Skip to content

Commit

Permalink
20240904
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Sep 4, 2024
1 parent b66b2ad commit 609b7e4
Show file tree
Hide file tree
Showing 63 changed files with 2,689 additions and 478 deletions.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20240903
20240904
36 changes: 36 additions & 0 deletions poc.txt
Original file line number Diff line number Diff line change
Expand Up @@ -30313,6 +30313,7 @@
./poc/cve/CVE-2023-49174.yaml
./poc/cve/CVE-2023-49175-4ca47816d21ff2a718ca63d97a29cf47.yaml
./poc/cve/CVE-2023-49175.yaml
./poc/cve/CVE-2023-49176-18981672697074d8ee6c04f0759c4af8.yaml
./poc/cve/CVE-2023-49176-3938f2c4127b3db0718d165d9a3a54ea.yaml
./poc/cve/CVE-2023-49176.yaml
./poc/cve/CVE-2023-49177-849a3b23f8766861c95e2eebe7dff568.yaml
Expand Down Expand Up @@ -40394,6 +40395,7 @@
./poc/cve/CVE-2024-4359-a02da093773a725f098d0f6b3982b1f5.yaml
./poc/cve/CVE-2024-4359.yaml
./poc/cve/CVE-2024-4360-2ce554962ceb2089ac94ef643f6a051a.yaml
./poc/cve/CVE-2024-4360-426a357315aa35eab510e9b6b60af008.yaml
./poc/cve/CVE-2024-4360.yaml
./poc/cve/CVE-2024-4361-85acc07efa37358e850403030e755242.yaml
./poc/cve/CVE-2024-4361.yaml
Expand Down Expand Up @@ -42299,10 +42301,13 @@
./poc/cve/CVE-2024-7862.yaml
./poc/cve/CVE-2024-7863-d3242f03e4b845277a7311f26e80d2a3.yaml
./poc/cve/CVE-2024-7863.yaml
./poc/cve/CVE-2024-7870-4b3910b5527f496007ddf9a3918025ed.yaml
./poc/cve/CVE-2024-7870-8f97f143492468182d67786194a0ead7.yaml
./poc/cve/CVE-2024-7895-ac1e11d6be8490c8494a930a375e9a8e.yaml
./poc/cve/CVE-2024-7895.yaml
./poc/cve/CVE-2024-7918-a7e65e7119ee7b26b163171cf42cfe15.yaml
./poc/cve/CVE-2024-7918.yaml
./poc/cve/CVE-2024-7950-4a4c660d480c32376f512832d16b17e2.yaml
./poc/cve/CVE-2024-8016-d1bc0d8335eb95e44886878c9717595b.yaml
./poc/cve/CVE-2024-8016.yaml
./poc/cve/CVE-2024-8030-4bf23408e0dc80a213e018f362e5999c.yaml
Expand All @@ -42325,10 +42330,17 @@
./poc/cve/CVE-2024-8056.yaml
./poc/cve/CVE-2024-8091-2a76422fe65a9439ffb66d6cccbb9f37.yaml
./poc/cve/CVE-2024-8091.yaml
./poc/cve/CVE-2024-8102-4ad066b587d88f25407775652c334ec3.yaml
./poc/cve/CVE-2024-8104-ce7e2be47ca5e025bb553db2616e0460.yaml
./poc/cve/CVE-2024-8106-7671063e045920cf0588f095bb335572.yaml
./poc/cve/CVE-2024-8108-388981d89511f13ba76287252ce2c890.yaml
./poc/cve/CVE-2024-8108.yaml
./poc/cve/CVE-2024-8117-b4005662e6c5441a52e67aa26190a59e.yaml
./poc/cve/CVE-2024-8119-05cb9346e46ada26e41ef13528f05f84.yaml
./poc/cve/CVE-2024-8120-3613ebb9d30f84ec400bcf99e23d31d1.yaml
./poc/cve/CVE-2024-8120.yaml
./poc/cve/CVE-2024-8121-cc7eb9c6e85ac0543223aff2e00d5aa1.yaml
./poc/cve/CVE-2024-8123-6b716917d324a41a70ecf26c5f48b53f.yaml
./poc/cve/CVE-2024-8195-55ed6b4889c7dbecb6bd9deee053ca6e.yaml
./poc/cve/CVE-2024-8195.yaml
./poc/cve/CVE-2024-8197-c5c070dc8273cbfedbc9600c73cd97ad.yaml
Expand All @@ -42343,8 +42355,12 @@
./poc/cve/CVE-2024-8274.yaml
./poc/cve/CVE-2024-8276-abcb50055a0fdc77a95290d651b9dbcc.yaml
./poc/cve/CVE-2024-8276.yaml
./poc/cve/CVE-2024-8289-547295faa6591e5ec09f536a86cfff13.yaml
./poc/cve/CVE-2024-8289-87a431b046b6c387f38f06ebe340c64f.yaml
./poc/cve/CVE-2024-8318-9e3d9fca4cd410e9a139c67eeace05ec.yaml
./poc/cve/CVE-2024-8319-f52695adcae621062e419e0168d0ec9c.yaml
./poc/cve/CVE-2024-8319.yaml
./poc/cve/CVE-2024-8325-11327d2b9e1fdbe3b095a728909b8615.yaml
./poc/cve/CVE_2023_49442.yaml
./poc/cve/CVE_2023_51467.yaml
./poc/cve/CVE_2024_0195.yaml
Expand Down Expand Up @@ -56455,6 +56471,7 @@
./poc/injection/yuantian-oa-getdata-action-sql-injection.yaml
./poc/injection/zentao-16.5-SQL-Injection.yaml
./poc/injection/zhixiangOA-msglog-Sql-Injection.yaml
./poc/injection/zoneminder-time-based-sql-injection.yaml
./poc/java/360deg-javascript-viewer-1a666a18717eab78defd938ae7082351.yaml
./poc/java/360deg-javascript-viewer-57266e0e37aca1e5765a93904f337419.yaml
./poc/java/360deg-javascript-viewer.yaml
Expand Down Expand Up @@ -64230,6 +64247,7 @@
./poc/other/attorney-75ae42f95c5029a5c34276ce81634c4d.yaml
./poc/other/attorney-9c2d3a40daf25f855f3ce9f2c18eba21.yaml
./poc/other/attorney.yaml
./poc/other/attributes-for-blocks-9f0329d8d0a2112474def0946e9dcd10.yaml
./poc/other/atutor-elearning.yaml
./poc/other/atutor.yaml
./poc/other/auberge-f08b3c8d17ccf977a468ef97418c6ea6.yaml
Expand Down Expand Up @@ -65256,6 +65274,7 @@
./poc/other/blockonomics-bitcoin-payments.yaml
./poc/other/blocks.yaml
./poc/other/blockspare-2b078b741eed150090c50cb25d279432.yaml
./poc/other/blockspare-8fc5bd08763040cfa5b5c4e5daa06e1a.yaml
./poc/other/blockspare-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/blockspare-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/blockspare-plugin.yaml
Expand Down Expand Up @@ -82455,9 +82474,11 @@
./poc/other/pixcodes-aa1bf77607de55d656964811b86ee2a0.yaml
./poc/other/pixcodes.yaml
./poc/other/pixelpost.yaml
./poc/other/pixelyoursite-1beb69752ca7b47937fd2ddc4fbc51fc.yaml
./poc/other/pixelyoursite-1c66da436f18f4a7256bc012d710f951.yaml
./poc/other/pixelyoursite-5d9293b6a3a64205c3fa37d2b1335b3f.yaml
./poc/other/pixelyoursite-a472c043ff40dcafd74294d830e5f92f.yaml
./poc/other/pixelyoursite-pro-1beb69752ca7b47937fd2ddc4fbc51fc.yaml
./poc/other/pixelyoursite-pro-1c66da436f18f4a7256bc012d710f951.yaml
./poc/other/pixelyoursite-pro.yaml
./poc/other/pixelyoursite.yaml
Expand Down Expand Up @@ -95412,6 +95433,7 @@
./poc/remote_code_execution/dc-woocommerce-multi-vendor-34384c21066b8e3f39af6fb218f5c65b.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-3a0d36af2427f9bf5bc743bc853a4204.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-4a89beb269f24b6006394c50bd2c68fe.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-544606cb17ece1ba96caf47e459e1eb2.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-5943ec435b12f7458965e14582b5ba75.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-6363cfa0af3aa927f990f608e5fe1df2.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-7b908fc9ec0f1f20443b3b82faca2017.yaml
Expand All @@ -95421,6 +95443,7 @@
./poc/remote_code_execution/dc-woocommerce-multi-vendor-9752280dc0d291246a1efc563215b76c.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-a134e4f138b1619cb8ee36b642d49ee4.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-ce6b592cbbeab7914e6c71314d1d3240.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-d3cf4a43d8970e8bb0a2bd761661c94d.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-d70ba2d9b3a849fde9281ffdc252c706.yaml
./poc/remote_code_execution/dc-woocommerce-multi-vendor-e48cd4f2cf89d641c9d0f9cf06042b00.yaml
Expand Down Expand Up @@ -102216,9 +102239,11 @@
./poc/sql/CVE-2024-7856-d011db87e0fcbee1bbbd734bfc806dcf.yaml
./poc/sql/CVE-2024-7861-9726dbafcd5c9f5063d85ac5d4f9296c.yaml
./poc/sql/CVE-2024-8051-13d32e37d22c86e6841489ccba7dbaab.yaml
./poc/sql/CVE-2024-8104-ce7e2be47ca5e025bb553db2616e0460.yaml
./poc/sql/CVE-2024-8195-55ed6b4889c7dbecb6bd9deee053ca6e.yaml
./poc/sql/CVE-2024-8197-c5c070dc8273cbfedbc9600c73cd97ad.yaml
./poc/sql/CVE-2024-8276-abcb50055a0fdc77a95290d651b9dbcc.yaml
./poc/sql/CVE-2024-8325-11327d2b9e1fdbe3b095a728909b8615.yaml
./poc/sql/Changdao-165-SQLi.yaml
./poc/sql/Cmseasy-Http-Head-sqli.yaml
./poc/sql/Cmseasy-celive-sqli.yaml
Expand Down Expand Up @@ -107083,6 +107108,7 @@
./poc/sql/wpdiscuz-c2970ebd358e41db5516666a827b0dd2.yaml
./poc/sql/wpdiscuz-dc128b4d9b60031ecc736abdb2ff6317.yaml
./poc/sql/wpe-indoshipping-10dbcd54baca6e6ee04759bca5983c58.yaml
./poc/sql/wpextended-5cbf272a84fe9acd0ee279a46db3911b.yaml
./poc/sql/wpfavicon-b8d7827bcbedea7a40db5bb08217d076.yaml
./poc/sql/wpforms-lite-66ca6dbf7e54d3f9d0cc66ebad78a311.yaml
./poc/sql/wpforo-04b9b42183fab163d0ecfec567eac5db.yaml
Expand Down Expand Up @@ -107285,6 +107311,7 @@
./poc/sql/zlick-paywall-656ccce99616a9f4168781db4b600949.yaml
./poc/sql/zm-gallery-1cc4f30ff2d0efb442d9b342fdb69052.yaml
./poc/sql/zms-sqli.yaml
./poc/sql/zoneminder-time-based-sql-injection.yaml
./poc/sql/zotpress-48548b155abdb9c3d2ae1981fc3c42e8.yaml
./poc/sql/zzcms-zsmanage-sqli.yaml
./poc/sql/zzcms-zsmanage-sqli.yml
Expand Down Expand Up @@ -108204,6 +108231,7 @@
./poc/sql_injection/zhixiangOA-msglog.aspx-sql.yaml
./poc/sql_injection/zhiyuan-setextno-sqli.yaml
./poc/sql_injection/zms-sqli.yaml
./poc/sql_injection/zoneminder-time-based-sql-injection.yaml
./poc/sql_injection/zzcms-zsmanage-sqli.yaml
./poc/sql_injection/zzcms-zsmanage-sqli.yml
./poc/ssh/azure-nsg-ssh-unrestricted.yaml
Expand Down Expand Up @@ -115415,6 +115443,7 @@
./poc/wordpress/wp-job-portal-a5bdc2b0068a1c535dc51453d211dcd6.yaml
./poc/wordpress/wp-job-portal-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/wordpress/wp-job-portal-d51f4fd87b69ac765648da293bd32a31.yaml
./poc/wordpress/wp-job-portal-f30a1250ca423391f4cfcfaaf18957f1.yaml
./poc/wordpress/wp-job-portal-f7ec98d69a0944149a1d98bba86a2fe9.yaml
./poc/wordpress/wp-job-portal-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/wordpress/wp-job-portal-plugin.yaml
Expand Down Expand Up @@ -118104,6 +118133,13 @@
./poc/wordpress/wpeprivate-config-disclosure.yaml
./poc/wordpress/wpeprivate_leak.yaml
./poc/wordpress/wpextended-308870d3518617d4a2ead1aea9124d61.yaml
./poc/wordpress/wpextended-5cbf272a84fe9acd0ee279a46db3911b.yaml
./poc/wordpress/wpextended-898e7a555b157634c99390b7435874c9.yaml
./poc/wordpress/wpextended-9895da30d085e092ce8f9330a2f11c4a.yaml
./poc/wordpress/wpextended-a2b149f2d5703f489bf82b331eacb4d5.yaml
./poc/wordpress/wpextended-baa11bdf4937a59d4e327d17b9aee3ae.yaml
./poc/wordpress/wpextended-c55aff883587b862ba2515637c78b9f8.yaml
./poc/wordpress/wpextended-cd6df911f84682027c580d9baa72ff97.yaml
./poc/wordpress/wpextended.yaml
./poc/wordpress/wpfavicon-b8d7827bcbedea7a40db5bb08217d076.yaml
./poc/wordpress/wpfavicon.yaml
Expand Down
59 changes: 59 additions & 0 deletions poc/cve/CVE-2023-49176-18981672697074d8ee6c04f0759c4af8.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2023-49176-18981672697074d8ee6c04f0759c4af8

info:
name: >
WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting
author: topscoder
severity: medium
description: >
The WP Pocket URLs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8a22873f-6f09-4183-92c5-a84e0d378920?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-49176
metadata:
fofa-query: "wp-content/plugins/wp-pocket-urls/"
google-query: inurl:"/wp-content/plugins/wp-pocket-urls/"
shodan-query: 'vuln:CVE-2023-49176'
tags: cve,wordpress,wp-plugin,wp-pocket-urls,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/wp-pocket-urls/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "wp-pocket-urls"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.0.2')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-4360-426a357315aa35eab510e9b6b60af008.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-4360-426a357315aa35eab510e9b6b60af008

info:
name: >
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag
author: topscoder
severity: low
description: >
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/910c0a32-b169-4728-888c-0dfea2066c9c?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
cvss-score: 6.4
cve-id: CVE-2024-4360
metadata:
fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
shodan-query: 'vuln:CVE-2024-4360'
tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "bdthemes-element-pack-lite"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 5.7.6')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-7870-4b3910b5527f496007ddf9a3918025ed.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-7870-4b3910b5527f496007ddf9a3918025ed

info:
name: >
PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion
author: topscoder
severity: medium
description: >
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd7a515-6389-4152-8dac-d5497dd94f6d?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cve-id: CVE-2024-7870
metadata:
fofa-query: "wp-content/plugins/pixelyoursite/"
google-query: inurl:"/wp-content/plugins/pixelyoursite/"
shodan-query: 'vuln:CVE-2024-7870'
tags: cve,wordpress,wp-plugin,pixelyoursite,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/pixelyoursite/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "pixelyoursite"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 9.7.1')
Loading

0 comments on commit 609b7e4

Please sign in to comment.