-
Notifications
You must be signed in to change notification settings - Fork 238
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3254da2
commit dd17764
Showing
45 changed files
with
2,688 additions
and
289 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 20240914 | ||
| 20240915 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,45 +1,52 @@ | ||
| id: jenkins-weak-password | ||
| info: | ||
| name: Jenkins Default Login | ||
| author: | ||
| - l0ne1y | ||
| tags: | ||
| - jenkins | ||
| - default-login | ||
| description: |- | ||
| Jenkins 默认口令登录漏洞 | ||
| CloudBees Jenkins(Hudson Labs)是美国CloudBees公司的一套基于Java开发的持续集成工具。该产品主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。Audit Trail Plugin是使用在其中的一个审核日志记录插件。其管理后台存在默认账户admin/admin,攻击者可通过默认账户登录后台实施高危操作。 | ||
| author: Zandros0 | ||
| severity: high | ||
| tags: jenkins,default-login | ||
| description: Jenkins default admin login information was discovered. | ||
| classification: | ||
| cwe-id: | ||
| - cwe-522 | ||
| cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L | ||
| cvss-score: 8.3 | ||
| remediation: |- | ||
| 1、建议系统管理人员将已发现的弱口令立即改成强口令,并拉网式排查所有系统管理员、用户、设备的弱口令,清扫未发现的弱口令。 | ||
| 2、弱口令重在管理。企业应制定强口令制度(如:密码需包含大小写字母、数字、特殊字符至少三种格式,长度不少于十位,并且密码键盘排列无序,密码企业、个人信息无关联。 | ||
| 3、弱口令排查方式可以通过汇总企业所有人员账户后根据强口令规则匹配自查、个性化制定字典暴力破解两种方式。 | ||
| 4、推荐强口令在线生成:[https://suijimimashengcheng.51240.com/](https://suijimimashengcheng.51240.com/) | ||
| 5、推荐口令强度在线检测:[https://howsecureismypassword.net/](https://howsecureismypassword.net/) | ||
| cve-id: | ||
| cwe-id: CWE-522 | ||
| requests: | ||
| - matchers: | ||
| - type: dsl | ||
| condition: and | ||
| dsl: | ||
| - contains(body_3, "/logout") | ||
| - contains(body_3, "Dashboard [Jenkins]") | ||
| raw: | ||
| - | | ||
| GET / HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| - | | ||
| POST /j_spring_security_check HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Content-Type: application/x-www-form-urlencoded | ||
| - raw: | ||
| - | | ||
| GET /login HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| - | | ||
| POST /j_spring_security_check HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Content-Type: application/x-www-form-urlencoded | ||
| Cookie: {{cookie}} | ||
| j_username=admin&j_password=admin&from=%2F&Submit=Sign+in | ||
| - | | ||
| GET / HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| cookie-reuse: true | ||
| req-condition: true | ||
| j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in | ||
| - | | ||
| GET / HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Cookie: {{cookie}} | ||
| attack: pitchfork | ||
| payloads: | ||
| username: | ||
| - admin | ||
| - jenkins | ||
| password: | ||
| - admin | ||
| - password | ||
| extractors: | ||
| - type: regex | ||
| name: cookie | ||
| internal: true | ||
| part: header | ||
| regex: | ||
| - 'JSESSIONID\..*=([a-z0-9.]+)' | ||
| req-condition: true | ||
| matchers: | ||
| - type: dsl | ||
| condition: and | ||
| dsl: | ||
| - 'contains(body_3, "/logout")' | ||
| - 'contains(body_3, "Dashboard [Jenkins]")' | ||
|
|
||
| # Enhanced by mp on 2022/03/10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| id: exposed-vnc-no-auth | ||
|
|
||
| info: | ||
| name: Exposed VNC Server No-Auth | ||
| author: Redflare Cyber | ||
| severity: high | ||
| description: This template checks for VNC servers that do not require authentication, which can allow unauthorized access to the system. | ||
| classification: | ||
| cwe-id: CWE-306 | ||
| metadata: | ||
| max-request: 1 | ||
| shodan-query: 'port:5900 product:"VNC"' | ||
| tags: network,vnc,exposed,no-auth,tcp | ||
|
|
||
| tcp: | ||
| - inputs: | ||
| - data: "\r\n" | ||
| host: | ||
| - "{{Hostname}}" | ||
| port: 5900,5901,5902 | ||
|
|
||
| matchers: | ||
| - type: word | ||
| words: | ||
| - "RFB" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| part: body | ||
| regex: | ||
| - "Authentication disabled" | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| id: CVE-2022-3459 | ||
|
|
||
| info: | ||
| name: > | ||
| WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding | ||
| author: topscoder | ||
| severity: medium | ||
| description: > | ||
| The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add non-gift items to their cart as a gift. | ||
| reference: | ||
| - https://github.com/topscoder/nuclei-wordfence-cve | ||
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb9c321-1a2c-4593-9947-2071a908ee1c?source=api-prod | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | ||
| cvss-score: 5.3 | ||
| cve-id: CVE-2022-3459 | ||
| metadata: | ||
| fofa-query: "wp-content/plugins/woocommerce-multiple-free-gift/" | ||
| google-query: inurl:"/wp-content/plugins/woocommerce-multiple-free-gift/" | ||
| shodan-query: 'vuln:CVE-2022-3459' | ||
| tags: cve,wordpress,wp-plugin,woocommerce-multiple-free-gift,medium | ||
|
|
||
| http: | ||
| - method: GET | ||
| redirects: true | ||
| max-redirects: 3 | ||
| path: | ||
| - "{{BaseURL}}/wp-content/plugins/woocommerce-multiple-free-gift/readme.txt" | ||
|
|
||
| extractors: | ||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| internal: true | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| - type: regex | ||
| name: version | ||
| part: body | ||
| group: 1 | ||
| regex: | ||
| - "(?mi)Stable tag: ([0-9.]+)" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| - type: word | ||
| words: | ||
| - "woocommerce-multiple-free-gift" | ||
| part: body | ||
|
|
||
| - type: dsl | ||
| dsl: | ||
| - compare_versions(version, '<= 1.2.3') |
Oops, something went wrong.