fix bugs

DEVisions · Jun 5, 2023 · 9921dfc · 9921dfc
1 parent 6bd8403
commit 9921dfc
Show file tree

Hide file tree

Showing 45 changed files with 45 additions and 45 deletions.
diff --git a/http/exposed-panels/adminer-panel-detect.yaml b/http/exposed-panels/adminer-panel-detect.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: fuzz,adminer,login
+  tags: fuzz,adminer,login,panel
 
   # <= 4.2.4 can have unauthenticated RCE via SQLite driver
   # <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL

diff --git a/http/exposed-panels/avtech-dvr-exposure.yaml b/http/exposed-panels/avtech-dvr-exposure.yaml
@@ -7,7 +7,7 @@ info:
   description: AVTECH AVC798HA DVR is susceptible to information exposure. CGI scripts in the /cgi-bin/nobody directory can be accessed without authentication. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - http://www.avtech.com.tw/
-  tags: dvr,avpanel
+  tags: dvr,avtech,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/cacti-panel.yaml b/http/exposed-panels/cacti-panel.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: cacti,login
+  tags: cacti,login,panel
   metadata:
     max-request: 2
 

diff --git a/http/exposed-panels/checkmk/checkmk-login.yaml b/http/exposed-panels/checkmk/checkmk-login.yaml
@@ -9,7 +9,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: login,synology,rackstation
+  tags: login,synology,rackstation,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/dzzoffice/dzzoffice-install.yaml b/http/exposed-panels/dzzoffice/dzzoffice-install.yaml
@@ -14,7 +14,7 @@ info:
     verified: true
     shodan-query: http.favicon.hash:-1961736892
     fofa-query: title="dzzoffice"
-  tags: dzzoffice,install
+  tags: dzzoffice,install,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/edgeos-login.yaml b/http/exposed-panels/edgeos-login.yaml
@@ -9,7 +9,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: login,edgeos,edgemax
+  tags: login,edgeos,edgemax,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/gnu-mailman.yaml b/http/exposed-panels/gnu-mailman.yaml
@@ -14,7 +14,7 @@ info:
     max-request: 2
     verified: true
     shodan-query: title:"Mailing Lists"
-  tags: mailman
+  tags: mailman,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/gryphon-login.yaml b/http/exposed-panels/gryphon-login.yaml
@@ -12,7 +12,7 @@ info:
   metadata:
     max-request: 1
     shodan-query: http.title:"Gryphon"
-  tags: gryphon,router
+  tags: gryphon,router,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/konga-panel.yaml b/http/exposed-panels/konga-panel.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: konga,oss
+  tags: konga,oss,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/kubernetes-enterprise-manager.yaml b/http/exposed-panels/kubernetes-enterprise-manager.yaml
@@ -12,7 +12,7 @@ info:
   metadata:
     max-request: 1
     fofa-query: app="Kubernetes-Enterprise-Manager"
-  tags: kubernetes
+  tags: kubernetes,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/kubernetes-mirantis.yaml b/http/exposed-panels/kubernetes-mirantis.yaml
@@ -14,7 +14,7 @@ info:
     verified: true
     shodan-query: http.html:"Mirantis Kubernetes Engine"
     fofa-query: app="Mirantis-Kubernetes-Engine"
-  tags: kubernetes,devops,kube,k8s
+  tags: kubernetes,devops,kube,k8s,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/laravel-filemanager.yaml b/http/exposed-panels/laravel-filemanager.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: laravel,filemanager,fileupload
+  tags: laravel,filemanager,fileupload,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/luci-login-detection.yaml b/http/exposed-panels/luci-login-detection.yaml
@@ -9,7 +9,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: login
+  tags: login,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/magento-downloader-panel.yaml b/http/exposed-panels/magento-downloader-panel.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: http.component:"Magento"
-  tags: magento
+  tags: magento,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/mautic-crm-panel.yaml b/http/exposed-panels/mautic-crm-panel.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: mautic,crm
+  tags: mautic,crm,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/openbmcs-detect.yaml b/http/exposed-panels/openbmcs-detect.yaml
@@ -9,7 +9,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: openbmcs,detect
+  tags: openbmcs,detect,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/opencpu-panel.yaml b/http/exposed-panels/opencpu-panel.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: opencpu,oss
+  tags: opencpu,oss,panel
   metadata:
     max-request: 1
 

diff --git a/http/exposed-panels/roxy-fileman.yaml b/http/exposed-panels/roxy-fileman.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 4
     verified: true
     google-query: intitle:"Roxy file manager"
-  tags: fileupload,roxy,fileman
+  tags: fileupload,roxy,fileman,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/sap-successfactors-detect.yaml b/http/exposed-panels/sap-successfactors-detect.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 2
     verified: true
     shodan-query: title:"Login - SAP SuccessFactors"
-  tags: sap,detect
+  tags: sap,detect,panel
 
 http:
   - method: GET

diff --git a/http/exposed-panels/server-backup-login.yaml b/http/exposed-panels/server-backup-login.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: paneil,idera,edb
+  tags: panel,idera,edb
   metadata:
     max-request: 1
 

diff --git a/http/exposures/files/secrets-file.yaml b/http/exposures/files/secrets-file.yaml
@@ -9,7 +9,7 @@ info:
     max-request: 4
     verified: true
     google-query: intitle:"index of" "secrets.yml"
-  tags: cloud,devops,files
+  tags: cloud,devops,files,exposure
 
 http:
   - method: GET

diff --git a/http/exposures/logs/clockwork-php-page.yaml b/http/exposures/logs/clockwork-php-page.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   reference:
     - https://twitter.com/damian_89_/status/1250721398747791360
-  tags: clockwork
+  tags: clockwork,exposure
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/ampps-dirlisting.yaml b/http/misconfiguration/ampps-dirlisting.yaml
@@ -9,7 +9,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: panel,ampps,softaculous,misconfig
+  tags: ampps,softaculous,misconfig
   metadata:
     max-request: 3
 

diff --git a/http/misconfiguration/apache/tomcat-pathnormalization.yaml b/http/misconfiguration/apache/tomcat-pathnormalization.yaml
@@ -10,7 +10,7 @@ info:
     cvss-score: 0.0
     cwe-id: CWE-200
   reference: https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
-  tags: panel,tomcat,apache,misconfig
+  tags: tomcat,apache,misconfig
   metadata:
     max-request: 6
 

diff --git a/http/misconfiguration/bootstrap-admin-panel-template.yaml b/http/misconfiguration/bootstrap-admin-panel-template.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: title:"Dashboard - Bootstrap Admin Template"
-  tags: bootstrap,panel,misconfig
+  tags: bootstrap,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/command-api-explorer.yaml b/http/misconfiguration/command-api-explorer.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: http.html:"Command API Explorer"
-  tags: panel,misconfig
+  tags: misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/deos-openview-admin.yaml b/http/misconfiguration/deos-openview-admin.yaml
@@ -10,7 +10,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 8.6
     cwe-id: CWE-284
-  tags: openview,disclosure,panel,misconfig
+  tags: openview,disclosure,misconfig
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/dgraph-dashboard-exposure.yaml b/http/misconfiguration/dgraph-dashboard-exposure.yaml
@@ -12,7 +12,7 @@ info:
   metadata:
     max-request: 1
     shodan-query: http.title:"Dgraph Ratel Dashboard"
-  tags: unauth,panel,misconfig
+  tags: unauth,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/exposed-service-now.yaml b/http/misconfiguration/exposed-service-now.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56
     - https://github.com/leo-hildegarde/SnowDownKB/
-  tags: servicenow
+  tags: servicenow,misconfig
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/installer/avideo-install.yaml b/http/misconfiguration/installer/avideo-install.yaml
@@ -14,7 +14,7 @@ info:
     verified: true
     shodan-query: http.title:"AVideo"
     fofa-query: "AVideo"
-  tags: panel,install,avideo,misconfig
+  tags: install,avideo,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/installer/circarlife-setup.yaml b/http/misconfiguration/installer/circarlife-setup.yaml
@@ -15,7 +15,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: title:"- setup" html:"Modem setup"
-  tags: scada,circontrol,circarlife,setup,panel,installer,misconfig
+  tags: scada,circontrol,circarlife,setup,installer,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/installer/mcloud-installer.yaml b/http/misconfiguration/installer/mcloud-installer.yaml
@@ -15,7 +15,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: http.title:"mcloud-installer-web"
-  tags: panel,mcloud,misconfig
+  tags: mcloud,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/installer/openshift-installer-panel.yaml b/http/misconfiguration/installer/openshift-installer-panel.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: title:"OpenShift Assisted Installer"
-  tags: panel,openshift,cluster,misconfig
+  tags: openshift,cluster,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/installer/wp-install.yaml b/http/misconfiguration/installer/wp-install.yaml
@@ -11,7 +11,7 @@ info:
     cwe-id: CWE-284
   reference:
     - https://smaranchand.com.np/2020/04/misconfigured-wordpress-takeover-to-remote-code-execution/
-  tags: panel,wordpress
+  tags: wordpress,misconfig
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/installer/zenphoto-setup.yaml b/http/misconfiguration/installer/zenphoto-setup.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 4
     verified: true
     shodan-query: title:"Zenphoto install"
-  tags: panel,zenphoto,setup,installer
+  tags: zenphoto,setup,installer,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/iot-vdme-simulator.yaml b/http/misconfiguration/iot-vdme-simulator.yaml
@@ -14,7 +14,7 @@ info:
     max-request: 2
     verified: true
     shodan-query: http.title:"IoT vDME Simulator"
-  tags: misconfig,panel
+  tags: misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/misconfigured-docker.yaml b/http/misconfiguration/misconfigured-docker.yaml
@@ -7,7 +7,7 @@ info:
   description: A Docker container misconfiguration was discovered. The Docker daemon can listen for Docker Engine API requests via three different types of Socket - unix, tcp, and fd. With tcp enabled, the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon. It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon.
   reference:
     - https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/attacking-docker-containers/misconfiguration.html
-  tags: docker,unauth,devops
+  tags: docker,unauth,devops,misconfig
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/nomad-jobs.yaml b/http/misconfiguration/nomad-jobs.yaml
@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3
     cwe-id: CWE-200
-  tags: nomad,devops,hashicorp,panel,misconfig
+  tags: nomad,devops,hashicorp,misconfig
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/oneinstack-control-center.yaml b/http/misconfiguration/oneinstack-control-center.yaml
@@ -17,7 +17,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: http.title:"OneinStack"
-  tags: misconfig,panel,oneinstack
+  tags: misconfig,oneinstack
 
 http:
   - method: GET

diff --git a/http/misconfiguration/pghero-dashboard-exposure.yaml b/http/misconfiguration/pghero-dashboard-exposure.yaml
@@ -15,7 +15,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: title:"PgHero"
-  tags: panel,pghero,misconfig
+  tags: pghero,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/setup-github-enterprise.yaml b/http/misconfiguration/setup-github-enterprise.yaml
@@ -8,7 +8,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: http.favicon.hash:-1373456171
-  tags: panel,setup,github,misconfig
+  tags: setup,github,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/struts-ognl-console.yaml b/http/misconfiguration/struts-ognl-console.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: html:"Struts Problem Report"
-  tags: apache,struts,ognl,panel,misconfig
+  tags: apache,struts,ognl,misconfig
 
 http:
   - method: GET

diff --git a/http/misconfiguration/tls-sni-proxy.yaml b/http/misconfiguration/tls-sni-proxy.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/
     - https://www.bamsoftware.com/computers/sniproxy/
-  tags: ssrf,oast,tls,sni,proxy
+  tags: ssrf,oast,tls,sni,proxy,misconfig
   metadata:
     max-request: 1
 

diff --git a/http/misconfiguration/unauth-fastvue-dashboard.yaml b/http/misconfiguration/unauth-fastvue-dashboard.yaml
@@ -13,7 +13,7 @@ info:
     max-request: 1
     verified: true
     shodan-query: http.favicon.hash:-1117549627
-  tags: panel,fastvue,unauth,misconfig
+  tags: fastvue,unauth,misconfig
 
 http:
   - method: GET