Commit Graph

11819 Commits (3564e640275c8f0e631bf5655d8952dae25e4d40)

Author SHA1 Message Date
Houziaux Mike 3564e64027
[Add] - Zimbra unauthenticated LFI (#3571)
* add zimbra lfi

* template updates

- CVE update
- Matchers update
- Additional LFI payload + matchers

* Update CVE-2013-7091.yaml

* Revert "Update CVE-2013-7091.yaml"

This reverts commit fdffa3944f29754d8971a2697754011d29677c42.

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com>
2022-01-21 13:02:08 +05:30
Onurhan Erdoğdu 599381c30b
jboss-default-login.yaml (#1828)
* jboss-default-login.yaml

* Update jboss-default-login.yaml

* misc updates

Co-authored-by: onurhan <onurhan.erdogdu@ict.btk.gov.tr>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-21 00:08:35 +05:30
David McKennirey 5c99a65e8e
Add versa-default-login template (#1324)
* Add versa-default-login template

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-20 23:46:51 +05:30
Leovalcante bac26e1669
Create check for cve-2020-24391 mongo-express RCE (#3566)
* Create check for cve-2020-24391 mongo-express RCE

* random file to write + matcher updates + extractor

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-20 14:55:01 +05:30
Sandeep Singh 1b0c7f1b7f
CVE-2021-22205 update (#3568)
*moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml
*template extension update + added missing severity + misc updates
2022-01-20 14:25:57 +05:30
Greg Johnson e0a2d35a8d
add passive fingerprinting template for CVE-2021-22205 (#3565)
Co-authored-by: Greg Johnson (codeEmitter) <gjohnson@gitlab.com>
2022-01-20 14:12:37 +05:30
Dhiyaneshwaran 0be16119ee
Go-Phish and Workflow (#3564)
* Create gophish-login.yaml

* Create gophish-workflow.yaml

* Update gophish-workflow.yaml

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-01-19 23:52:42 +05:30
sandeep 1d7257d4d9 minor cleanups and matcher update 2022-01-19 23:20:03 +05:30
Paul Werther 5d171e544f
add gophish default credential template (#1532) 2022-01-19 23:16:22 +05:30
Sandeep Singh fafd43e090
Added Misconfigured Concrete5 (#3563) 2022-01-19 16:28:00 +05:30
Sandeep Singh 05d78b896e
updated tags 2022-01-19 15:45:06 +05:30
sandeep d3decfb055 concrete5 workflow fix 2022-01-19 15:35:08 +05:30
sandeep 3f6808a9ee case-insensitive matcher 2022-01-19 15:34:53 +05:30
sandeep 03f8d4641a using unique matcher 2022-01-19 15:34:25 +05:30
Prince Chaddha e67530199b
Merge pull request #3562 from projectdiscovery/concrete5
Create concrete5-install.yaml
2022-01-19 14:04:11 +05:30
Prince Chaddha 112bb2ccda
Update concrete5-panel.yaml 2022-01-19 14:00:34 +05:30
Prince Chaddha cbdfde0a38
Update concrete5-install.yaml 2022-01-19 13:49:13 +05:30
sandeep f6e3df8b33 CVE-2020-13483 Update 2022-01-19 13:44:01 +05:30
Prince Chaddha 5b49c7ee6f
Update and rename exposed-panels/concrete5-panel.yaml to exposed-panels/concrete5/concrete5-panel.yaml 2022-01-19 13:39:50 +05:30
Prince Chaddha 1c4372d846
Create concrete5-install.yaml 2022-01-19 13:38:59 +05:30
pussycat0x 650a38ffde
Qualcomm 4G LTE WiFi VoIP-Router (#3555)
* Add files via upload

* Auto Generated CVE annotations [Mon Jan 17 16:05:35 UTC 2022] 🤖

* Update CVE-2021-44528.yaml

* Update CVE-2021-45232.yaml

* Add files via upload

* removing duplicate template

* moving template around

* template fix

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-19 13:33:34 +05:30
Dhiyaneshwaran 0e8b34f776
New Templates & Workflow (#3556)
* Create secure-login-panel.yaml

* Create geo-webserver.yaml

* Create hp-virtual-connect-manager.yaml

* Create microsoft-azure-error.yaml

* Create microsoft-iis-8.yaml

* Create veeam-backup-azure-panel.yaml

* Create user-control-panel.yaml

* Create kafka-consumer-monitor.yaml

* Update kafka-consumer-monitor.yaml

* Create kafka-connect-ui-exposure.yaml

* misc updates

* duplicate template

existing one - `exposed-panels/kafka-connect-ui.yaml`

* Create kafka-cruise-control.yaml

* Create kafka-center-default-login.yaml

* Create kafka-center-login.yaml

* minor update

* Create azure-kubernetes-service.yaml

* Update azure-kubernetes-service.yaml

* Update azure-kubernetes-service.yaml

* Create barracuda-panel.yaml

* Update barracuda-panel.yaml

* Update barracuda-panel.yaml

* Create CVE-2021-24891.yaml

* template meta info update

* Delete CVE-2021-24891.yaml

* Create caddy-open-redirect.yaml

* Create concrete5-panel.yaml

* Create concrete-workflow.yaml

* updated matcher to avoid false negative results

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-19 13:21:15 +05:30
Adam Crosser 4000a96d3b
Updated Axis Camera Template (#3557)
* Updated Axis Camera Template

* Added missing AND condition

* syntax fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-19 12:49:00 +05:30
Adam Crosser dbdc25b148
Terraform Enterprise (#3559)
* Added Terraform Enterprise Detection Template

* Updated Author

* Added title extractor

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-19 12:46:43 +05:30
Adam Crosser 053d02b80b
Code42 Panel Detection (#3560)
* Added Terraform Enterprise Detection Template

* Updated Author

* Added Code42 Panel Detection

* Removed Terraform Enterprise Template

* Update code42-panel.yaml

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-01-19 12:29:11 +05:30
GitHub Action 3cd869ca44 Auto README Update [Tue Jan 18 11:10:29 UTC 2022] 🤖 2022-01-18 11:10:29 +00:00
GitHub Action bb6791b7ab Auto Generated Templates Stats [Tue Jan 18 11:10:04 UTC 2022] 🤖 2022-01-18 11:10:04 +00:00
forgedhallpass da68c83220
Credentials disclosure refactor (#3552)
* misc updates
* fixed linter error: unnecessary escape of single quotes
* minor simplification of the last capture group
* replaced (=| =|:| :)(( \"|\")|( '|')) with \\s*[=:]\\s*[\"'] because it's more readable and also more permissive with white space characters
* changed the [a-z0-9-_] with [\w-] for readability
* removed the unnecessary capture group

Co-authored-by: Emad Youssef <48482029+Sy3Omda@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-18 16:25:55 +05:30
Daniel aa451b254b
Update pulse-secure-panel (#3536)
* Update pulse-secure-panel

Add version info retrieval.

* separated version detection

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-18 13:44:57 +05:30
Roberto Nunes f8013457b6
Create CVE-2020-23575.yaml (#3547)
* Create CVE-2020-23575.yaml

* Update and rename CVE-2020-23575.yaml to cves/2020/CVE-2020-23575.yaml

* minor update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-18 13:12:16 +05:30
Roberto Nunes 2cadf76241
Create CVE-2021-32618.yaml (#3546)
* Create CVE-2021-32618.yaml

* Update and rename CVE-2021-32618.yaml to cves/2021/CVE-2021-32618.yaml

* matcher update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-18 12:51:00 +05:30
Pathtaga a39245bf40
Added drupal login template (#3471)
* Added drupal login template

* moved drupal detection to separate template

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-18 12:35:19 +05:30
johnk3r 362c381732
Create fortimail-panel.yaml (#3549)
* Create fortimail-panel.yaml

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-18 11:01:45 +05:30
GitHub Action 2c250d66c7 Auto Generated CVE annotations [Tue Jan 18 05:22:01 UTC 2022] 🤖 2022-01-18 05:22:01 +00:00
Dwi Siswanto b8dabfbcbb
Add CVE-2021-20038 (#3542)
* Add CVE-2021-20038

* misc: Update author
2022-01-18 10:50:14 +05:30
sandeep 7c30910d69 Added missing request 2022-01-18 10:46:50 +05:30
sandeep 2b7304c427 Added version extractor 2022-01-18 09:50:34 +05:30
Antoine Neuenschwander 6479afc4f1
Enable redirects (#3545) 2022-01-17 11:38:12 +05:30
Mzack9999 f6ef818e44
Adding contributors.json from gh commit logs (#3540) 2022-01-16 22:21:22 +05:30
GitHub Action 8244d08f57 Auto Generated CVE annotations [Sun Jan 16 16:40:51 UTC 2022] 🤖 2022-01-16 16:40:51 +00:00
Sandeep Singh f6377b09ec
Added Apache APISIX's Admin API Default Access Token (RCE) (#3544) 2022-01-16 22:08:55 +05:30
Patrick 1086ca1a30
added template for CVE-2021-42551 (#3541)
* added template for CVE-2021-42551

* Update CVE-2021-42551.yaml

* Update CVE-2021-42551.yaml

* unbricked CVE-2021-42551

* additional page specific matcher

Co-authored-by: Patrick <patrick.schmid@redguard.ch>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-16 19:01:29 +05:30
GitHub Action a3c13932b8 Auto README Update [Sun Jan 16 12:26:57 UTC 2022] 🤖 2022-01-16 12:26:57 +00:00
GitHub Action 1722e435f4 Auto Generated Templates Stats [Sun Jan 16 12:26:36 UTC 2022] 🤖 2022-01-16 12:26:36 +00:00
Sandeep Singh 6f84c96e5b
Add cloud metadata checks for reverse proxies (#3528)
* Add cloud metadata checks (proxied) for:
- Amazon AWS
- Alibaba Cloud
- Microsoft Azure
- DigitalOcean
- Hetzner Cloud
- OpenStack
- Oracle Cloud

* fixup! Add cloud metadata checks (proxied) for: - Amazon AWS - Alibaba Cloud - Microsoft Azure - DigitalOcean - Hetzner Cloud - OpenStack - Oracle Cloud

* Fix URL

* Remove unnecessary Flavor header

* Add cgi as a file type

* syntax fix

* syntax update

* moving files around

* tags update

* matchers update

* * Added CVSS scores
* Updated metadata tests to latest versions
* Added generic proxy tests

* * Update to latest versions
* Remove empty lines to pass lint

* removing sniper to use default attacktype

* minor syntax fix

* minor updates

Co-authored-by: sullo <sullo@ziggy.local>
Co-authored-by: sullo <sullo@cirt.net>
2022-01-16 17:55:28 +05:30
Sandeep Singh 02c01d30da
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-16 03:06:09 +05:30
gy741 e5958c1364
Update tags (#3538) 2022-01-16 02:08:21 +05:30
GitHub Action 93337032a0 Auto Generated CVE annotations [Sat Jan 15 20:36:52 UTC 2022] 🤖 2022-01-15 20:36:52 +00:00
PikPikcU 7e0a3acf44
Create dreambox-xss (#3535)
* Create dreambox-xss.yaml

* Create dreambox-detect.yaml

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-16 02:05:33 +05:30
GitHub Action ca79e7a81f Auto Generated CVE annotations [Sat Jan 15 20:28:18 UTC 2022] 🤖 2022-01-15 20:28:18 +00:00