Changes fixes/around dynamic attributes ("additional-fields")

Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84
2021-08-19 16:17:27 +03:00 · 2021-08-19 16:17:27 +03:00 · ffaff64565
parent 0b432b341b
commit ffaff64565
19 changed files with 59 additions and 42 deletions
--- a/cves/2009/CVE-2009-1151.yaml
+++ b/cves/2009/CVE-2009-1151.yaml
@ -5,8 +5,9 @@ info:
  author: princechaddha
  severity: high
  description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
-  reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
+  reference:
-  vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
+    - https://www.phpmyadmin.net/security/PMASA-2009-3/
    - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
  tags: cve,cve2009,phpmyadmin,rce,deserialization
 requests:
--- a/cves/2015/CVE-2015-5688.yaml
+++ b/cves/2015/CVE-2015-5688.yaml
@ -4,9 +4,10 @@ info:
 name: Geddy before v13.0.8 LFI
 author: pikpikcu
 severity: high
 issues: https://github.com/geddy/geddy/issues/697
 description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
- reference: https://nodesecurity.io/advisories/geddy-directory-traversal
+ reference:
  - https://nodesecurity.io/advisories/geddy-directory-traversal
  - https://github.com/geddy/geddy/issues/697
 tags: cve,cve2015,geddy,lfi
 requests:
--- a/cves/2018/CVE-2018-1335.yaml
+++ b/cves/2018/CVE-2018-1335.yaml
@ -4,8 +4,9 @@ info:
  name: Apache Tika 1.15-1.17 Header Command Injection
  author: pikpikcu
  severity: critical
-  reference: https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
+  reference:
-  edb: https://www.exploit-db.com/exploits/47208
+    - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
    - https://www.exploit-db.com/exploits/47208
  tags: cve,cve2018,apache,tika,rce
 requests:
--- a/cves/2019/CVE-2019-1010287.yaml
+++ b/cves/2019/CVE-2019-1010287.yaml
@ -4,11 +4,12 @@ info:
  name: Timesheet 1.5.3 - Cross Site Scripting
  author: pikpikcu
  severity: high
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
+  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
    - http://www.mdh-tz.info/ # demo
  tags: cve,cve2019,timesheet,xss
-
+  additional-fields:
-# Google-Dork: inurl:"/timesheet/login.php"
+    google-dork: inurl:"/timesheet/login.php"
 # Demo: http://www.mdh-tz.info/
 requests:
  - raw:  # Metod POST  From  login.php
--- a/cves/2019/CVE-2019-12461.yaml
+++ b/cves/2019/CVE-2019-12461.yaml
@ -6,8 +6,9 @@ info:
  severity: medium
  description: Web Port 1.19.1 allows XSS via the /log type parameter.
  tags: cve,cve2019,xss
-  reference: https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
+  reference:
-  software: https://webport.se/nedladdningar/
+    - https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
    - https://webport.se/nedladdningar/
 requests:
  - method: GET
--- a/cves/2019/CVE-2019-12593.yaml
+++ b/cves/2019/CVE-2019-12593.yaml
@ -6,12 +6,13 @@ info:
  severity: high
  description: IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
  tags: cve,cve2019,lfi
-  reference: https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
+  reference:
-
+    - https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
-  # reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12593
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-12593
-  # Google Dork:-Powered By IceWarp 10.4.4
+    - http://www.icewarp.com # vendor homepage
-  # Vendor Homepage: http://www.icewarp.com
+    - https://www.icewarp.com/downloads/trial/ # software link
-  # Software Link: https://www.icewarp.com/downloads/trial/
+  additional-fields:
    google-dork: Powered By IceWarp 10.4.4
 requests:
  - method: GET
--- a/cves/2019/CVE-2019-16097.yaml
+++ b/cves/2019/CVE-2019-16097.yaml
@ -5,8 +5,9 @@ info:
  severity: critical
  description: |
    core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
-  issues: https://github.com/goharbor/harbor/issues/8951
+  reference:
-  reference: https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
+   - https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
   - https://github.com/goharbor/harbor/issues/8951
  tags: cve,cve2019,intrusive,harbor
 requests:
--- a/cves/2020/CVE-2020-14864.yaml
+++ b/cves/2020/CVE-2020-14864.yaml
@ -3,12 +3,13 @@ info:
  name: Oracle Fusion - "getPreviewImage" Directory Traversal/Local File Inclusion
  description: 'Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - "getPreviewImage" Directory Traversal/Local File Inclusion'
  author: Ivo Palazzolo (@palaziv)
  cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'
  severity: high
  tags: cve,cve2020,oracle,lfi
  reference:
    - http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html
    - https://www.oracle.com/security-alerts/cpuoct2020.html
  additional-fields:
    cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'
 requests:
  - method: GET
--- a/cves/2020/CVE-2020-15500.yaml
+++ b/cves/2020/CVE-2020-15500.yaml
@ -4,8 +4,9 @@ info:
  name: TileServer GL Reflected XSS
  author: Akash.C
  severity: medium
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15500
+  reference:
-  source: https://github.com/maptiler/tileserver-gl/issues/461
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-15500
    - https://github.com/maptiler/tileserver-gl/issues/461
  tags: cve,cve2020,xss,tileserver
 requests:
--- a/cves/2021/CVE-2021-22986.yaml
+++ b/cves/2021/CVE-2021-22986.yaml
@ -5,8 +5,9 @@ info:
  severity: critical
  tags: bigip,cve,cve2021,rce
  description: The iControl REST interface has an unauthenticated remote command execution vulnerability.
-  reference: https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986
+  reference:
-  advisory: https://support.f5.com/csp/article/K03009991
+    - https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986
    - https://support.f5.com/csp/article/K03009991
 requests:
  - raw:
--- a/cves/2021/CVE-2021-26722.yaml
+++ b/cves/2021/CVE-2021-26722.yaml
@ -7,7 +7,6 @@ info:
  description: LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
  reference: https://github.com/linkedin/oncall/issues/341
  tags: cve,cve2021,linkedin,xss
  issues: https://github.com/linkedin/oncall/issues/341
 requests:
  - method: GET
--- a/default-logins/szhe/szhe-default-password.yaml
+++ b/default-logins/szhe/szhe-default-password.yaml
@ -5,7 +5,8 @@ info:
  author: pikpikcu
  severity: low
  tags: szhe,default-login
-  vendor: https://github.com/Cl0udG0d/SZhe_Scan
+  reference:
    - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
 requests:
  - method: POST
--- a/exposed-panels/unauthenticated-frp.yaml
+++ b/exposed-panels/unauthenticated-frp.yaml
@ -5,7 +5,8 @@ info:
  author: pikpikcu
  severity: info
  tags: frp,unauth,panel
-  vendor: https://github.com/fatedier/frp/
+  reference:
    - https://github.com/fatedier/frp/ # vendor homepage
 requests:
  - method: GET
--- a/miscellaneous/unencrypted-bigip-ltm-cookie.yaml
+++ b/miscellaneous/unencrypted-bigip-ltm-cookie.yaml
@ -4,8 +4,9 @@ info:
  name: F5 BIGIP Unencrypted Cookie
  author: PR3R00T
  severity: info
-  reference: https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values
+  reference:
-  mitigation: https://support.f5.com/csp/article/K23254150
+    - https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values
    - https://support.f5.com/csp/article/K23254150
  tags: misc
 requests:
--- a/misconfiguration/unauthenticated-nacos-access.yaml
+++ b/misconfiguration/unauthenticated-nacos-access.yaml
@ -4,7 +4,7 @@ info:
  name: Unauthenticated Nacos access v1.x
  author: taielab,pikpikcu
  severity: critical
-  issues: https://github.com/alibaba/nacos/issues/4593
+  reference: https://github.com/alibaba/nacos/issues/4593
  tags: nacos,unauth
 requests:
--- a/misconfiguration/unauthenticated-varnish-cache-purge.yaml
+++ b/misconfiguration/unauthenticated-varnish-cache-purge.yaml
@ -4,8 +4,9 @@ info:
  author: 0xelkomy
  severity: low
  description: As per guideline one should protect purges with ACLs from unauthorized hosts.
-  reference: https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html
+  reference:
-  hackerone: https://hackerone.com/reports/154278
+    - https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html
    - https://hackerone.com/reports/154278
  tags: varnish,misconfig,cache
 requests:
--- a/vulnerabilities/generic/top-xss-params.yaml
+++ b/vulnerabilities/generic/top-xss-params.yaml
@ -6,7 +6,8 @@ info:
  severity: medium
  description: Searches for reflected XSS in the server response via GET-requests.
  tags: xss
-  parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p
+  additional-fields:
    parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p
 requests:
  - method: GET
--- a/vulnerabilities/other/bullwark-momentum-lfi.yaml
+++ b/vulnerabilities/other/bullwark-momentum-lfi.yaml
@ -5,13 +5,15 @@ info:
  author: pikpikcu
  severity: high
  tags: bullwark,lfi
-  reference: https://www.exploit-db.com/exploits/47773
+  reference:
    - https://www.exploit-db.com/exploits/47773
    - http://www.bullwark.net/ # vendor homepage
    - http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # software link
-# Vendor Homepage: http://www.bullwark.net/
+  additional-fields:
-# Version : Bullwark Momentum Series Web Server JAWS/1.0
+    version: Bullwark Momentum Series Web Server JAWS/1.0
-# Software Link : http://www.bullwark.net/Kategoriler.aspx?KategoriID=24
+    shodan-dork: https://www.shodan.io/search?query=Bullwark&page=1
-# Shodan Dork: https://www.shodan.io/search?query=Bullwark&page=1
+    fofa-dork: https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D
 # fofa dork:-https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D
 requests:
  - raw:
--- a/vulnerabilities/other/ruijie-networks-rce.yaml
+++ b/vulnerabilities/other/ruijie-networks-rce.yaml
@ -4,8 +4,9 @@ info:
  name: Ruijie Networks-EWEB Network Management System RCE
  author: pikpikcu
  severity: critical
-  reference: https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
+  reference:
-  vendor: https://www.ruijienetworks.com
+    - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
    - https://www.ruijienetworks.com # vendor homepage
  tags: ruijie,rce
 requests: