administration System - Reflected Cross-Site Scripting author: madrobot severity: medium - description: A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console. + description: A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console. reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-41878 - https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41878 classification: @@ -35,3 +36,5 @@ requests: words: - "text/html" part: header + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-41951.yaml b/cves/2021/CVE-2021-41951.yaml index 51524974c6..719201d247 100644 --- a/cves/2021/CVE-2021-41951.yaml +++ b/cves/2021/CVE-2021-41951.yaml @@ -1,9 +1,9 @@ id: CVE-2021-41951 info: - name: Resourcespace - Reflected XSS + name: Resourcespace - Reflected Cross-Site Scripting author: coldfish - description: ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. + description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. severity: medium tags: cve,cve2021,xss,resourcespace reference: @@ -33,4 +33,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-42013.yaml b/cves/2021/CVE-2021-42013.yaml index 775d9e90d0..4e89aac1a4 100644 --- a/cves/2021/CVE-2021-42013.yaml +++ b/cves/2021/CVE-2021-42013.yaml @@ -4,8 +4,10 @@ info: name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution author: nvn1729,0xd0ff9 severity: critical - description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. + description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. + remediation: Upgrade to Apache HTTP Server 2.4.51 or later. reference: + - https://httpd.apache.org/security/vulnerabilities_24.html - https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d - https://nvd.nist.gov/vuln/detail/CVE-2021-42013 - https://twitter.com/itsecurityco/status/1446136957117943815 @@ -44,3 +46,5 @@ requests: name: RCE words: - "CVE-2021-42013" + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-42237.yaml b/cves/2021/CVE-2021-42237.yaml index 747e489ffb..dc40a328d6 100644 --- a/cves/2021/CVE-2021-42237.yaml +++ b/cves/2021/CVE-2021-42237.yaml @@ -119,3 +119,5 @@ requests: - "System.ArgumentNullException" # Enhanced by mp on 2022/02/08 + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml index fa314b25b7..1825eafec5 100644 --- a/cves/2021/CVE-2021-42258.yaml +++ b/cves/2021/CVE-2021-42258.yaml @@ -1,17 +1,11 @@ id: CVE-2021-42258 info: - name: BillQuick Web Suite SQLi + name: BillQuick Web Suite SQL Injection author: dwisiswant0 severity: critical tags: cve,cve2021,sqli,billquick - description: | - BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 - allows SQL injection for unauthenticated remote code execution, - as exploited in the wild in October 2021 for ransomware installation. - SQL injection can, for example, use the txtID (aka username) parameter. - Successful exploitation can include the ability to execute - arbitrary code as MSSQLSERVER$ via xp_cmdshell. + description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. reference: - https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware - https://nvd.nist.gov/vuln/detail/CVE-2021-42258 @@ -34,7 +28,7 @@ requests: Origin: {{RootURL}} Content-Type: application/x-www-form-urlencoded - __EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96 + __EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96 cookie-reuse: true extractors: @@ -67,3 +61,5 @@ requests: - "System.Data.SqlClient.SqlException" - "Incorrect syntax near" - "_ACCOUNTLOCKED" + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-42551.yaml b/cves/2021/CVE-2021-42551.yaml index 1ff4111fde..6d5262e966 100644 --- a/cves/2021/CVE-2021-42551.yaml +++ b/cves/2021/CVE-2021-42551.yaml @@ -1,13 +1,13 @@ id: CVE-2021-42551 info: - name: NetBiblio WebOPAC - Reflected XSS + name: NetBiblio WebOPAC - Reflected Cross-Site Scripting author: compr00t severity: medium - description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected Cross-Site Scripting vulnerability in its Wikipedia modul through /NetBiblio/search/shortview via the searchTerm parameter. + description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia modul through /NetBiblio/search/shortview via the searchTerm parameter. reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-42551 - https://www.redguard.ch/advisories/netbiblio_webopac.txt - - https://www.cve.org/CVERecord?id=CVE-2021-42551 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 @@ -45,3 +45,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/02/27 diff --git a/cves/2021/CVE-2021-42565.yaml b/cves/2021/CVE-2021-42565.yaml index cf0a4645f8..f860c4f25f 100644 --- a/cves/2021/CVE-2021-42565.yaml +++ b/cves/2021/CVE-2021-42565.yaml @@ -2,11 +2,11 @@ id: CVE-2021-42565 info: author: madrobot - name: myfactory FMS - Reflected XSS + name: myfactory FMS - Reflected Cross-Site Scripting severity: medium - description: myfactory.FMS before 7.1-912 allows XSS via the UID parameter. + description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42565 - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N @@ -37,3 +37,5 @@ requests: part: header words: - "text/html" + +# Enhanced by mp on 2022/02/27 diff --git a/default-logins/grafana/grafana-default-login.yaml b/default-logins/grafana/grafana-default-login.yaml index 125010431f..9e8c850386 100644 --- a/default-logins/grafana/grafana-default-login.yaml +++ b/default-logins/grafana/grafana-default-login.yaml @@ -35,14 +35,14 @@ requests: matchers: - type: word words: - - "grafana_session" # Login cookie + - "grafana_session" # Login cookie part: header - type: word part: body words: - - "Logged in" # Logged in keyword + - "Logged in" # Logged in keyword - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/default-logins/szhe/szhe-default-login.yaml b/default-logins/szhe/szhe-default-login.yaml index cb6a6fe9b0..b9e4f49a25 100644 --- a/default-logins/szhe/szhe-default-login.yaml +++ b/default-logins/szhe/szhe-default-login.yaml @@ -6,7 +6,7 @@ info: severity: low tags: szhe,default-login reference: - - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage + - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage requests: - raw: diff --git a/exposures/backups/sql-dump.yaml b/exposures/backups/sql-dump.yaml index 0bf0d2bcb0..226bda68c0 100644 --- a/exposures/backups/sql-dump.yaml +++ b/exposures/backups/sql-dump.yaml @@ -31,7 +31,7 @@ requests: headers: Range: "bytes=0-3000" - max-size: 2000 # Size in bytes - Max Size to read from server response + max-size: 2000 # Size in bytes - Max Size to read from server response matchers-condition: and matchers: - type: regex diff --git a/exposures/backups/zip-backup-files.yaml b/exposures/backups/zip-backup-files.yaml index 861819c397..446d79b842 100644 --- a/exposures/backups/zip-backup-files.yaml +++ b/exposures/backups/zip-backup-files.yaml @@ -40,7 +40,7 @@ requests: - "sql.z" - "sql.tar.z" - max-size: 500 # Size in bytes - Max Size to read from server response + max-size: 500 # Size in bytes - Max Size to read from server response matchers-condition: and matchers: - type: binary @@ -66,4 +66,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/file/perl/perl-scanner.yaml b/file/perl/perl-scanner.yaml index f8e2be786c..0f9d282237 100644 --- a/file/perl/perl-scanner.yaml +++ b/file/perl/perl-scanner.yaml @@ -8,11 +8,11 @@ info: file: - extensions: - - pl # default - - perl # uncommon - - pod # plain old documentation - - pm # perl module - - cgi # common gateway interface + - pl # default + - perl # uncommon + - pod # plain old documentation + - pm # perl module + - cgi # common gateway interface extractors: - type: regex diff --git a/fuzzing/mdb-database-file.yaml b/fuzzing/mdb-database-file.yaml index 4eab49564e..70cff42bd5 100644 --- a/fuzzing/mdb-database-file.yaml +++ b/fuzzing/mdb-database-file.yaml @@ -19,7 +19,7 @@ requests: mdbPaths: helpers/wordlists/mdb-paths.txt threads: 50 - max-size: 500 # Size in bytes - Max Size to read from server response + max-size: 500 # Size in bytes - Max Size to read from server response stop-at-first-match: true matchers-condition: and matchers: @@ -35,4 +35,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/network/exposed-adb.yaml b/network/exposed-adb.yaml index 077647eb7e..e6bc9d3afe 100644 --- a/network/exposed-adb.yaml +++ b/network/exposed-adb.yaml @@ -9,7 +9,7 @@ info: network: - inputs: - - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint + - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint type: hex - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" diff --git a/network/tidb-unauth.yaml b/network/tidb-unauth.yaml index b12e481689..d556c31a53 100644 --- a/network/tidb-unauth.yaml +++ b/network/tidb-unauth.yaml @@ -11,7 +11,7 @@ info: network: - inputs: - read: 1024 # skip handshake packet - - data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication + - data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication type: hex host: diff --git a/technologies/apache/default-apache-test-all.yaml b/technologies/apache/default-apache-test-all.yaml index 4004d97de2..ce2216bbb0 100644 --- a/technologies/apache/default-apache-test-all.yaml +++ b/technologies/apache/default-apache-test-all.yaml @@ -15,8 +15,8 @@ requests: - '{{BaseURL}}' matchers: - - type: regex # type of the extractor - part: body # part of the response (header,body,all) + - type: regex # type of the extractor + part: body # part of the response (header,body,all) condition: or regex: - ".*?Apache(|\\d+) .*?(Default|Test).*?" @@ -26,4 +26,4 @@ requests: - type: kval part: header kval: - - server \ No newline at end of file + - server diff --git a/technologies/dell/dell-idrac9-detect.yaml b/technologies/dell/dell-idrac9-detect.yaml index f339b04905..f6c4427914 100644 --- a/technologies/dell/dell-idrac9-detect.yaml +++ b/technologies/dell/dell-idrac9-detect.yaml @@ -10,7 +10,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9) + - "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9) matchers-condition: and matchers: diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml index 2a8de63c94..16c2ae299c 100644 --- a/technologies/liferay-portal-detect.yaml +++ b/technologies/liferay-portal-detect.yaml @@ -4,7 +4,7 @@ info: name: Liferay Portal Detection author: organiccrap,dwisiswant0 severity: info - reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE + reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE tags: tech,liferay requests: diff --git a/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml b/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml index dacfc7651f..9d8f702828 100644 --- a/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml +++ b/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml @@ -28,7 +28,7 @@ requests: - type: regex part: interactsh_request regex: - - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable extractors: - type: regex diff --git a/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml b/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml index ee80efb91c..cb27f780b4 100644 --- a/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml +++ b/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml @@ -4,7 +4,7 @@ info: name: Wordpress XMLRPC.php username and password Bruteforcer author: Exid severity: high - description: Ths template bruteforces username and passwords through xmlrpc.php being available. + description: This template bruteforces username and passwords through xmlrpc.php being available. reference: - https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ diff --git a/workflows/sap-netweaver-workflow.yaml b/workflows/sap-netweaver-workflow.yaml index 7b86e45fcb..ee59899e14 100644 --- a/workflows/sap-netweaver-workflow.yaml +++ b/workflows/sap-netweaver-workflow.yaml @@ -17,6 +17,6 @@ workflows: - template: exposed-panels/sap-hana-xsengine-panel.yaml - template: misconfiguration/sap/ - - template: network/sap-router.yaml # Network Templates + - template: network/sap-router.yaml # Network Templates subtemplates: - template: network/sap-router-info-leak.yaml