Dashboard Text Enhancement (#3798)

Dashboard text enhancements
patch-1
MostInterestingBotInTheWorld 2022-02-28 09:09:26 -05:00 committed by GitHub
parent 7cd7940f8e
commit f18404302a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 79 additions and 59 deletions

View File

@ -5,10 +5,9 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2010-1657
- https://www.exploit-db.com/exploits/12428 - https://www.exploit-db.com/exploits/12428
- https://www.cvedetails.com/cve/CVE-2010-1657
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi
classification: classification:
cve-id: CVE-2010-1657 cve-id: CVE-2010-1657
@ -26,4 +25,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by mp on 2022/02/15 # Enhanced by mp on 2022/02/27

View File

@ -1,16 +1,17 @@
id: CVE-2010-1658 id: CVE-2010-1658
info: info:
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference: reference:
- https://www.exploit-db.com/exploits/12427 - https://www.exploit-db.com/exploits/12427
- https://www.cvedetails.com/cve/CVE-2010-1658 - https://www.cvedetails.com/cve/CVE-2010-1658
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi
classification: classification:
cve-id: CVE-2010-1658 cve-id: CVE-2010-1658
requests: requests:
- method: GET - method: GET
path: path:
@ -23,4 +24,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/02/27

View File

@ -31,5 +31,3 @@ requests:
- 200 - 200
# Enhanced by mp on 2022/02/25 # Enhanced by mp on 2022/02/25
# Enhanced by mp on 2022/02/25

View File

@ -24,4 +24,4 @@ requests:
- type: regex - type: regex
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

View File

@ -22,6 +22,6 @@ requests:
matchers: matchers:
- type: word - type: word
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"

View File

@ -2,12 +2,14 @@ id: CVE-2021-41653
info: info:
name: TP-Link - OS Command Injection name: TP-Link - OS Command Injection
description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.
author: gy741 author: gy741
severity: critical severity: critical
remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109".
reference: reference:
- https://k4m1ll0.com/cve-2021-41653.html - https://k4m1ll0.com/cve-2021-41653.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653 - https://nvd.nist.gov/vuln/detail/CVE-2021-41653
- https://www.tp-link.com/us/press/security-advisory/
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80 cvss-score: 9.80
@ -43,6 +45,8 @@ requests:
matchers: matchers:
- type: word - type: word
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"
# Enhanced by mp on 2022/02/27

View File

@ -4,10 +4,12 @@ info:
name: Apache 2.4.49 - Path Traversal and Remote Code Execution name: Apache 2.4.49 - Path Traversal and Remote Code Execution
author: daffainfo author: daffainfo
severity: high severity: high
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
remediation: Update to Apache HTTP Server 2.4.50 or later.
reference: reference:
- https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782 - https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773 - https://nvd.nist.gov/vuln/detail/CVE-2021-41773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
- https://twitter.com/ptswarm/status/1445376079548624899 - https://twitter.com/ptswarm/status/1445376079548624899
- https://twitter.com/h4x0r_dz/status/1445401960371429381 - https://twitter.com/h4x0r_dz/status/1445401960371429381
- https://github.com/blasty/CVE-2021-41773 - https://github.com/blasty/CVE-2021-41773
@ -45,3 +47,5 @@ requests:
name: RCE name: RCE
words: words:
- "CVE-2021-41773-POC" - "CVE-2021-41773-POC"
# Enhanced by mp on 2022/02/27

View File

@ -4,7 +4,7 @@ info:
name: PlaceOS 1.2109.1 - Open Redirection name: PlaceOS 1.2109.1 - Open Redirection
author: geeknik author: geeknik
severity: medium severity: medium
description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
reference: reference:
- https://github.com/PlaceOS/auth/issues/36 - https://github.com/PlaceOS/auth/issues/36
- https://www.exploit-db.com/exploits/50359 - https://www.exploit-db.com/exploits/50359
@ -34,3 +34,5 @@ requests:
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
# Enhanced by mp on 2022/02/27

View File

@ -1,11 +1,12 @@
id: CVE-2021-41878 id: CVE-2021-41878
info: info:
name: i-Panel Administration System - Reflected XSS name: i-Panel Administration System - Reflected Cross-Site Scripting
author: madrobot author: madrobot
severity: medium severity: medium
description: A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console. description: A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-41878
- https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html - https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41878 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41878
classification: classification:
@ -35,3 +36,5 @@ requests:
words: words:
- "text/html" - "text/html"
part: header part: header
# Enhanced by mp on 2022/02/27

View File

@ -1,9 +1,9 @@
id: CVE-2021-41951 id: CVE-2021-41951
info: info:
name: Resourcespace - Reflected XSS name: Resourcespace - Reflected Cross-Site Scripting
author: coldfish author: coldfish
description: ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.
severity: medium severity: medium
tags: cve,cve2021,xss,resourcespace tags: cve,cve2021,xss,resourcespace
reference: reference:
@ -34,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/02/27

View File

@ -4,8 +4,10 @@ info:
name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
author: nvn1729,0xd0ff9 author: nvn1729,0xd0ff9
severity: critical severity: critical
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773.
remediation: Upgrade to Apache HTTP Server 2.4.51 or later.
reference: reference:
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d - https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d
- https://nvd.nist.gov/vuln/detail/CVE-2021-42013 - https://nvd.nist.gov/vuln/detail/CVE-2021-42013
- https://twitter.com/itsecurityco/status/1446136957117943815 - https://twitter.com/itsecurityco/status/1446136957117943815
@ -44,3 +46,5 @@ requests:
name: RCE name: RCE
words: words:
- "CVE-2021-42013" - "CVE-2021-42013"
# Enhanced by mp on 2022/02/27

View File

@ -119,3 +119,5 @@ requests:
- "System.ArgumentNullException" - "System.ArgumentNullException"
# Enhanced by mp on 2022/02/08 # Enhanced by mp on 2022/02/08
# Enhanced by mp on 2022/02/27

View File

@ -1,17 +1,11 @@
id: CVE-2021-42258 id: CVE-2021-42258
info: info:
name: BillQuick Web Suite SQLi name: BillQuick Web Suite SQL Injection
author: dwisiswant0 author: dwisiswant0
severity: critical severity: critical
tags: cve,cve2021,sqli,billquick tags: cve,cve2021,sqli,billquick
description: | description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1
allows SQL injection for unauthenticated remote code execution,
as exploited in the wild in October 2021 for ransomware installation.
SQL injection can, for example, use the txtID (aka username) parameter.
Successful exploitation can include the ability to execute
arbitrary code as MSSQLSERVER$ via xp_cmdshell.
reference: reference:
- https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware - https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
- https://nvd.nist.gov/vuln/detail/CVE-2021-42258 - https://nvd.nist.gov/vuln/detail/CVE-2021-42258
@ -34,7 +28,7 @@ requests:
Origin: {{RootURL}} Origin: {{RootURL}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
__EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96 __EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96
cookie-reuse: true cookie-reuse: true
extractors: extractors:
@ -67,3 +61,5 @@ requests:
- "System.Data.SqlClient.SqlException" - "System.Data.SqlClient.SqlException"
- "Incorrect syntax near" - "Incorrect syntax near"
- "_ACCOUNTLOCKED" - "_ACCOUNTLOCKED"
# Enhanced by mp on 2022/02/27

View File

@ -1,13 +1,13 @@
id: CVE-2021-42551 id: CVE-2021-42551
info: info:
name: NetBiblio WebOPAC - Reflected XSS name: NetBiblio WebOPAC - Reflected Cross-Site Scripting
author: compr00t author: compr00t
severity: medium severity: medium
description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected Cross-Site Scripting vulnerability in its Wikipedia modul through /NetBiblio/search/shortview via the searchTerm parameter. description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia modul through /NetBiblio/search/shortview via the searchTerm parameter.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-42551
- https://www.redguard.ch/advisories/netbiblio_webopac.txt - https://www.redguard.ch/advisories/netbiblio_webopac.txt
- https://www.cve.org/CVERecord?id=CVE-2021-42551
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10 cvss-score: 6.10
@ -45,3 +45,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/02/27

View File

@ -2,11 +2,11 @@ id: CVE-2021-42565
info: info:
author: madrobot author: madrobot
name: myfactory FMS - Reflected XSS name: myfactory FMS - Reflected Cross-Site Scripting
severity: medium severity: medium
description: myfactory.FMS before 7.1-912 allows XSS via the UID parameter. description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter.
reference: reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 - https://nvd.nist.gov/vuln/detail/CVE-2021-42565
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -37,3 +37,5 @@ requests:
part: header part: header
words: words:
- "text/html" - "text/html"
# Enhanced by mp on 2022/02/27

View File

@ -35,13 +35,13 @@ requests:
matchers: matchers:
- type: word - type: word
words: words:
- "grafana_session" # Login cookie - "grafana_session" # Login cookie
part: header part: header
- type: word - type: word
part: body part: body
words: words:
- "Logged in" # Logged in keyword - "Logged in" # Logged in keyword
- type: status - type: status
status: status:

View File

@ -6,7 +6,7 @@ info:
severity: low severity: low
tags: szhe,default-login tags: szhe,default-login
reference: reference:
- https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
requests: requests:
- raw: - raw:

View File

@ -31,7 +31,7 @@ requests:
headers: headers:
Range: "bytes=0-3000" Range: "bytes=0-3000"
max-size: 2000 # Size in bytes - Max Size to read from server response max-size: 2000 # Size in bytes - Max Size to read from server response
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex

View File

@ -40,7 +40,7 @@ requests:
- "sql.z" - "sql.z"
- "sql.tar.z" - "sql.tar.z"
max-size: 500 # Size in bytes - Max Size to read from server response max-size: 500 # Size in bytes - Max Size to read from server response
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: binary - type: binary

View File

@ -8,11 +8,11 @@ info:
file: file:
- extensions: - extensions:
- pl # default - pl # default
- perl # uncommon - perl # uncommon
- pod # plain old documentation - pod # plain old documentation
- pm # perl module - pm # perl module
- cgi # common gateway interface - cgi # common gateway interface
extractors: extractors:
- type: regex - type: regex

View File

@ -19,7 +19,7 @@ requests:
mdbPaths: helpers/wordlists/mdb-paths.txt mdbPaths: helpers/wordlists/mdb-paths.txt
threads: 50 threads: 50
max-size: 500 # Size in bytes - Max Size to read from server response max-size: 500 # Size in bytes - Max Size to read from server response
stop-at-first-match: true stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -9,7 +9,7 @@ info:
network: network:
- inputs: - inputs:
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint
type: hex type: hex
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73"

View File

@ -11,7 +11,7 @@ info:
network: network:
- inputs: - inputs:
- read: 1024 # skip handshake packet - read: 1024 # skip handshake packet
- data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication - data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication
type: hex type: hex
host: host:

View File

@ -15,8 +15,8 @@ requests:
- '{{BaseURL}}' - '{{BaseURL}}'
matchers: matchers:
- type: regex # type of the extractor - type: regex # type of the extractor
part: body # part of the response (header,body,all) part: body # part of the response (header,body,all)
condition: or condition: or
regex: regex:
- "<title>.*?Apache(|\\d+) .*?(Default|Test).*?</title>" - "<title>.*?Apache(|\\d+) .*?(Default|Test).*?</title>"

View File

@ -10,7 +10,7 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9) - "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -4,7 +4,7 @@ info:
name: Liferay Portal Detection name: Liferay Portal Detection
author: organiccrap,dwisiswant0 author: organiccrap,dwisiswant0
severity: info severity: info
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
tags: tech,liferay tags: tech,liferay
requests: requests:

View File

@ -28,7 +28,7 @@ requests:
- type: regex - type: regex
part: interactsh_request part: interactsh_request
regex: regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
extractors: extractors:
- type: regex - type: regex

View File

@ -4,7 +4,7 @@ info:
name: Wordpress XMLRPC.php username and password Bruteforcer name: Wordpress XMLRPC.php username and password Bruteforcer
author: Exid author: Exid
severity: high severity: high
description: Ths template bruteforces username and passwords through xmlrpc.php being available. description: This template bruteforces username and passwords through xmlrpc.php being available.
reference: reference:
- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c - https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/

View File

@ -17,6 +17,6 @@ workflows:
- template: exposed-panels/sap-hana-xsengine-panel.yaml - template: exposed-panels/sap-hana-xsengine-panel.yaml
- template: misconfiguration/sap/ - template: misconfiguration/sap/
- template: network/sap-router.yaml # Network Templates - template: network/sap-router.yaml # Network Templates
subtemplates: subtemplates:
- template: network/sap-router-info-leak.yaml - template: network/sap-router-info-leak.yaml