-
Notifications
You must be signed in to change notification settings - Fork 240
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c22ff79
commit 52b8e5a
Showing
35 changed files
with
1,223 additions
and
412 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 20240831 | ||
| 20240901 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| id: apache-hertzbeat-default-login | ||
|
|
||
| info: | ||
| name: Apache HertzBeat Default Credentials | ||
| author: securitytaters | ||
| severity: high | ||
| description: Apache HertzBeat enables default admin credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. | ||
| reference: | ||
| - https://github.com/apache/hertzbeat?tab=readme-ov-file#1install-quickly-via-docker | ||
| tags: hertzbeat,default-login | ||
|
|
||
| variables: | ||
| username: admin | ||
| password: hertzbeat | ||
|
|
||
| http: | ||
| - raw: | ||
| - |- | ||
| POST /api/account/auth/form HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Content-Type: application/json | ||
| {"type":0,"identifier":"{{username}}","credential":"{{password}}"} | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| part: body | ||
| words: | ||
| - '"token":"eyJ' | ||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2022-4100 | ||
|
|
||
| info: | ||
| name: > | ||
| WP Cerber Security <= 9.4 - IP Protection Bypass | ||
| author: topscoder | ||
| severity: medium | ||
| description: > | ||
| The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | ||
| cvss-score: 5.3 | ||
| cve-id: CVE-2022-4100 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/wp-cerber/" | ||
| google-query: inurl:"/wp-content/plugins/wp-cerber/" | ||
| shodan-query: 'vuln:CVE-2022-4100' | ||
| tags: cve,wordpress,wp-plugin,wp-cerber,medium | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "wp-cerber" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 9.4') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2022-4536 | ||
|
|
||
| info: | ||
| name: > | ||
| IP Vault – WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism Bypass | ||
| author: topscoder | ||
| severity: medium | ||
| description: > | ||
| The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/66e89753-f83e-4e60-b165-6d3d101d6c59?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | ||
| cvss-score: 5.3 | ||
| cve-id: CVE-2022-4536 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/ip-vault-wp-firewall/" | ||
| google-query: inurl:"/wp-content/plugins/ip-vault-wp-firewall/" | ||
| shodan-query: 'vuln:CVE-2022-4536' | ||
| tags: cve,wordpress,wp-plugin,ip-vault-wp-firewall,medium | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/ip-vault-wp-firewall/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "ip-vault-wp-firewall" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 1.1') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2022-4539 | ||
|
|
||
| info: | ||
| name: > | ||
| Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass | ||
| author: topscoder | ||
| severity: medium | ||
| description: > | ||
| The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e99531c-8742-4f91-8525-65bb3cb06644?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | ||
| cvss-score: 5.3 | ||
| cve-id: CVE-2022-4539 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/web-application-firewall/" | ||
| google-query: inurl:"/wp-content/plugins/web-application-firewall/" | ||
| shodan-query: 'vuln:CVE-2022-4539' | ||
| tags: cve,wordpress,wp-plugin,web-application-firewall,medium | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/web-application-firewall/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "web-application-firewall" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 2.1.2') |
Oops, something went wrong.