up PoCs 2022-09-09

Author: hktalent

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "nuclei-templates"]
 	path = nuclei-templates
-	url = [email protected]:hktalent/nuclei-templates.git
+	szUrl = [email protected]:hktalent/nuclei-templates.git

README.md

@@ -1,4 +1,4 @@
-[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
+[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
 <p align="center">
    <a href="/README_CN.md">README_中文</a> •
    <a href="/static/Installation.md">Compile/Install/Run</a> •
@@ -149,7 +149,7 @@ where 92.168.0.111 is the target to query
   <a href=https://github.com/hktalent/scan4all/discussions>Using Help</a>
 ```bash
 go build
-# Precise scan url list UrlPrecise=true
+# Precise scan szUrl list UrlPrecise=true
 UrlPrecise=true ./scan4all -l xx.txt
 # Disable adaptation to nmap and use naabu port to scan its internally defined http-related ports
 priorityNmap=false ./scan4all -tp http -list allOut.txt -v

README_CN.md

@@ -1,4 +1,4 @@
-[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
+[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
 <p align="center">
    <a href="/README.md">README_EN</a> •
    <a href="/static/Installation.md">编译/安装/运行</a> •

brute/dicts/filedic.txt

@@ -1696,7 +1696,7 @@
 /api/payment?id=
 /api/prod/services
 /api/proxy
-/api/proxy?url=
+/api/proxy?szUrl=
 /api/saved_objects/_find?type=index-pattern&per_page=100
 /api/search
 /api/sessions
@@ -7517,7 +7517,7 @@ go
 go.%EXT%
 google
 google-services.json
-gotoURL.asp?url=google.com&id=43569
+gotoURL.asp?szUrl=google.com&id=43569
 grabbed.html
 gradle-app.setting
 gradle/
@@ -9644,7 +9644,7 @@ plugins/
 plugins/editors/fckeditor
 plugins/fckeditor
 plugins/servlet/gadgets/makeRequest
-plugins/servlet/gadgets/makeRequest?url=https://google.com
+plugins/servlet/gadgets/makeRequest?szUrl=https://google.com
 plugins/servlet/oauth/users/icon
 plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload.swf
 plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload_f9.swf
@@ -11135,8 +11135,8 @@ ur-admin
 ur-admin.php
 ur-admin/
 uri
-url
-url.jsp
+szUrl
+szUrl.jsp
 us
 usage
 usage/
@@ -11566,7 +11566,7 @@ wp-content/plugins/count-per-day/js/yc/d00.php
 wp-content/plugins/disqus-comment-system/disqus.php
 wp-content/plugins/google-sitemap-generator/sitemap-core.php
 wp-content/plugins/hello.php
-wp-content/plugins/jrss-widget/proxy.php?url=
+wp-content/plugins/jrss-widget/proxy.php?szUrl=
 wp-content/plugins/super-forms/
 wp-content/plugins/wp-publication-archive/includes/openfile.php?file=
 wp-content/plugins/wpengine-snapshot/snapshots/

config/databases/db_dictionary

@@ -1683,7 +1683,7 @@ upfiles
 upload
 uploader
 uploads
-url
+szUrl
 urls
 us
 usa

config/databases/db_server_msgs

@@ -118,15 +118,15 @@
 "800098","jakarta-tomcat-4.0.1","0","Server will reveal path"
 "800099","JavaWebServer","0","Probably Sun Microsystem's servlet interface. May have default code which is exploitable. Try admin/admin for id/password."
 "800100","JetAdmin","0","HP Printer"
-"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent url is requested, i.e. [victim site]/[javascript].jsp"
+"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent szUrl is requested, i.e. [victim site]/[javascript].jsp"
 "800102","Jigsaw\/([0-1].*|2\.([0-1].*|2\.0))","0","Jigsaw 2.1.0 or below may be vulnerable to XSS if a nonexistent host name is requested, i.e. nosuchhost.domain.com/<script>..."
 "800103","Jigsaw\/2\.2\.1","0","Jigsaw 2.1.1 on Windows may be tricked into revealing the system path by requesting /aux two times."
 "800104","JRun\/([0-3]\..*|4\.0)","0","JRun 4.0 and below on IIS is vulnerable to remote buffer overflow with a filename over 4096. http://www.macromedia.com/v1/handlers/index.cfm?ID=23500 and http://www.eeye.com/html/Research/Advisories/index.html"
 "800105","JRun\/3\.1","0","JRun 3.1 on Windows NT/2000 is vulnerable to remote buffer overflow in the Host header field that can allow attackers to exploit the system."
 "800106","KazaaClient","0","Kazaa may allow sensitive information to be retrieved, http://www.securiteam.com/securitynews/5UP0L2K55W.html"
 "800107","LabVIEW\/(5\.[1-9]|6\.[0-1])","0","LabVIEW 5.1.1 to 6.1 is vulnerable to a remote DoS by sending a malformed GET request. This DoS was not attempted."
 "800108","Lasso\/3\.6\.5","0","This version of Blueworld WebData engine is vulnerable to DoS by sending a 1600 character long GET request."
-"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the url."
+"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the szUrl."
 "800110","LocalWeb2000\/([0-1]\.*|2\.(0\.*|1\.0))","0","LocalWeb2000 2.1.0 and below allow protected files to be retrieved by prepending the request with /./"
 "800111","Lotus-Domino\/([0-3].*|4\.([0-1].*|2\.([0-1].*|3)))","0","This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details."
 "800112","Lotus-Domino\/4\.[5-6]","0","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
@@ -157,7 +157,7 @@
 "800137","myCIO","0","The McAfee myCIO server provides antivirus updates to clients. This server has had multiple vulnerabilities in the past."
 "800138","Mylo/0\.([0-1]|2\.[0-1])","0","mod_mylo may be vulnerable to a remote buffer overflow. Upgrade to the latest version. BID-8287."
 "800139","MyServer 0\.([0-3]\..*|4\.[0-2])","0","MyServer versions lower than 0.5 contain multiple remote vulnerabilities."
-"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a url of approximately 1000 characters."
+"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a szUrl of approximately 1000 characters."
 "800141","ncsa","0","lower than v1.3 have multiple issues"
 "800142","neowebscript","0","Apache plugin to allow TCL use"
 "800143","netcloak","0","http://www.maxum.com plugin for webstar"