20240913

date.txt

@@ -1 +1 @@
-20240912
+20240913

poc/adobe/servudaemon-ini.yaml

@@ -1,21 +1,21 @@
-id: servudaemon-ini
-
-info:
-  name: servudaemon-ini
-  author: NoRed0x
-  severity: high
-  description: This Nuclei template checks for sensitive data disclosure vulnerabilities at the servudaemon.ini file
-  tags: config, secrets, leaks
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/servudaemon.ini'
-    stop-at-first-match: true
-    matchers:
-      - type: word
-        part: body
-        words:
-          - 'LocalSetupPassword'
-          - '[GLOBAL]'
-          - 'LogFileSystemMes'
+id: servudaemon-ini
+
+info:
+  name: servudaemon-ini
+  author: NoRed0x
+  severity: high
+  description: This Nuclei template checks for sensitive data disclosure vulnerabilities at the servudaemon.ini file
+  tags: config, secrets, leaks
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/servudaemon.ini'
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'LocalSetupPassword'
+          - '[GLOBAL]'
+          - 'LogFileSystemMes'

poc/api/mstore-api-38ba49601a425b3e76ea50d7fcb5c3bf.yaml

@@ -0,0 +1,59 @@
+id: mstore-api-38ba49601a425b3e76ea50d7fcb5c3bf
+
+info:
+  name: >
+    MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/59c5b6e7-74b0-430d-8b4a-5a42220f3ec9?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/mstore-api/"
+    google-query: inurl:"/wp-content/plugins/mstore-api/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,mstore-api,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "mstore-api"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 4.15.3')

poc/api/mstore-api-5aa30296a4f0ae648270a4e74d17b635.yaml

@@ -0,0 +1,59 @@
+id: mstore-api-5aa30296a4f0ae648270a4e74d17b635
+
+info:
+  name: >
+    MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3834a6-a6f5-4cc7-951e-a6ada6346b07?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/mstore-api/"
+    google-query: inurl:"/wp-content/plugins/mstore-api/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,mstore-api,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "mstore-api"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 4.15.3')

poc/auth/Mantis-Default_login.yaml

@@ -1,4 +1,5 @@
 id: mantisbt-default-credential
+
 info:
   name: MantisBT Default Admin Login
   author: For3stCo1d
@@ -13,6 +14,7 @@ info:
     cvss-score: 8.3
     cwe-id: CWE-522
   tags: mantisbt,default-login
+
 requests:
   - raw:
       - |
@@ -21,19 +23,22 @@ requests:
         Content-Type: application/x-www-form-urlencoded
 
         return=index.php&username={{user}}&password={{pass}}
+
     attack: pitchfork
     payloads:
       user:
         - administrator
       pass:
         - root
+
     matchers-condition: and
     matchers:
       - type: dsl
         dsl:
           - contains(tolower(all_headers), 'mantis_secure_session')
           - contains(tolower(all_headers), 'mantis_string_cookie')
         condition: and
+
       - type: status
         status:
           - 302

poc/auth/login-screen-manager-d96b919b70e327f92b0707dadc93f77b.yaml

@@ -0,0 +1,59 @@
+id: login-screen-manager-d96b919b70e327f92b0707dadc93f77b
+
+info:
+  name: >
+    Login Screen Manager <= 3.5.2 - Cross-Site Request Forgery
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/288db6ba-5d6c-448d-85c5-f9a19a9391c0?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/login-screen-manager/"
+    google-query: inurl:"/wp-content/plugins/login-screen-manager/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,login-screen-manager,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/login-screen-manager/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "login-screen-manager"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.5.2')

poc/auth/sign-up-sheets-2274954363ea101c579ff78257df6249.yaml

@@ -0,0 +1,59 @@
+id: sign-up-sheets-2274954363ea101c579ff78257df6249
+
+info:
+  name: >
+    Sign-up Sheets <= 2.2.12 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba06e298-308d-4378-96b8-5ac4e7cc63c0?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/sign-up-sheets/"
+    google-query: inurl:"/wp-content/plugins/sign-up-sheets/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,sign-up-sheets,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/sign-up-sheets/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "sign-up-sheets"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.2.12')

poc/auth/yith-custom-login-5833fd7b8ccc9d761d8d7cf9f9917d96.yaml

@@ -0,0 +1,59 @@
+id: yith-custom-login-5833fd7b8ccc9d761d8d7cf9f9917d96
+
+info:
+  name: >
+    YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/0828a4a4-2dd5-4dff-8563-c81d6b24b949?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/yith-custom-login/"
+    google-query: inurl:"/wp-content/plugins/yith-custom-login/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,yith-custom-login,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/yith-custom-login/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "yith-custom-login"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.7.3')