Merge branch 'main' into cve-2022-46463

projectdiscovery · Aug 16, 2023 · 59407bc · 59407bc
2 parents de378a5 + 4882498
commit 59407bc
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 12 deletions.
diff --git a/.new-additions b/.new-additions
@@ -1,4 +1,5 @@
 http/cves/2021/CVE-2021-24409.yaml
+http/cves/2021/CVE-2021-25065.yaml
 http/cves/CVE-2015-9323.yaml
 http/technologies/besu-server-detect.yaml
 http/technologies/erigon-server-detect.yaml

diff --git a/cves.json b/cves.json
@@ -1131,6 +1131,7 @@
 {"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25052.yaml"}
 {"ID":"CVE-2021-25055","Info":{"Name":"WordPress FeedWordPress \u003c 2022.0123 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"The plugin is affected by a cross-site scripting vulnerability within the \"visibility\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25055.yaml"}
 {"ID":"CVE-2021-25063","Info":{"Name":"WordPress Contact Form 7 Skins \u003c=2.5.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25063.yaml"}
+{"ID":"CVE-2021-25065","Info":{"Name":"Smash Balloon Social Post Feed \u003c 4.1.1 - Authenticated Reflected Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25065.yaml"}
 {"ID":"CVE-2021-25067","Info":{"Name":"Landing Page Builder \u003c 1.4.9.6 - Cross-Site Scripting","Severity":"medium","Description":"The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25067.yaml"}
 {"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25074.yaml"}
 {"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2021/CVE-2021-25075.yaml"}

diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
@@ -1 +1 @@
-a9b24e5df67bd3f35194cf16454fc5be
+d49814390f8a664de8c275317b6c2d38
diff --git a/http/cves/2021/CVE-2021-25065 → http/cves/2021/CVE-2021-25065.yaml b/http/cves/2021/CVE-2021-25065 → http/cves/2021/CVE-2021-25065.yaml
@@ -21,7 +21,7 @@ info:
   tags: cve,cve2021,wpscan,wordpress,wp-plugin,xss,wp,authenticated
 
 http:
-  - raw:  
+  - raw:
       - |
         POST /wp-login.php HTTP/1.1
         Host: {{Hostname}}

diff --git a/http/exposures/configs/phpinfo-files.yaml b/http/exposures/configs/phpinfo-files.yaml
@@ -9,9 +9,9 @@ info:
   remediation: Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only.
   classification:
     cwe-id: CWE-200
-  tags: config,exposure,phpinfo
   metadata:
-    max-request: 21
+    max-request: 22
+  tags: config,exposure,phpinfo
 
 http:
   - method: GET
@@ -37,6 +37,7 @@ http:
       - "{{BaseURL}}/_profiler/phpinfo.php"
       - "{{BaseURL}}/_profiler/phpinfo"
       - "{{BaseURL}}/?phpinfo=1"
+      - "{{BaseURL}}/l.php?act=phpinfo"
 
     stop-at-first-match: true
     matchers-condition: and

diff --git a/http/misconfiguration/manage-engine-ad-search.yaml b/http/misconfiguration/manage-engine-ad-search.yaml
@@ -5,9 +5,11 @@ info:
   author: PR3R00T
   severity: high
   description: Manage Engine AD Manager service can be configured to allow anonymous users to browse the AD list remotely.
-  tags: unauth,misconfig
   metadata:
     max-request: 1
+    shodan-query: title:"ManageEngine"
+    verified: true
+  tags: unauth,misconfig
 
 http:
   - method: GET
@@ -22,5 +24,6 @@ http:
       - type: word
         words:
           - "ManageEngine"
-          - "ADManager"
-        condition: and
+          - "Showing Objects Of"
+          - "Export as"
+        condition: and
diff --git a/templates-checksum.txt b/templates-checksum.txt
@@ -8,8 +8,8 @@ TEMPLATES-STATS.json:480086d95cb124dd0cc07617dd44f3e63cc34776
 TEMPLATES-STATS.md:be25764dbb503d444528cfda0b2a2adb6abeb6a3
 TOP-10.md:95e4e7780d22a24b612779b05eb2ae4dea4f7a12
 contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9
-cves.json:a95799d9f922f102b4c67298fde5ee2660251bbd
-cves.json-checksum.txt:3f113ebe0b72e4604d2330acb8c80e6fddb63826
+cves.json:553b2239139132d155945bfd2fe813034b84f3fb
+cves.json-checksum.txt:3e1e9a7b9b9b8893763287facd85b9d1b470f24c
 dns/azure-takeover-detection.yaml:bcfb33e8a76b75042967f0301e57dc98d5f2da7c
 dns/caa-fingerprint.yaml:7dcc71c91d6cb3d8e290e09b52768b6017fbb161
 dns/detect-dangling-cname.yaml:bba3b5b57357e86830d9f76e28b988107597b75c
@@ -1748,6 +1748,7 @@ http/cves/2021/CVE-2021-25033.yaml:8613f053b3c857131958afa1780b056f5bae0da1
 http/cves/2021/CVE-2021-25052.yaml:746e605ced68c1f0579084ec7f4cd23fecf0c6c0
 http/cves/2021/CVE-2021-25055.yaml:870e334ae277a906dab32e037ff0a16a9ca6d506
 http/cves/2021/CVE-2021-25063.yaml:52fdfd9235409b2a00dd9a130fe738c18a6e6232
+http/cves/2021/CVE-2021-25065.yaml:3ff5434b72bf4b173127ec9f2c4c81b53c74f371
 http/cves/2021/CVE-2021-25067.yaml:ab0d87da0eceb32e0a0f267823a3da3b881fd9c2
 http/cves/2021/CVE-2021-25074.yaml:14459dbf5767e8eeb47e7a48764b2ce360c69405
 http/cves/2021/CVE-2021-25075.yaml:c26c3f3efc36ee0cdef881e6af0af8fbc3f3be7d
@@ -2598,6 +2599,7 @@ http/cves/2023/CVE-2023-38646.yaml:67efb752090e5f27e0dc770008065458bbb2aba1
 http/cves/2023/CVE-2023-39120.yaml:c2e5b3bd997e2b6cb63530cc9c7bf1d0cce6e0b7
 http/cves/2023/CVE-2023-39143.yaml:470d4fc68ed1784cf1e3b644a7d694b0b62e5fb3
 http/cves/2023/CVE-2023-4174.yaml:57a22040bd01f63997f735cc9161097dbd909fc8
+http/cves/CVE-2015-9323.yaml:80b64716501e553a4468758e33e5ce56c6c0b609
 http/default-logins/3com/3com-nj2000-default-login.yaml:c00b706cfbbb60a4377ed00240d60f1b4679f18d
 http/default-logins/UCMDB/ucmdb-default-login.yaml:65a8ff54c063a35e251409ed8bfd1a93e50d42c2
 http/default-logins/abb/cs141-default-login.yaml:8914cccfee6dfcbfbb632cf088ca7a33823561d6
@@ -3776,7 +3778,7 @@ http/exposures/configs/parameters-config.yaml:dda0e057a00490df8419cc780a8a553cc0
 http/exposures/configs/perl-status.yaml:c97dfdf9a7251700ee43eb04490318757522572a
 http/exposures/configs/phalcon-framework-source.yaml:0f22ad0f8169d336c402dd655b07e85f710c6516
 http/exposures/configs/php-fpm-config.yaml:179031ef6bd847b03aad37799b9fc1fb18e56bb9
-http/exposures/configs/phpinfo-files.yaml:c7327122c5e136b1eec1d0eb1353e56d651956b6
+http/exposures/configs/phpinfo-files.yaml:a4a49c0b775516a4c5d508120dc110f27c0cdd1a
 http/exposures/configs/phpsec-config.yaml:bfe17c1dcb1891b8a2d6654d86c45a469b15d778
 http/exposures/configs/phpstan-config.yaml:4ba62a79c2ef43e6b496955f16ee0f2a208efbe3
 http/exposures/configs/pipfile-config.yaml:5b4270a853d986453232555d93769511fa1bab92
@@ -4486,7 +4488,7 @@ http/misconfiguration/linkerd-ssrf-detect.yaml:c9c7188cf82c3e72689ff57c1bc9a531b
 http/misconfiguration/linktap-gateway-exposure.yaml:6282099865efd5333ab1e0b6617ca8ed0059a42a
 http/misconfiguration/locust-exposure.yaml:879e0cf501e075b201fef057ca84e2b4f4483823
 http/misconfiguration/lvm-exporter-metrics.yaml:6c4969c2057c4d8223d1eed2a8c214730efb1f74
-http/misconfiguration/manage-engine-ad-search.yaml:5c60f797fad0f82038da34924ab7a6b25263fc12
+http/misconfiguration/manage-engine-ad-search.yaml:a9d037e57c36bd56b8a340075fe95c37884b3c1d
 http/misconfiguration/misconfigured-concrete5.yaml:fbd7e1060eeb23bec6e4331af978576619e8a704
 http/misconfiguration/misconfigured-docker.yaml:3ba99bbaca7efee00abd6078950a59b3299f343f
 http/misconfiguration/mlflow-unauth.yaml:cbfaa296c93b75f1600826d43bac22f2eed987ba
@@ -6950,7 +6952,7 @@ ssl/ssl-dns-names.yaml:aab93262d20a05bc780bf63d7c6d971611408d4e
 ssl/tls-version.yaml:cde833d5e6578a1c2e2a6a21e4f38da30d6cf750
 ssl/untrusted-root-certificate.yaml:207afac20c036cab562f9b10d469cf709cf977f0
 ssl/weak-cipher-suites.yaml:7ab90033845c8fd761be452af7fb2a87dc5f7eec
-templates-checksum.txt:0e1e86f518e786f3d1e24c184bd07bf449350125
+templates-checksum.txt:c069771aec0399da18054f0ed14598d014748951
 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
 workflows/74cms-workflow.yaml:a6732eab4577f5dcf07eab6cf5f9c683fea75b7c
 workflows/acrolinx-workflow.yaml:ae86220e8743583a24dc5d81c8a83fa01deb157f