up PoCs 2022-08-14

Author: hktalent

config/nuclei-templates/51pwn/CVE-2021-26855.yaml

@@ -22,11 +22,6 @@ Nuclei Templates
   <a href="https://discord.gg/projectdiscovery">Join Discord</a>
 </p>
 
-<p align="center">
-  <a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/README.md">English</a> •
-  <a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/README_KR.md">Korean</a>
-</p>
-
 ----
 
 Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
@@ -47,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1325 | daffainfo     |   629 | cves             |  1306 | info     |  1398 | http    |  3644 |
-| panel     |   604 | dhiyaneshdk   |   509 | exposed-panels   |   613 | high     |   955 | file    |    76 |
-| lfi       |   490 | pikpikcu      |   322 | vulnerabilities  |   506 | medium   |   784 | network |    50 |
-| xss       |   451 | pdteam        |   269 | technologies     |   273 | critical |   445 | dns     |    17 |
-| wordpress |   409 | geeknik       |   187 | exposures        |   254 | low      |   211 |         |       |
-| exposure  |   360 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
-| cve2021   |   324 | 0x_akoko      |   157 | misconfiguration |   210 |          |       |         |       |
-| rce       |   319 | princechaddha |   149 | workflows        |   187 |          |       |         |       |
-| wp-plugin |   304 | pussycat0x    |   130 | default-logins   |   102 |          |       |         |       |
-| tech      |   286 | gy741         |   126 | file             |    76 |          |       |         |       |
-
-**286 directories, 4012 files**.
+| cve       |  1351 | daffainfo     |   629 | cves             |  1324 | info     |  1415 | http    |  3700 |
+| panel     |   616 | dhiyaneshdk   |   535 | exposed-panels   |   624 | high     |   962 | file    |    76 |
+| lfi       |   495 | pikpikcu      |   325 | vulnerabilities  |   521 | medium   |   799 | network |    51 |
+| xss       |   463 | pdteam        |   269 | technologies     |   276 | critical |   459 | dns     |    17 |
+| wordpress |   417 | geeknik       |   187 | exposures        |   260 | low      |   215 |         |       |
+| exposure  |   369 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
+| cve2021   |   339 | 0x_akoko      |   158 | misconfiguration |   214 |          |       |         |       |
+| rce       |   331 | princechaddha |   150 | workflows        |   187 |          |       |         |       |
+| wp-plugin |   312 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
+| tech      |   288 | gy741         |   126 | file             |    76 |          |       |         |       |
+
+**290 directories, 4070 files**.
 
 </td>
 </tr>

config/nuclei-templates/README.md

@@ -1,12 +1,12 @@
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1325 | daffainfo     |   629 | cves             |  1306 | info     |  1398 | http    |  3644 |
-| panel     |   604 | dhiyaneshdk   |   509 | exposed-panels   |   613 | high     |   955 | file    |    76 |
-| lfi       |   490 | pikpikcu      |   322 | vulnerabilities  |   506 | medium   |   784 | network |    50 |
-| xss       |   451 | pdteam        |   269 | technologies     |   273 | critical |   445 | dns     |    17 |
-| wordpress |   409 | geeknik       |   187 | exposures        |   254 | low      |   211 |         |       |
-| exposure  |   360 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
-| cve2021   |   324 | 0x_akoko      |   157 | misconfiguration |   210 |          |       |         |       |
-| rce       |   319 | princechaddha |   149 | workflows        |   187 |          |       |         |       |
-| wp-plugin |   304 | pussycat0x    |   130 | default-logins   |   102 |          |       |         |       |
-| tech      |   286 | gy741         |   126 | file             |    76 |          |       |         |       |
+| cve       |  1351 | daffainfo     |   629 | cves             |  1324 | info     |  1415 | http    |  3700 |
+| panel     |   616 | dhiyaneshdk   |   535 | exposed-panels   |   624 | high     |   962 | file    |    76 |
+| lfi       |   495 | pikpikcu      |   325 | vulnerabilities  |   521 | medium   |   799 | network |    51 |
+| xss       |   463 | pdteam        |   269 | technologies     |   276 | critical |   459 | dns     |    17 |
+| wordpress |   417 | geeknik       |   187 | exposures        |   260 | low      |   215 |         |       |
+| exposure  |   369 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
+| cve2021   |   339 | 0x_akoko      |   158 | misconfiguration |   214 |          |       |         |       |
+| rce       |   331 | princechaddha |   150 | workflows        |   187 |          |       |         |       |
+| wp-plugin |   312 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
+| tech      |   288 | gy741         |   126 | file             |    76 |          |       |         |       |

config/nuclei-templates/TEMPLATES-STATS.json

@@ -0,0 +1,34 @@
+id: CNVD-2017-03561
+
+info:
+  name: Panwei e-mobile - Ognl Injection
+  author: ritikchaddha
+  severity: high
+  reference:
+    - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
+  metadata:
+    verified: true
+    fofa-query: app="泛微-eMobile"
+  tags: cnvd,cnvd2017,emobile,ognl,panwei
+
+variables:
+  num1: "9999"
+  num2: "5555"
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.do?message={{num1}}*{{num2}}"
+      - "{{BaseURL}}/login/login.do?message={{num1}}*{{num2}}"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '55544445'
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/TEMPLATES-STATS.md

@@ -11,6 +11,8 @@ info:
     - https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4942
+  classification:
+    cve-id: CVE-2014-4942
   tags: cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure
 
 requests:

config/nuclei-templates/TOP-10.md

@@ -1,15 +1,15 @@
 id: CVE-2016-1000127
 
 info:
-  name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin ajax-random-post v2.00
+  description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=494
     - https://wordpress.org/plugins/ajax-random-post
     - http://web.archive.org/web/20210614214105/https://www.securityfocus.com/bid/93895
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/05

config/nuclei-templates/cnvd/2017/CNVD-2017-03561.yaml

@@ -1,13 +1,14 @@
 id: CVE-2016-1000128
 
 info:
-  name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
+  description: WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting.
   reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=161
     - https://wordpress.org/plugins/anti-plagiarism
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000128
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/05

config/nuclei-templates/cves/2014/CVE-2014-4942.yaml

@@ -1,11 +1,11 @@
 id: CVE-2018-19915
 
 info:
-  name: DomainMOD 4.11.01 - Cross-Site Scripting
+  name: DomainMOD <=4.11.01 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
+    DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field.
   reference:
     - https://github.com/domainmod/domainmod/issues/87
     - https://www.exploit-db.com/exploits/46376/
@@ -50,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2016/CVE-2016-1000127.yaml

@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/ssl-provider.php ssl-provider-name, ssl-provider's-url parameters.
+    DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters.
   reference:
     - https://github.com/domainmod/domainmod/issues/88
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-20009
     - https://www.exploit-db.com/exploits/46372/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20009
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -50,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2016/CVE-2016-1000128.yaml

@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/ssl-provider-account.php Username field.
+    DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field.
   reference:
     - https://www.exploit-db.com/exploits/46373/
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-20010
     - https://github.com/domainmod/domainmod/issues/88
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20010
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -50,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2018/CVE-2018-19915.yaml

@@ -5,7 +5,7 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/category.php CatagoryName, StakeHolder parameters.
+    DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters.
   reference:
     - https://www.exploit-db.com/exploits/46374/
     - https://github.com/domainmod/domainmod/issues/88
@@ -50,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2018/CVE-2018-20009.yaml

@@ -1,14 +1,14 @@
 id: CVE-2018-20462
 
 info:
-  name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress JSmol2WP <=1.07 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
+  description: WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-20462
     - https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS
     - https://wpvulndb.com/vulnerabilities/9196
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20462
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/11

config/nuclei-templates/cves/2018/CVE-2018-20010.yaml

@@ -1,12 +1,13 @@
 id: CVE-2018-20824
 
 info:
-  name: Atlassian Jira WallboardServlet XSS
+  name: Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
-  description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
+  description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.
   reference:
     - https://jira.atlassian.com/browse/JRASERVER-69238
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20824
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         regex:
           - (?mi)timeout:\salert\(document\.domain\)
         part: body
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2018/CVE-2018-20011.yaml

@@ -1,13 +1,14 @@
 id: CVE-2018-5230
 
 info:
-  name: Atlassian Confluence Status-List XSS
+  name: Atlassian Jira Confluence - Cross-Site Scripting
   author: madrobot
   severity: medium
   description: |
-    The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
+    Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.
   reference:
     - https://jira.atlassian.com/browse/JRASERVER-67289
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-5230
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,4 +39,6 @@ requests:
       - type: word
         part: header
         words:
-          - 'text/html'
+          - 'text/html'
+
+# Enhanced by mp on 2022/08/11

config/nuclei-templates/cves/2018/CVE-2018-20462.yaml

@@ -1,15 +1,15 @@
 id: CVE-2018-5233
 
 info:
-  name: Grav CMS before 1.3.0 allows XSS.
+  name: Grav CMS <1.3.0 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
+    Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-5233
     - https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/
     - http://www.openwall.com/lists/oss-security/2018/03/15/1
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-5233
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2018/CVE-2018-20824.yaml

@@ -1,15 +1,15 @@
 id: CVE-2018-5316
 
 info:
-  name: SagePay Server Gateway for WooCommerce <= 1.0.8 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
+  description: WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-5316
     - https://wordpress.org/support/topic/sagepay-server-gateway-for-woocommerce-1-0-7-cross-site-scripting/#post-9792337
     - https://wordpress.org/plugins/sagepay-server-gateway-for-woocommerce/#developers
     - https://packetstormsecurity.com/files/145459/WordPress-Sagepay-Server-Gateway-For-WooCommerce-1.0.7-XSS.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-5316
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/10

config/nuclei-templates/cves/2018/CVE-2018-5230.yaml

@@ -1,15 +1,15 @@
 id: CVE-2018-5715
 
 info:
-  name: SugarCRM 3.5.1 - Reflected XSS
+  name: SugarCRM 3.5.1 - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
+  description: SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable).
   reference:
     - https://www.exploit-db.com/exploits/43683
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-5715
     - https://m4k4br0.github.io/sugarcrm-xss/
     - https://www.exploit-db.com/exploits/43683/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-5715
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/11