From 0b432b341b35360724ce7251fabdf1fac9c4e433 Mon Sep 17 00:00:00 2001 From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com> Date: Thu, 19 Aug 2021 16:15:35 +0300 Subject: [PATCH] Added comments with URLs under the "references" field Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 --- cves/2017/CVE-2017-10271.yaml | 6 +++--- cves/2017/CVE-2017-11444.yaml | 7 +++---- cves/2017/CVE-2017-14537.yaml | 2 +- cves/2018/CVE-2018-16763.yaml | 8 ++++---- cves/2018/CVE-2018-17431.yaml | 7 +++---- cves/2019/CVE-2019-7256.yaml | 7 +++---- cves/2020/CVE-2020-0618.yaml | 7 +++---- cves/2020/CVE-2020-10148.yaml | 11 +++++------ cves/2020/CVE-2020-12720.yaml | 5 ----- cves/2020/CVE-2020-15505.yaml | 16 +++++----------- cves/2020/CVE-2020-24223.yaml | 9 ++++----- cves/2020/CVE-2020-24312.yaml | 6 +++--- cves/2020/CVE-2020-5776.yaml | 1 - cves/2020/CVE-2020-5777.yaml | 2 -- cves/2020/CVE-2020-7209.yaml | 12 +++++------- cves/2020/CVE-2020-9496.yaml | 9 +-------- cves/2021/CVE-2021-22122.yaml | 8 -------- cves/2021/CVE-2021-26295.yaml | 1 - .../grafana/grafana-default-credential.yaml | 8 +++++--- .../solarwinds/solarwinds-default-admin.yaml | 3 --- dns/azure-takeover-detection.yaml | 6 +++--- exposures/configs/alibaba-canal-info-leak.yaml | 8 ++++---- technologies/clockwork-php-page.yaml | 3 ++- technologies/firebase-detect.yaml | 2 +- technologies/liferay-portal-detect.yaml | 4 ++-- .../jira/jira-unauthenticated-dashboards.yaml | 2 +- vulnerabilities/other/rconfig-rce.yaml | 8 ++++---- vulnerabilities/other/sick-beard-xss.yaml | 9 +++++---- .../springboot/springboot-h2-db-rce.yaml | 1 - .../wordpress/wordpress-emergency-script.yaml | 2 -- 30 files changed, 70 insertions(+), 110 deletions(-) diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml index f9456e6b9ff..be45ec2616e 100644 --- a/cves/2017/CVE-2017-10271.yaml +++ b/cves/2017/CVE-2017-10271.yaml @@ -5,11 +5,11 @@ info: author: dr_set severity: high description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. - reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 + reference: + - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 + - https://github.com/SuperHacker-liuan/cve-2017-10271-poc tags: cve,cve2017,rce,oracle,weblogic - # Source:- https://github.com/SuperHacker-liuan/cve-2017-10271-poc - requests: - raw: - | diff --git a/cves/2017/CVE-2017-11444.yaml b/cves/2017/CVE-2017-11444.yaml index dff3a197410..0af1f0dba3d 100644 --- a/cves/2017/CVE-2017-11444.yaml +++ b/cves/2017/CVE-2017-11444.yaml @@ -5,12 +5,11 @@ info: author: dwisiswant0 severity: high description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. - reference: https://github.com/intelliants/subrion/issues/479 + reference: + - https://github.com/intelliants/subrion/issues/479 + - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q tags: cve,cve2017,sqli,subrion - # Source: - # - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q - requests: - method: GET path: diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml index bcfd8edfafe..6ccc47bee76 100644 --- a/cves/2017/CVE-2017-14537.yaml +++ b/cves/2017/CVE-2017-14537.yaml @@ -9,7 +9,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - - Product vendor:-https://sourceforge.net/projects/asteriskathome/ + - https://sourceforge.net/projects/asteriskathome/ # vendor homepage requests: - raw: diff --git a/cves/2018/CVE-2018-16763.yaml b/cves/2018/CVE-2018-16763.yaml index 0f46ced01e7..b59d969f156 100644 --- a/cves/2018/CVE-2018-16763.yaml +++ b/cves/2018/CVE-2018-16763.yaml @@ -5,10 +5,10 @@ info: author: pikpikcu severity: critical tags: cve,cve2018,fuelcms,rce - -# Vendor Homepage: https://www.getfuelcms.com/ -# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 -# reference: https://www.exploit-db.com/exploits/47138 + reference: + - https://www.exploit-db.com/exploits/47138 + - https://www.getfuelcms.com/ # Vendor Homepage + - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 # Software Link requests: - raw: diff --git a/cves/2018/CVE-2018-17431.yaml b/cves/2018/CVE-2018-17431.yaml index eb303174335..0a5c8457234 100644 --- a/cves/2018/CVE-2018-17431.yaml +++ b/cves/2018/CVE-2018-17431.yaml @@ -6,10 +6,9 @@ info: severity: critical description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based) tags: cve,cve2018,comodo,rce - - # References: - # - https://www.exploit-db.com/exploits/48825 - # - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 + reference: + - https://www.exploit-db.com/exploits/48825 + - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 requests: - raw: diff --git a/cves/2019/CVE-2019-7256.yaml b/cves/2019/CVE-2019-7256.yaml index d5fb7ff1cf1..93e7ed7adba 100644 --- a/cves/2019/CVE-2019-7256.yaml +++ b/cves/2019/CVE-2019-7256.yaml @@ -5,12 +5,11 @@ info: author: pikpikcu severity: critical description: Linear eMerge E3-Series devices allow Command Injections. - reference: https://www.exploit-db.com/exploits/47619 + reference: + - https://www.exploit-db.com/exploits/47619 + - http://linear-solutions.com/nsc_family/e3-series/ # vendor homepage tags: cve,cve2019,emerge,rce -# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/ -# Software Link: http://linear-solutions.com/nsc_family/e3-series/ - requests: - raw: # Default Port - | diff --git a/cves/2020/CVE-2020-0618.yaml b/cves/2020/CVE-2020-0618.yaml index 6ba8a88aee0..b593db8f88a 100644 --- a/cves/2020/CVE-2020-0618.yaml +++ b/cves/2020/CVE-2020-0618.yaml @@ -5,15 +5,14 @@ info: author: joeldeleep description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. severity: high + # THIS TEMPLATE IS ONLY FOR DETECTING + # To carry out further attacks, please see reference[1] below. + # This template works by guessing user ID. reference: - https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ - https://github.com/euphrat1ca/CVE-2020-0618 tags: cve,cve2020,rce - # THIS TEMPLATE IS ONLY FOR DETECTING - # To carry out further attacks, please see reference[1] below. - # This template works by guessing user ID. - requests: - method: GET path: diff --git a/cves/2020/CVE-2020-10148.yaml b/cves/2020/CVE-2020-10148.yaml index e505f4797d2..f7958eb7cb1 100644 --- a/cves/2020/CVE-2020-10148.yaml +++ b/cves/2020/CVE-2020-10148.yaml @@ -7,14 +7,13 @@ info: description: | This template could allow to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. - reference: https://kb.cert.org/vuls/id/843464 + reference: + - https://kb.cert.org/vuls/id/843464 + - https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml + - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965 + - https://twitter.com/0xsha/status/1343800953946787847 tags: cve,cve2020,solarwinds,rce - # References: - # - https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml - # - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965 - # - https://twitter.com/0xsha/status/1343800953946787847 - requests: - method: GET path: diff --git a/cves/2020/CVE-2020-12720.yaml b/cves/2020/CVE-2020-12720.yaml index cf0dc3791a2..2bc9a5a142d 100644 --- a/cves/2020/CVE-2020-12720.yaml +++ b/cves/2020/CVE-2020-12720.yaml @@ -8,11 +8,6 @@ info: reference: https://github.com/rekter0/exploits/tree/master/CVE-2020-12720 tags: cve,cve2020,vbulletin,sqli - # Source https://github.com/rekter0/exploits/tree/master/CVE-2020-12720 - # This template supports the detection part only. - # Do not test any website without permission - # https://github.com/swisskyrepo/nuclei-templates/blob/20179794c2030144ec85f0231a8d455b5d7e35c5/cves/CVE-2020-12720.yaml - requests: - raw: - | diff --git a/cves/2020/CVE-2020-15505.yaml b/cves/2020/CVE-2020-15505.yaml index 45205e7076d..15ac2adc6c8 100644 --- a/cves/2020/CVE-2020-15505.yaml +++ b/cves/2020/CVE-2020-15505.yaml @@ -6,23 +6,17 @@ info: severity: critical description: | A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. - reference: | + # THIS TEMPLATE IS ONLY FOR DETECTING + # To carry out further attacks, please see reference[2] below. + # This template works by passing a Hessian header, otherwise; + # it will return a 403 or 500 internal server error. Reference[3]. + reference: - https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html - https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505 - https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10 - https://github.com/orangetw/JNDI-Injection-Bypass tags: cve,cve2020,mobileiron,rce - # THIS TEMPLATE IS ONLY FOR DETECTING - # To carry out further attacks, please see references[2] below. - # This template works by passing a Hessian header, otherwise; - # it will return a 403 or 500 internal server error. References[3]. - # References: - # - [1] https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html - # - [2] https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505 - # - [3] https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10 - # - [4] https://github.com/orangetw/JNDI-Injection-Bypass - requests: - raw: - | diff --git a/cves/2020/CVE-2020-24223.yaml b/cves/2020/CVE-2020-24223.yaml index 31a1bf6446f..e5674758dd5 100644 --- a/cves/2020/CVE-2020-24223.yaml +++ b/cves/2020/CVE-2020-24223.yaml @@ -5,13 +5,12 @@ info: author: pikpikcu severity: medium description: Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. - reference: https://www.exploit-db.com/exploits/48777 + reference: + - https://www.exploit-db.com/exploits/48777 + - https://sourceforge.net/projects/maracms/ # vendor homepage + - https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download # software link tags: cve,cve2020,mara,xss - # Vendor Homepage: https://sourceforge.net/projects/maracms/ - # Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download - # Source: https://www.exploit-db.com/exploits/48777 - requests: - method: GET path: diff --git a/cves/2020/CVE-2020-24312.yaml b/cves/2020/CVE-2020-24312.yaml index 81cc8aafe49..395f254458e 100644 --- a/cves/2020/CVE-2020-24312.yaml +++ b/cves/2020/CVE-2020-24312.yaml @@ -6,11 +6,11 @@ info: severity: high description: | mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. - reference: https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/ + reference: + - https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-24312 tags: cve,cve2020,wordpress,backups - # NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-24312 - # Source: https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/ # Note: Manually check content requests: diff --git a/cves/2020/CVE-2020-5776.yaml b/cves/2020/CVE-2020-5776.yaml index e8b8df0a28d..af8c29283c9 100644 --- a/cves/2020/CVE-2020-5776.yaml +++ b/cves/2020/CVE-2020-5776.yaml @@ -12,7 +12,6 @@ info: # in the event that a CSRF is leveraged against an existing admin session for MAGMI. # At the time of this advisory, no patch exists for this issue. - requests: - raw: - | diff --git a/cves/2020/CVE-2020-5777.yaml b/cves/2020/CVE-2020-5777.yaml index 2781b85b505..830da227286 100644 --- a/cves/2020/CVE-2020-5777.yaml +++ b/cves/2020/CVE-2020-5777.yaml @@ -12,8 +12,6 @@ info: # While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php # whith default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=) # Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100 - # Ref: - # - https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35 requests: - raw: diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index 74841a4ce36..2d8af1dd8c0 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -7,17 +7,15 @@ info: tags: cve,cve2020,rce description: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. reference: - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html - https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 + - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html + - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html + - https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 + - https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 + - https://www.hpe.com/us/en/home.html # vendor homepage # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability. - # https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 - # vendor: https://www.hpe.com/us/en/home.html - # software: https://github.com/HewlettPackard/LinuxKI - requests: - method: GET path: diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml index bf637b1ef7f..d8143b9e67f 100644 --- a/cves/2020/CVE-2020-9496.yaml +++ b/cves/2020/CVE-2020-9496.yaml @@ -9,14 +9,7 @@ info: reference: - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html - - - # This template detects a Java deserialization vulnerability in Apache - # OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for - # versions prior to 17.12.04. - # -- - # References: - # - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz + - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz requests: - raw: diff --git a/cves/2021/CVE-2021-22122.yaml b/cves/2021/CVE-2021-22122.yaml index 2738c6092db..53c6058203d 100644 --- a/cves/2021/CVE-2021-22122.yaml +++ b/cves/2021/CVE-2021-22122.yaml @@ -12,14 +12,6 @@ info: - https://twitter.com/ptswarm/status/1357316793753362433 tags: cve,cve2021,fortiweb,xss - # FortiWeb GUI interface may allow an unauthenticated, remote attacker - # to perform a reflected cross site scripting attack (XSS) by injecting - # malicious payload in different vulnerable API end-points. - # - - # References: - # - https://www.fortiguard.com/psirt/FG-IR-20-122 - # - https://twitter.com/ptswarm/status/1357316793753362433 - requests: - method: GET path: diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index 1d812c55c66..95539c89b6e 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -13,7 +13,6 @@ info: # Note:- This is detection template, To perform deserializes do as below # java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot # `cat mad.ot | hex` and replace in along with the url in std-String value - # Exploit: https://github.com/yumusb/CVE-2021-26295-POC requests: - raw: diff --git a/default-logins/grafana/grafana-default-credential.yaml b/default-logins/grafana/grafana-default-credential.yaml index 202a3866344..7f783dfd107 100644 --- a/default-logins/grafana/grafana-default-credential.yaml +++ b/default-logins/grafana/grafana-default-credential.yaml @@ -4,9 +4,11 @@ info: author: pdteam severity: high tags: grafana,default-login + reference: + - https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection + - https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page + - https://github.com/grafana/grafana/issues/14755 - # https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection - # https://github.com/grafana/grafana/issues/14755 # Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user. # So make sure, not to attempt more than 4 password for same valid user. @@ -22,7 +24,7 @@ requests: - admin # Added default grafana and prometheus user. - # Source:- https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page + # Source: https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page attack: sniper diff --git a/default-logins/solarwinds/solarwinds-default-admin.yaml b/default-logins/solarwinds/solarwinds-default-admin.yaml index fe65c24091c..55d834c7b5e 100644 --- a/default-logins/solarwinds/solarwinds-default-admin.yaml +++ b/default-logins/solarwinds/solarwinds-default-admin.yaml @@ -11,9 +11,6 @@ info: # POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1 # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337} - # References: - # - https://github.com/solarwinds/OrionSDK/wiki/REST - requests: - method: GET path: diff --git a/dns/azure-takeover-detection.yaml b/dns/azure-takeover-detection.yaml index 616db8eb2ed..90151fd83ae 100644 --- a/dns/azure-takeover-detection.yaml +++ b/dns/azure-takeover-detection.yaml @@ -5,13 +5,13 @@ info: author: pdteam severity: high tags: dns,takeover + reference: + - https://godiego.tech/posts/STO/ # kudos to @secfaults for sharing process details. - # Update the list with more CNAMEs related to azure + # Update the list with more CNAMEs related to Azure # You need to claim the CNAME in Azure portal (https://portal.azure.com) to confirm the takeover. - # Reference:- https://godiego.tech/posts/STO/, kudos to @secfaults for sharing process details. # Do not report this without claiming the CNAME. - dns: - name: "{{FQDN}}" type: A diff --git a/exposures/configs/alibaba-canal-info-leak.yaml b/exposures/configs/alibaba-canal-info-leak.yaml index 69fa26a6728..424d0f6848e 100644 --- a/exposures/configs/alibaba-canal-info-leak.yaml +++ b/exposures/configs/alibaba-canal-info-leak.yaml @@ -5,10 +5,10 @@ info: author: pikpikcu severity: info tags: config,exposure - - # https://github.com/alibaba/canal/issues/632 - # https://netty.io/wiki/reference-counted-objects.html - # https://my.oschina.net/u/4581879/blog/4753320 + reference: + - https://github.com/alibaba/canal/issues/632 + - https://netty.io/wiki/reference-counted-objects.html + - https://my.oschina.net/u/4581879/blog/4753320 requests: - method: GET diff --git a/technologies/clockwork-php-page.yaml b/technologies/clockwork-php-page.yaml index eab19b1f080..39d17659238 100644 --- a/technologies/clockwork-php-page.yaml +++ b/technologies/clockwork-php-page.yaml @@ -3,7 +3,8 @@ info: name: Clockwork PHP page exposure author: organiccrap severity: high - # https://twitter.com/damian_89_/status/1250721398747791360 + reference: https://twitter.com/damian_89_/status/1250721398747791360 + requests: - method: GET path: diff --git a/technologies/firebase-detect.yaml b/technologies/firebase-detect.yaml index fcf13d12857..fe3ff98b306 100644 --- a/technologies/firebase-detect.yaml +++ b/technologies/firebase-detect.yaml @@ -4,7 +4,7 @@ info: name: firebase detect author: organiccrap severity: low - # http://ghostlulz.com/google-exposed-firebase-database/ + reference: http://ghostlulz.com/google-exposed-firebase-database/ requests: - method: GET diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml index 58d08942741..2620f82dc9c 100644 --- a/technologies/liferay-portal-detect.yaml +++ b/technologies/liferay-portal-detect.yaml @@ -3,8 +3,8 @@ info: name: Liferay Portal Detection author: organiccrap,dwisiswant0 severity: info - # CVE-2020-7961: Liferay Portal Unauthenticated RCE - # https://github.com/mzer0one/CVE-2020-7961-POC + reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE + requests: - method: GET path: diff --git a/vulnerabilities/jira/jira-unauthenticated-dashboards.yaml b/vulnerabilities/jira/jira-unauthenticated-dashboards.yaml index 1590a904fe8..c07f2870605 100644 --- a/vulnerabilities/jira/jira-unauthenticated-dashboards.yaml +++ b/vulnerabilities/jira/jira-unauthenticated-dashboards.yaml @@ -1,7 +1,7 @@ id: jira-unauthenticated-dashboards # If public sharing is ON it allows users to share dashboards and filters with all users including -# those that are not logged in. Those dashboard and filters could reveal potentially sensitive information. +# those that are not logged in. Those dashboards and filters could reveal potentially sensitive information. info: name: Jira Unauthenticated Dashboards diff --git a/vulnerabilities/other/rconfig-rce.yaml b/vulnerabilities/other/rconfig-rce.yaml index daf3feea8e2..5d4a64ee030 100644 --- a/vulnerabilities/other/rconfig-rce.yaml +++ b/vulnerabilities/other/rconfig-rce.yaml @@ -7,10 +7,10 @@ info: tags: rconfig,rce # This template supports the user creation part only. - # To triggering an RCE, see references[2]. - # References: - # - [1] https://www.rconfig.com/downloads/rconfig-3.9.5.zip - # - [2] https://www.exploit-db.com/exploits/48878 + # To triggering an RCE, see reference[2]. + reference: + - https://www.rconfig.com/downloads/rconfig-3.9.5.zip + - https://www.exploit-db.com/exploits/48878 requests: - raw: diff --git a/vulnerabilities/other/sick-beard-xss.yaml b/vulnerabilities/other/sick-beard-xss.yaml index 99281db45de..a384753cdb0 100644 --- a/vulnerabilities/other/sick-beard-xss.yaml +++ b/vulnerabilities/other/sick-beard-xss.yaml @@ -5,10 +5,11 @@ info: author: pikpikcu severity: medium tags: xss - -# Vendor Homepage: https://sickbeard.com/ -# Software Link: https://github.com/midgetspy/Sick-Beard -# shodan dork: sickbeard + reference: + - https://sickbeard.com/ # vendor homepage + - https://github.com/midgetspy/Sick-Beard # software link + customAttributes: + shodan-dork: sickbeard requests: - method: GET diff --git a/vulnerabilities/springboot/springboot-h2-db-rce.yaml b/vulnerabilities/springboot/springboot-h2-db-rce.yaml index 210c9f56387..4dc41f4bc99 100644 --- a/vulnerabilities/springboot/springboot-h2-db-rce.yaml +++ b/vulnerabilities/springboot/springboot-h2-db-rce.yaml @@ -7,7 +7,6 @@ info: tags: springboot,rce # Payload taken from @pyn3rd (Twitter), see reference[2]. - reference: - https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database - https://twitter.com/pyn3rd/status/1305151887964946432 diff --git a/vulnerabilities/wordpress/wordpress-emergency-script.yaml b/vulnerabilities/wordpress/wordpress-emergency-script.yaml index 4be5b85aa10..b575cc4a576 100644 --- a/vulnerabilities/wordpress/wordpress-emergency-script.yaml +++ b/vulnerabilities/wordpress/wordpress-emergency-script.yaml @@ -5,8 +5,6 @@ info: author: dwisiswant0 severity: info tags: wordpress - - # Ref:- reference: https://wordpress.org/support/article/resetting-your-password/#using-the-emergency-password-reset-script requests: