Skip to content

Commit

Permalink
Finalized changes for v8.7
Browse files Browse the repository at this point in the history
Added CVE-2020-15129 - Open Redirect In Traefik sc0pe template
  • Loading branch information
1N3 committed Sep 15, 2020
1 parent 8d7c2bd commit 05c60b4
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 6 deletions.
11 changes: 6 additions & 5 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
* v8.7 - Updated web file bruteforce lists
* v8.7 - Added updated Slack API integration/notifications
* v8.7 - Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
* v8.7 - Added CVE-2020-15129 - Open Redirect In Traefik sc0pe template
* v8.7 - Added MobileIron Login sc0pe template
* v8.7 - Added Revive Adserver XSS sc0pe template
* v8.7 - Added IceWarp Webmail XSS sc0pe template
* v8.7 - Added Mara CMS v7.5 XSS sc0pe template
* v8.7 - Added Administrative Privilege Escalation in SAP NetWeaver
* v8.7 - Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template
* v8.7 - Added Magento 2.3.0 SQL Injection sc0pe template
* v8.7 - Added CVE-2020-15920 - Unauthenticated RCE at Mida eFramework sc0pe template
* v8.7 - Added CVE-2019-7192 - QNAP Pre-Auth Root RCE sc0pe template
Expand All @@ -19,11 +20,11 @@
* v8.7 - Added Robots.txt Detected sc0pe template
* v8.7 - Added AWS S3 Public Bucket Listing sc0pe template
* v8.7 - Fixed logic error in stealth mode recon scans not running
* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset
* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template
* v8.7 - Fixed F- detection in Wordpress Sc0pe templates
* v8.7 - Added CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection
* v8.7 - Added CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE
* v8.7 - Added CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass
* v8.7 - Added CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection sc0pe template
* v8.7 - Added CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE sc0pe template
* v8.7 - Added CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template
* v8.6 - Added new Sn1per configuration flow that allows persistent user configurations and API key transfer
* v8.6 - Updated port lists to remove duplicate ports error and slim down list
* v8.6 - Updated PHP to 7.4
Expand Down
2 changes: 1 addition & 1 deletion sniper
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ if [[ $EUID -ne 0 ]]; then
exit 1
fi

VER="8.6"
VER="8.7"
INSTALL_DIR="/usr/share/sniper"
LOOT_DIR="$INSTALL_DIR/loot/$TARGET"
SNIPER_PRO=$INSTALL_DIR/pro.sh
Expand Down
9 changes: 9 additions & 0 deletions templates/active/CVE-2020-15129_-_Open_Redirect_In_Traefik.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
AUTHOR='@xer0dayz'
VULN_NAME='CVE-2020-15129 - Open Redirect In Traefik'
URI='/'
METHOD='GET'
MATCH="<a href=\"https://google.com/dashboard/\">Found</a>"
SEVERITY='P3 - MEDIUM'
CURL_OPTS="--user-agent '' -s -L --insecure -H 'X-Forwarded-Prefix: https://google.com'"
SECONDARY_COMMANDS=''
GREP_OPTIONS='-i'

0 comments on commit 05c60b4

Please sign in to comment.