parent
7cd7940f8e
commit
f18404302a
|
@ -5,10 +5,9 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
remediation: Upgrade to a supported version.
|
|
||||||
reference:
|
reference:
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-1657
|
||||||
- https://www.exploit-db.com/exploits/12428
|
- https://www.exploit-db.com/exploits/12428
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1657
|
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1657
|
cve-id: CVE-2010-1657
|
||||||
|
@ -26,4 +25,4 @@ requests:
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
# Enhanced by mp on 2022/02/15
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -1,16 +1,17 @@
|
||||||
id: CVE-2010-1658
|
id: CVE-2010-1658
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
|
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||||
remediation: Upgrade to a supported version.
|
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12427
|
- https://www.exploit-db.com/exploits/12427
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1658
|
- https://www.cvedetails.com/cve/CVE-2010-1658
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1658
|
cve-id: CVE-2010-1658
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
@ -23,4 +24,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
# Enhanced by mp on 2022/02/15
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -31,5 +31,3 @@ requests:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
# Enhanced by mp on 2022/02/25
|
# Enhanced by mp on 2022/02/25
|
||||||
|
|
||||||
# Enhanced by mp on 2022/02/25
|
|
||||||
|
|
|
@ -24,4 +24,4 @@ requests:
|
||||||
- type: regex
|
- type: regex
|
||||||
part: header
|
part: header
|
||||||
regex:
|
regex:
|
||||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||||
|
|
|
@ -22,6 +22,6 @@ requests:
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
words:
|
words:
|
||||||
- "http"
|
- "http"
|
||||||
|
|
|
@ -2,12 +2,14 @@ id: CVE-2021-41653
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: TP-Link - OS Command Injection
|
name: TP-Link - OS Command Injection
|
||||||
description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
|
description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.
|
||||||
author: gy741
|
author: gy741
|
||||||
severity: critical
|
severity: critical
|
||||||
|
remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109".
|
||||||
reference:
|
reference:
|
||||||
- https://k4m1ll0.com/cve-2021-41653.html
|
- https://k4m1ll0.com/cve-2021-41653.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653
|
||||||
|
- https://www.tp-link.com/us/press/security-advisory/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.80
|
cvss-score: 9.80
|
||||||
|
@ -43,6 +45,8 @@ requests:
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
words:
|
words:
|
||||||
- "http"
|
- "http"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -4,10 +4,12 @@ info:
|
||||||
name: Apache 2.4.49 - Path Traversal and Remote Code Execution
|
name: Apache 2.4.49 - Path Traversal and Remote Code Execution
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
|
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
|
||||||
|
remediation: Update to Apache HTTP Server 2.4.50 or later.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782
|
- https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
|
||||||
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
|
||||||
- https://twitter.com/ptswarm/status/1445376079548624899
|
- https://twitter.com/ptswarm/status/1445376079548624899
|
||||||
- https://twitter.com/h4x0r_dz/status/1445401960371429381
|
- https://twitter.com/h4x0r_dz/status/1445401960371429381
|
||||||
- https://github.com/blasty/CVE-2021-41773
|
- https://github.com/blasty/CVE-2021-41773
|
||||||
|
@ -45,3 +47,5 @@ requests:
|
||||||
name: RCE
|
name: RCE
|
||||||
words:
|
words:
|
||||||
- "CVE-2021-41773-POC"
|
- "CVE-2021-41773-POC"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: PlaceOS 1.2109.1 - Open Redirection
|
name: PlaceOS 1.2109.1 - Open Redirection
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: medium
|
severity: medium
|
||||||
description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect
|
description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/PlaceOS/auth/issues/36
|
- https://github.com/PlaceOS/auth/issues/36
|
||||||
- https://www.exploit-db.com/exploits/50359
|
- https://www.exploit-db.com/exploits/50359
|
||||||
|
@ -34,3 +34,5 @@ requests:
|
||||||
part: header
|
part: header
|
||||||
regex:
|
regex:
|
||||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
id: CVE-2021-41878
|
id: CVE-2021-41878
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: i-Panel Administration System - Reflected XSS
|
name: i-Panel Administration System - Reflected Cross-Site Scripting
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
description: A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.
|
description: A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.
|
||||||
reference:
|
reference:
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-41878
|
||||||
- https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html
|
- https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41878
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41878
|
||||||
classification:
|
classification:
|
||||||
|
@ -35,3 +36,5 @@ requests:
|
||||||
words:
|
words:
|
||||||
- "text/html"
|
- "text/html"
|
||||||
part: header
|
part: header
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
id: CVE-2021-41951
|
id: CVE-2021-41951
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Resourcespace - Reflected XSS
|
name: Resourcespace - Reflected Cross-Site Scripting
|
||||||
author: coldfish
|
author: coldfish
|
||||||
description: ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.
|
description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.
|
||||||
severity: medium
|
severity: medium
|
||||||
tags: cve,cve2021,xss,resourcespace
|
tags: cve,cve2021,xss,resourcespace
|
||||||
reference:
|
reference:
|
||||||
|
@ -34,3 +34,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -4,8 +4,10 @@ info:
|
||||||
name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
|
name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
|
||||||
author: nvn1729,0xd0ff9
|
author: nvn1729,0xd0ff9
|
||||||
severity: critical
|
severity: critical
|
||||||
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773.
|
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773.
|
||||||
|
remediation: Upgrade to Apache HTTP Server 2.4.51 or later.
|
||||||
reference:
|
reference:
|
||||||
|
- https://httpd.apache.org/security/vulnerabilities_24.html
|
||||||
- https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d
|
- https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-42013
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-42013
|
||||||
- https://twitter.com/itsecurityco/status/1446136957117943815
|
- https://twitter.com/itsecurityco/status/1446136957117943815
|
||||||
|
@ -44,3 +46,5 @@ requests:
|
||||||
name: RCE
|
name: RCE
|
||||||
words:
|
words:
|
||||||
- "CVE-2021-42013"
|
- "CVE-2021-42013"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -119,3 +119,5 @@ requests:
|
||||||
- "System.ArgumentNullException"
|
- "System.ArgumentNullException"
|
||||||
|
|
||||||
# Enhanced by mp on 2022/02/08
|
# Enhanced by mp on 2022/02/08
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -1,17 +1,11 @@
|
||||||
id: CVE-2021-42258
|
id: CVE-2021-42258
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: BillQuick Web Suite SQLi
|
name: BillQuick Web Suite SQL Injection
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: critical
|
severity: critical
|
||||||
tags: cve,cve2021,sqli,billquick
|
tags: cve,cve2021,sqli,billquick
|
||||||
description: |
|
description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
|
||||||
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1
|
|
||||||
allows SQL injection for unauthenticated remote code execution,
|
|
||||||
as exploited in the wild in October 2021 for ransomware installation.
|
|
||||||
SQL injection can, for example, use the txtID (aka username) parameter.
|
|
||||||
Successful exploitation can include the ability to execute
|
|
||||||
arbitrary code as MSSQLSERVER$ via xp_cmdshell.
|
|
||||||
reference:
|
reference:
|
||||||
- https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
|
- https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-42258
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-42258
|
||||||
|
@ -34,7 +28,7 @@ requests:
|
||||||
Origin: {{RootURL}}
|
Origin: {{RootURL}}
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
__EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96
|
__EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96
|
||||||
|
|
||||||
cookie-reuse: true
|
cookie-reuse: true
|
||||||
extractors:
|
extractors:
|
||||||
|
@ -67,3 +61,5 @@ requests:
|
||||||
- "System.Data.SqlClient.SqlException"
|
- "System.Data.SqlClient.SqlException"
|
||||||
- "Incorrect syntax near"
|
- "Incorrect syntax near"
|
||||||
- "_ACCOUNTLOCKED"
|
- "_ACCOUNTLOCKED"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
id: CVE-2021-42551
|
id: CVE-2021-42551
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: NetBiblio WebOPAC - Reflected XSS
|
name: NetBiblio WebOPAC - Reflected Cross-Site Scripting
|
||||||
author: compr00t
|
author: compr00t
|
||||||
severity: medium
|
severity: medium
|
||||||
description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected Cross-Site Scripting vulnerability in its Wikipedia modul through /NetBiblio/search/shortview via the searchTerm parameter.
|
description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia modul through /NetBiblio/search/shortview via the searchTerm parameter.
|
||||||
reference:
|
reference:
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-42551
|
||||||
- https://www.redguard.ch/advisories/netbiblio_webopac.txt
|
- https://www.redguard.ch/advisories/netbiblio_webopac.txt
|
||||||
- https://www.cve.org/CVERecord?id=CVE-2021-42551
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 6.10
|
cvss-score: 6.10
|
||||||
|
@ -45,3 +45,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -2,11 +2,11 @@ id: CVE-2021-42565
|
||||||
|
|
||||||
info:
|
info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
name: myfactory FMS - Reflected XSS
|
name: myfactory FMS - Reflected Cross-Site Scripting
|
||||||
severity: medium
|
severity: medium
|
||||||
description: myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
|
description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-42565
|
||||||
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms
|
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
@ -37,3 +37,5 @@ requests:
|
||||||
part: header
|
part: header
|
||||||
words:
|
words:
|
||||||
- "text/html"
|
- "text/html"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/02/27
|
||||||
|
|
|
@ -35,13 +35,13 @@ requests:
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "grafana_session" # Login cookie
|
- "grafana_session" # Login cookie
|
||||||
part: header
|
part: header
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
part: body
|
part: body
|
||||||
words:
|
words:
|
||||||
- "Logged in" # Logged in keyword
|
- "Logged in" # Logged in keyword
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: low
|
severity: low
|
||||||
tags: szhe,default-login
|
tags: szhe,default-login
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
|
- https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -31,7 +31,7 @@ requests:
|
||||||
headers:
|
headers:
|
||||||
Range: "bytes=0-3000"
|
Range: "bytes=0-3000"
|
||||||
|
|
||||||
max-size: 2000 # Size in bytes - Max Size to read from server response
|
max-size: 2000 # Size in bytes - Max Size to read from server response
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
|
|
@ -40,7 +40,7 @@ requests:
|
||||||
- "sql.z"
|
- "sql.z"
|
||||||
- "sql.tar.z"
|
- "sql.tar.z"
|
||||||
|
|
||||||
max-size: 500 # Size in bytes - Max Size to read from server response
|
max-size: 500 # Size in bytes - Max Size to read from server response
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: binary
|
- type: binary
|
||||||
|
|
|
@ -8,11 +8,11 @@ info:
|
||||||
|
|
||||||
file:
|
file:
|
||||||
- extensions:
|
- extensions:
|
||||||
- pl # default
|
- pl # default
|
||||||
- perl # uncommon
|
- perl # uncommon
|
||||||
- pod # plain old documentation
|
- pod # plain old documentation
|
||||||
- pm # perl module
|
- pm # perl module
|
||||||
- cgi # common gateway interface
|
- cgi # common gateway interface
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
|
|
@ -19,7 +19,7 @@ requests:
|
||||||
mdbPaths: helpers/wordlists/mdb-paths.txt
|
mdbPaths: helpers/wordlists/mdb-paths.txt
|
||||||
|
|
||||||
threads: 50
|
threads: 50
|
||||||
max-size: 500 # Size in bytes - Max Size to read from server response
|
max-size: 500 # Size in bytes - Max Size to read from server response
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
|
|
||||||
network:
|
network:
|
||||||
- inputs:
|
- inputs:
|
||||||
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint
|
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint
|
||||||
type: hex
|
type: hex
|
||||||
|
|
||||||
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73"
|
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73"
|
||||||
|
|
|
@ -11,7 +11,7 @@ info:
|
||||||
network:
|
network:
|
||||||
- inputs:
|
- inputs:
|
||||||
- read: 1024 # skip handshake packet
|
- read: 1024 # skip handshake packet
|
||||||
- data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication
|
- data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication
|
||||||
type: hex
|
type: hex
|
||||||
|
|
||||||
host:
|
host:
|
||||||
|
|
|
@ -15,8 +15,8 @@ requests:
|
||||||
- '{{BaseURL}}'
|
- '{{BaseURL}}'
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex # type of the extractor
|
- type: regex # type of the extractor
|
||||||
part: body # part of the response (header,body,all)
|
part: body # part of the response (header,body,all)
|
||||||
condition: or
|
condition: or
|
||||||
regex:
|
regex:
|
||||||
- "<title>.*?Apache(|\\d+) .*?(Default|Test).*?</title>"
|
- "<title>.*?Apache(|\\d+) .*?(Default|Test).*?</title>"
|
||||||
|
|
|
@ -10,7 +10,7 @@ info:
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
|
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Liferay Portal Detection
|
name: Liferay Portal Detection
|
||||||
author: organiccrap,dwisiswant0
|
author: organiccrap,dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
|
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
|
||||||
tags: tech,liferay
|
tags: tech,liferay
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -28,7 +28,7 @@ requests:
|
||||||
- type: regex
|
- type: regex
|
||||||
part: interactsh_request
|
part: interactsh_request
|
||||||
regex:
|
regex:
|
||||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
|
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Wordpress XMLRPC.php username and password Bruteforcer
|
name: Wordpress XMLRPC.php username and password Bruteforcer
|
||||||
author: Exid
|
author: Exid
|
||||||
severity: high
|
severity: high
|
||||||
description: Ths template bruteforces username and passwords through xmlrpc.php being available.
|
description: This template bruteforces username and passwords through xmlrpc.php being available.
|
||||||
reference:
|
reference:
|
||||||
- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
|
- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
|
||||||
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
|
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
|
||||||
|
|
|
@ -17,6 +17,6 @@ workflows:
|
||||||
- template: exposed-panels/sap-hana-xsengine-panel.yaml
|
- template: exposed-panels/sap-hana-xsengine-panel.yaml
|
||||||
- template: misconfiguration/sap/
|
- template: misconfiguration/sap/
|
||||||
|
|
||||||
- template: network/sap-router.yaml # Network Templates
|
- template: network/sap-router.yaml # Network Templates
|
||||||
subtemplates:
|
subtemplates:
|
||||||
- template: network/sap-router-info-leak.yaml
|
- template: network/sap-router-info-leak.yaml
|
||||||
|
|
Loading…
Reference in New Issue