up PoCs 2022-08-29

brute/dicts/filedic.txt

@@ -1596,6 +1596,7 @@
 /access-log.1
 /access.1
 /access.log
+/accounts.sql
 /activeMQ/
 /activemq
 /activity
@@ -1747,6 +1748,7 @@
 /axis2/
 /axis2/axis2-admin/login
 /b.php
+/back.sql
 /back.tar.bz2
 /backup
 /backup.7z
@@ -1759,6 +1761,7 @@
 /backup.tar.gz
 /backup.tgz
 /backup.zip
+/backups.sql
 /bbs
 /bbs.tar
 /bbs.tar.gz
@@ -1792,6 +1795,7 @@
 /checkLogin.do
 /classes.war
 /cleanup.log
+/clients.sql
 /cloudstore/config/mysql.xml
 /cm.php
 /code.tar.gz
@@ -1851,6 +1855,7 @@
 /cri
 /css.asp
 /customers.log
+/customers.sgl
 /dama.asp
 /dama.aspx
 /dama.jsp
@@ -1877,8 +1882,10 @@
 /database.log
 /database.properties
 /database.rar
+/database.sgl
 /database.sql
 /database.sql.gz
+/database.sqlite
 /database.tar.bz2
 /database.tar.gz
 /database.tgz
@@ -1906,7 +1913,10 @@
 /db.yaml
 /db.yml
 /db.zip
+/db_backup.sql
 /dbaccess.log
+/dbase.sql
+/dbdump.sql
 /dbeaver-data-sources.xml
 /debug
 /debug.log
@@ -2156,6 +2166,7 @@
 /monitoring
 /mw-config/
 /myadmin/login.php
+/mysql.sql
 /nacos/
 /nagios
 /nginx.conf
@@ -2324,6 +2335,7 @@
 /sql.html
 /sql.log
 /sql.rar
+/sql.sql
 /sql.tar.bz2
 /sql.tar.gz
 /sql.tgz
@@ -2367,6 +2379,7 @@
 /temp.7z
 /temp.gz
 /temp.rar
+/temp.sql
 /temp.tar.bz2
 /temp.tar.gz
 /temp.tgz
@@ -2473,6 +2486,7 @@
 /uploads/dump.sql
 /user-login.html
 /users.log
+/users.sql
 /users/sign_in
 /v1/health/service/consul
 /v1/swagger

config/nuclei-templates/cves/2022/CVE-2022-38463.yaml

@@ -1,21 +1,23 @@
 id: CVE-2022-38463
 
-info:
-  name: ServiceNow - Cross Site Scripting
-  author: amanrawat
-  severity: medium
-  description: |
-    There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
-  reference:
-    - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-38463
-  classification:
-    cve-id: CVE-2022-38463
-  metadata:
-    verified: true
-    shodan-query: http.title:"ServiceNow"
-  tags: cve,cve2022,servicenow,xss
-
+info:
+  name: ServiceNow - Cross Site Scripting
+  author: amanrawat
+  severity: medium
+  description: |
+    There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
+  reference:
+    - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-38463
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2022-38463
+    cwe-id: CWE-79
+  metadata:
+    shodan-query: http.title:"ServiceNow"
+    verified: "true"
+  tags: cve,cve2022,servicenow,xss
 requests:
   - method: GET
     path:

config/nuclei-templates/exposures/configs/magento-information-disclosure.yaml → config/nuclei-templates/exposures/configs/magento-config-disclosure.yaml

@@ -1,15 +1,16 @@
-id: magento-information-disclosure
+id: magento-config-disclosure
 
 info:
-  name: Magento - Information Disclosure
-  author: ptonewreckin,danigoland
+  name: Magento - Config Disclosure
+  author: ptonewreckin,danigoland,geeknik
   severity: high
   description: |
     Misconfigured instances of Magento may disclose usernames, passwords, and database configurations via /app/etc/local.xml
   reference:
     - /~https://github.com/ptonewreckin/cmsDetector/blob/master/signatures/magento.py
   metadata:
     verified: true
+    shodan-query: http.component:"Magento"
   tags: magento,exposure,credential,config
 
 requests:

config/nuclei-templates/takeovers/wix-takeover.yaml

@@ -17,10 +17,10 @@ requests:
     matchers-condition: and
     matchers:
       - type: word
-        condition: or
         words:
           - 'Error ConnectYourDomain occurred'
           - 'wixErrorPagesApp'
+        condition: and
 
       - type: status
         status: